Overview

overview

10

Static

static

10

processo974974.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250410-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/04/2025, 20:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    processo974974.msi

  • Size

    2.9MB

  • MD5

    4166a7fc9a5726e2a468dc7e053b2a24

  • SHA1

    fa2e7de96f5f4cafdc95767c4e8adee460d0399e

  • SHA256

    f2cf1589f2c34fb845c7514db1a07ade8e5f5b786e690f795507fdedc871fd3c

  • SHA512

    b5676a7e71ea5764946c436ee2816345dbd263f90ffb00a2b69558a1c1419324f6ef6d6a5f5a0d3de492a491725d9d1e9ad21af0302a12fe8c9220c8f0665b69

  • SSDEEP

    49152:i+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:i+lUlz9FKbsodq0YaH7ZPxMb8tT

Score
10/10
ateraagentbootkitdiscoveryexecutionpersistenceprivilege_escalationratupx

Malware Config

Signatures

  • AteraAgent

    AteraAgent is a remote monitoring and management tool.

    ratateraagent
  • Ateraagent family
    ateraagent
  • Detects AteraAgent 1 IoCs
  • Blocklisted process makes network request 6 IoCs
  • Drops file in Drivers directory 6 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Downloads MZ/PE file 2 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in System32 directory 64 IoCs
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • UPX packed file 20 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Executes dropped EXE 64 IoCs
  • Launches sc.exe 5 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Loads dropped DLL 64 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 3 IoCs

    Using powershell.exe command.

    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Time Discovery 1 TTPs 20 IoCs

    Adversary may gather the system time and/or time zone settings from a local or remote system.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Kills process with taskkill 13 IoCs
    defense_evasion
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 8 IoCs
    defense_evasionspywaretrojan
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\processo974974.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:5784
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1080
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 989E90C19ED33341B36623137D66454A
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:5368
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI6F63.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240611390 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
        3⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:4440
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI71B6.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240611781 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
        3⤵
        • Blocklisted process makes network request
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:6124
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI76C8.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240613140 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
        3⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        PID:1400
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI82E3.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240616218 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
        3⤵
        • Blocklisted process makes network request
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:6008
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 5FD62890D316D2169A3F8F09B7F64B85 E Global\MSI0000
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:4768
      • C:\Windows\SysWOW64\NET.exe
        "NET" STOP AteraAgent
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:5680
        • C:\Windows\SysWOW64\net1.exe
          C:\Windows\system32\net1 STOP AteraAgent
          4⤵
          • System Location Discovery: System Language Discovery
          PID:1200
      • C:\Windows\SysWOW64\TaskKill.exe
        "TaskKill.exe" /f /im AteraAgent.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:5664
    • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
      "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="[email protected]" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000RfSDkIAN" /AgentId="a9b206a9-ce96-4e65-bb7c-8acd7fd49c9a"
      2⤵
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      PID:2576
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 88A4D923A43073BEE99C047648E49E92 E Global\MSI0000
      2⤵
      • Blocklisted process makes network request
      • Drops file in System32 directory
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies data under HKEY_USERS
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2952
      • C:\Windows\TEMP\{C1C3DED6-860A-463E-B03A-515F8E74AF04}\_isBC2C.exe
        C:\Windows\TEMP\{C1C3DED6-860A-463E-B03A-515F8E74AF04}\_isBC2C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8EC18616-AF23-4882-A39F-336EE52B4AD1}
        3⤵
        • Executes dropped EXE
        PID:1052
      • C:\Windows\TEMP\{C1C3DED6-860A-463E-B03A-515F8E74AF04}\_isBC2C.exe
        C:\Windows\TEMP\{C1C3DED6-860A-463E-B03A-515F8E74AF04}\_isBC2C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5C0C5791-4190-4FE1-ABC8-08586B0DB3B2}
        3⤵
        • Executes dropped EXE
        PID:2844
      • C:\Windows\TEMP\{C1C3DED6-860A-463E-B03A-515F8E74AF04}\_isBC2C.exe
        C:\Windows\TEMP\{C1C3DED6-860A-463E-B03A-515F8E74AF04}\_isBC2C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{389481F1-A935-40C2-8331-6383AFD16087}
        3⤵
        • Executes dropped EXE
        PID:3832
      • C:\Windows\TEMP\{C1C3DED6-860A-463E-B03A-515F8E74AF04}\_isBC2C.exe
        C:\Windows\TEMP\{C1C3DED6-860A-463E-B03A-515F8E74AF04}\_isBC2C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2B30D25E-631A-482E-874E-D7A009F0C9E0}
        3⤵
        • Executes dropped EXE
        PID:3892
      • C:\Windows\TEMP\{C1C3DED6-860A-463E-B03A-515F8E74AF04}\_isBC2C.exe
        C:\Windows\TEMP\{C1C3DED6-860A-463E-B03A-515F8E74AF04}\_isBC2C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E9DE5F5E-506D-485B-B222-611E3C5C7FE3}
        3⤵
        • Executes dropped EXE
        PID:5108
      • C:\Windows\TEMP\{C1C3DED6-860A-463E-B03A-515F8E74AF04}\_isBC2C.exe
        C:\Windows\TEMP\{C1C3DED6-860A-463E-B03A-515F8E74AF04}\_isBC2C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{57A8EE77-1CDC-4317-A75A-926F5ABF28AE}
        3⤵
        • Executes dropped EXE
        PID:6036
      • C:\Windows\TEMP\{C1C3DED6-860A-463E-B03A-515F8E74AF04}\_isBC2C.exe
        C:\Windows\TEMP\{C1C3DED6-860A-463E-B03A-515F8E74AF04}\_isBC2C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4E3BEF13-695C-4AD7-A057-0DABBF06FABE}
        3⤵
        • Executes dropped EXE
        PID:3968
      • C:\Windows\TEMP\{C1C3DED6-860A-463E-B03A-515F8E74AF04}\_isBC2C.exe
        C:\Windows\TEMP\{C1C3DED6-860A-463E-B03A-515F8E74AF04}\_isBC2C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{57693759-C6AF-47E5-BB70-D94E1710F66E}
        3⤵
        • Executes dropped EXE
        PID:4216
      • C:\Windows\TEMP\{C1C3DED6-860A-463E-B03A-515F8E74AF04}\_isBC2C.exe
        C:\Windows\TEMP\{C1C3DED6-860A-463E-B03A-515F8E74AF04}\_isBC2C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7E5D8E9E-EA82-456D-8627-36B7734A4CB0}
        3⤵
        • Executes dropped EXE
        PID:5228
      • C:\Windows\TEMP\{C1C3DED6-860A-463E-B03A-515F8E74AF04}\_isBC2C.exe
        C:\Windows\TEMP\{C1C3DED6-860A-463E-B03A-515F8E74AF04}\_isBC2C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D8E365D0-AA5B-4430-A2C7-65CA02105D4A}
        3⤵
        • Executes dropped EXE
        PID:3640
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRServer.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:4552
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRServer.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:4824
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRApp.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2520
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRApp.exe /T
          4⤵
          • Kills process with taskkill
          PID:4764
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAppPB.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:5384
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRAppPB.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:1812
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRFeature.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:3992
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRFeature.exe /T
          4⤵
          • Kills process with taskkill
          PID:4920
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRFeatMini.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:4936
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRFeatMini.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:6032
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRManager.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:5140
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRManager.exe /T
          4⤵
          • Kills process with taskkill
          PID:4524
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAgent.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:1644
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRAgent.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:1588
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRChat.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:4968
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRChat.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:5484
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAudioChat.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:4972
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRAudioChat.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:3148
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRVirtualDisplay.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:4996
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRVirtualDisplay.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:2940
      • C:\Windows\TEMP\{2E622935-99D9-4D09-AAB8-32113DCE90F6}\_isCBAD.exe
        C:\Windows\TEMP\{2E622935-99D9-4D09-AAB8-32113DCE90F6}\_isCBAD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8BC07158-61BE-453A-A5FB-CC24051E3A89}
        3⤵
        • Executes dropped EXE
        PID:3756
      • C:\Windows\TEMP\{2E622935-99D9-4D09-AAB8-32113DCE90F6}\_isCBAD.exe
        C:\Windows\TEMP\{2E622935-99D9-4D09-AAB8-32113DCE90F6}\_isCBAD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E3EB10B6-738D-4F1E-829C-6D8DF40C7F02}
        3⤵
        • Executes dropped EXE
        PID:1424
      • C:\Windows\TEMP\{2E622935-99D9-4D09-AAB8-32113DCE90F6}\_isCBAD.exe
        C:\Windows\TEMP\{2E622935-99D9-4D09-AAB8-32113DCE90F6}\_isCBAD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A3D7F76D-3280-42F6-A6CF-D8A13FB088E6}
        3⤵
        • Executes dropped EXE
        PID:5728
      • C:\Windows\TEMP\{2E622935-99D9-4D09-AAB8-32113DCE90F6}\_isCBAD.exe
        C:\Windows\TEMP\{2E622935-99D9-4D09-AAB8-32113DCE90F6}\_isCBAD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{514AFE29-ADC5-44E9-833F-3889DA127544}
        3⤵
        • Executes dropped EXE
        PID:3760
      • C:\Windows\TEMP\{2E622935-99D9-4D09-AAB8-32113DCE90F6}\_isCBAD.exe
        C:\Windows\TEMP\{2E622935-99D9-4D09-AAB8-32113DCE90F6}\_isCBAD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E9E26948-251F-4604-BD2F-C9BCB6CC6297}
        3⤵
        • Executes dropped EXE
        PID:5864
      • C:\Windows\TEMP\{2E622935-99D9-4D09-AAB8-32113DCE90F6}\_isCBAD.exe
        C:\Windows\TEMP\{2E622935-99D9-4D09-AAB8-32113DCE90F6}\_isCBAD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EA099864-6568-4D11-84DE-8821213D7206}
        3⤵
        • Executes dropped EXE
        PID:1844
      • C:\Windows\TEMP\{2E622935-99D9-4D09-AAB8-32113DCE90F6}\_isCBAD.exe
        C:\Windows\TEMP\{2E622935-99D9-4D09-AAB8-32113DCE90F6}\_isCBAD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6C2D8B66-DC0E-4B27-80C0-5BC290543286}
        3⤵
        • Executes dropped EXE
        PID:3768
      • C:\Windows\TEMP\{2E622935-99D9-4D09-AAB8-32113DCE90F6}\_isCBAD.exe
        C:\Windows\TEMP\{2E622935-99D9-4D09-AAB8-32113DCE90F6}\_isCBAD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E177D445-3A50-4E94-BD0E-7DB34D8B3CD8}
        3⤵
        • Executes dropped EXE
        PID:1396
      • C:\Windows\TEMP\{2E622935-99D9-4D09-AAB8-32113DCE90F6}\_isCBAD.exe
        C:\Windows\TEMP\{2E622935-99D9-4D09-AAB8-32113DCE90F6}\_isCBAD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{66952C6B-194C-4332-B1AF-5A4BAB9BB1F2}
        3⤵
        • Executes dropped EXE
        PID:392
      • C:\Windows\TEMP\{2E622935-99D9-4D09-AAB8-32113DCE90F6}\_isCBAD.exe
        C:\Windows\TEMP\{2E622935-99D9-4D09-AAB8-32113DCE90F6}\_isCBAD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{669EBA98-0EC3-4EDF-AF7D-C43BE7B595CD}
        3⤵
        • Executes dropped EXE
        PID:3452
      • C:\Windows\TEMP\{34DD7BBC-661E-49FD-B074-FA925CACCB85}\_isD94B.exe
        C:\Windows\TEMP\{34DD7BBC-661E-49FD-B074-FA925CACCB85}\_isD94B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A426DDFC-A9E8-4556-A1CF-FA92022550EE}
        3⤵
        • Executes dropped EXE
        PID:4012
      • C:\Windows\TEMP\{34DD7BBC-661E-49FD-B074-FA925CACCB85}\_isD94B.exe
        C:\Windows\TEMP\{34DD7BBC-661E-49FD-B074-FA925CACCB85}\_isD94B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E5289077-71CB-4E8D-BACE-B809CA8AB00B}
        3⤵
        • Executes dropped EXE
        PID:2564
      • C:\Windows\TEMP\{34DD7BBC-661E-49FD-B074-FA925CACCB85}\_isD94B.exe
        C:\Windows\TEMP\{34DD7BBC-661E-49FD-B074-FA925CACCB85}\_isD94B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{79414FB8-4B17-4282-88EC-3EE5830D3519}
        3⤵
        • Executes dropped EXE
        PID:3144
      • C:\Windows\TEMP\{34DD7BBC-661E-49FD-B074-FA925CACCB85}\_isD94B.exe
        C:\Windows\TEMP\{34DD7BBC-661E-49FD-B074-FA925CACCB85}\_isD94B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9EE3CC7D-13B5-4A4B-B27E-2887E23890D3}
        3⤵
        • Executes dropped EXE
        PID:4156
      • C:\Windows\TEMP\{34DD7BBC-661E-49FD-B074-FA925CACCB85}\_isD94B.exe
        C:\Windows\TEMP\{34DD7BBC-661E-49FD-B074-FA925CACCB85}\_isD94B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D554869F-20B5-4D95-9825-76B6E2EB8D44}
        3⤵
        • Executes dropped EXE
        PID:3028
      • C:\Windows\TEMP\{34DD7BBC-661E-49FD-B074-FA925CACCB85}\_isD94B.exe
        C:\Windows\TEMP\{34DD7BBC-661E-49FD-B074-FA925CACCB85}\_isD94B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{826A38B6-08A5-4896-963E-0C800B4F7FDC}
        3⤵
        • Executes dropped EXE
        PID:3328
      • C:\Windows\TEMP\{34DD7BBC-661E-49FD-B074-FA925CACCB85}\_isD94B.exe
        C:\Windows\TEMP\{34DD7BBC-661E-49FD-B074-FA925CACCB85}\_isD94B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{418E40D0-C295-4725-87ED-D23C64BCA248}
        3⤵
        • Executes dropped EXE
        PID:1016
      • C:\Windows\TEMP\{34DD7BBC-661E-49FD-B074-FA925CACCB85}\_isD94B.exe
        C:\Windows\TEMP\{34DD7BBC-661E-49FD-B074-FA925CACCB85}\_isD94B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{00CAAEE5-2E70-4717-ADD4-58524176534D}
        3⤵
        • Executes dropped EXE
        PID:916
      • C:\Windows\TEMP\{34DD7BBC-661E-49FD-B074-FA925CACCB85}\_isD94B.exe
        C:\Windows\TEMP\{34DD7BBC-661E-49FD-B074-FA925CACCB85}\_isD94B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{216B4C33-4685-4C82-AAFE-9B9D776D82B0}
        3⤵
        • Executes dropped EXE
        PID:3488
      • C:\Windows\TEMP\{34DD7BBC-661E-49FD-B074-FA925CACCB85}\_isD94B.exe
        C:\Windows\TEMP\{34DD7BBC-661E-49FD-B074-FA925CACCB85}\_isD94B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{53BF0ECD-9889-48A8-97F5-48AE6BE830CC}
        3⤵
        • Executes dropped EXE
        PID:4072
      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P ADDUSERINFO /V "sec_opt=0,confirm_d=0,hidewindow=1"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:2560
      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P USERSESSIONID
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:1648
      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P ST_EVENT
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        PID:2708
        • C:\Windows\system32\cmd.exe
          "C:\Windows\sysnative\cmd.exe" /C "C:\Windows\system32\wevtutil.exe" um "C:\ProgramData\Splashtop\Common\Event\stevt_srs_provider.man"
          4⤵
            PID:1828
          • C:\Windows\system32\cmd.exe
            "C:\Windows\sysnative\cmd.exe" /C "C:\Windows\system32\wevtutil.exe" im "C:\ProgramData\Splashtop\Common\Event\stevt_srs_provider.man"
            4⤵
              PID:3080
          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe
            "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe" -g
            3⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            PID:3752
          • C:\Windows\TEMP\{F5C0569E-3F06-4A92-B7BF-BC4018B7FF51}\_isEBDB.exe
            C:\Windows\TEMP\{F5C0569E-3F06-4A92-B7BF-BC4018B7FF51}\_isEBDB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D642247B-D8EB-4720-8B4B-941EF8983233}
            3⤵
            • Executes dropped EXE
            PID:5484
          • C:\Windows\TEMP\{F5C0569E-3F06-4A92-B7BF-BC4018B7FF51}\_isEBDB.exe
            C:\Windows\TEMP\{F5C0569E-3F06-4A92-B7BF-BC4018B7FF51}\_isEBDB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D62629D7-0B33-4979-802D-77BE62F2C7A7}
            3⤵
            • Executes dropped EXE
            PID:3248
          • C:\Windows\TEMP\{F5C0569E-3F06-4A92-B7BF-BC4018B7FF51}\_isEBDB.exe
            C:\Windows\TEMP\{F5C0569E-3F06-4A92-B7BF-BC4018B7FF51}\_isEBDB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{68D26D63-5985-4FA3-B81C-9B087ED2727B}
            3⤵
            • Executes dropped EXE
            PID:3148
          • C:\Windows\TEMP\{F5C0569E-3F06-4A92-B7BF-BC4018B7FF51}\_isEBDB.exe
            C:\Windows\TEMP\{F5C0569E-3F06-4A92-B7BF-BC4018B7FF51}\_isEBDB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2ADF5F58-7CE2-4A47-8FE2-0CC61D379A08}
            3⤵
            • Executes dropped EXE
            PID:1200
          • C:\Windows\TEMP\{F5C0569E-3F06-4A92-B7BF-BC4018B7FF51}\_isEBDB.exe
            C:\Windows\TEMP\{F5C0569E-3F06-4A92-B7BF-BC4018B7FF51}\_isEBDB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{78BEE0D7-8418-42CA-B76A-2DCD6AF7A12F}
            3⤵
            • Executes dropped EXE
            PID:2940
          • C:\Windows\TEMP\{F5C0569E-3F06-4A92-B7BF-BC4018B7FF51}\_isEBDB.exe
            C:\Windows\TEMP\{F5C0569E-3F06-4A92-B7BF-BC4018B7FF51}\_isEBDB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9C86DE18-7058-4351-ABE4-25B203611296}
            3⤵
            • Executes dropped EXE
            PID:1012
          • C:\Windows\TEMP\{F5C0569E-3F06-4A92-B7BF-BC4018B7FF51}\_isEBDB.exe
            C:\Windows\TEMP\{F5C0569E-3F06-4A92-B7BF-BC4018B7FF51}\_isEBDB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0B13B11A-A3C9-432F-ADE0-C3082AF263B3}
            3⤵
            • Executes dropped EXE
            PID:5736
          • C:\Windows\TEMP\{F5C0569E-3F06-4A92-B7BF-BC4018B7FF51}\_isEBDB.exe
            C:\Windows\TEMP\{F5C0569E-3F06-4A92-B7BF-BC4018B7FF51}\_isEBDB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{DCCCB51B-48CA-4BA8-BA7D-62C8218B85B5}
            3⤵
            • Executes dropped EXE
            PID:5208
          • C:\Windows\TEMP\{F5C0569E-3F06-4A92-B7BF-BC4018B7FF51}\_isEBDB.exe
            C:\Windows\TEMP\{F5C0569E-3F06-4A92-B7BF-BC4018B7FF51}\_isEBDB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5E33BCBE-A5FB-47F3-9B17-EC8ADEA6C70F}
            3⤵
            • Executes dropped EXE
            PID:4056
          • C:\Windows\TEMP\{F5C0569E-3F06-4A92-B7BF-BC4018B7FF51}\_isEBDB.exe
            C:\Windows\TEMP\{F5C0569E-3F06-4A92-B7BF-BC4018B7FF51}\_isEBDB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{260615E6-750B-4D4F-9A0F-C3DBFB3307DC}
            3⤵
            • Executes dropped EXE
            PID:1628
          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
            "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" -i
            3⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Modifies registry class
            PID:3124
          • C:\Windows\TEMP\{66E640CB-B26D-4F31-91E0-823B7F7ACDE9}\_isEE6C.exe
            C:\Windows\TEMP\{66E640CB-B26D-4F31-91E0-823B7F7ACDE9}\_isEE6C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BA1D24D2-6A7B-4296-9F11-7400269BAF73}
            3⤵
            • Executes dropped EXE
            PID:1396
          • C:\Windows\TEMP\{66E640CB-B26D-4F31-91E0-823B7F7ACDE9}\_isEE6C.exe
            C:\Windows\TEMP\{66E640CB-B26D-4F31-91E0-823B7F7ACDE9}\_isEE6C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E6DD2EB5-3A9B-44B2-9404-F93D67AC2DA7}
            3⤵
            • Executes dropped EXE
            PID:3272
          • C:\Windows\TEMP\{66E640CB-B26D-4F31-91E0-823B7F7ACDE9}\_isEE6C.exe
            C:\Windows\TEMP\{66E640CB-B26D-4F31-91E0-823B7F7ACDE9}\_isEE6C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B5C4E1ED-DCE7-4143-979A-CAE13E1319BC}
            3⤵
            • Executes dropped EXE
            PID:3600
          • C:\Windows\TEMP\{66E640CB-B26D-4F31-91E0-823B7F7ACDE9}\_isEE6C.exe
            C:\Windows\TEMP\{66E640CB-B26D-4F31-91E0-823B7F7ACDE9}\_isEE6C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EF39B8DA-B052-4F2D-AF8F-B695F6D94EC3}
            3⤵
            • Executes dropped EXE
            PID:6008
          • C:\Windows\TEMP\{66E640CB-B26D-4F31-91E0-823B7F7ACDE9}\_isEE6C.exe
            C:\Windows\TEMP\{66E640CB-B26D-4F31-91E0-823B7F7ACDE9}\_isEE6C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A37A56EC-DAD1-4D16-8469-EA59497FC9E5}
            3⤵
            • Executes dropped EXE
            PID:2804
          • C:\Windows\TEMP\{66E640CB-B26D-4F31-91E0-823B7F7ACDE9}\_isEE6C.exe
            C:\Windows\TEMP\{66E640CB-B26D-4F31-91E0-823B7F7ACDE9}\_isEE6C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{23E42AB5-B3E0-409A-9894-8F071ED7B8D5}
            3⤵
            • Executes dropped EXE
            PID:4352
          • C:\Windows\TEMP\{66E640CB-B26D-4F31-91E0-823B7F7ACDE9}\_isEE6C.exe
            C:\Windows\TEMP\{66E640CB-B26D-4F31-91E0-823B7F7ACDE9}\_isEE6C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E2A68270-C3B4-4632-87CD-603890610979}
            3⤵
            • Executes dropped EXE
            PID:4304
          • C:\Windows\TEMP\{66E640CB-B26D-4F31-91E0-823B7F7ACDE9}\_isEE6C.exe
            C:\Windows\TEMP\{66E640CB-B26D-4F31-91E0-823B7F7ACDE9}\_isEE6C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D1275EA7-CD8F-40A0-A1AC-CFD2EEBF2B96}
            3⤵
            • Executes dropped EXE
            PID:816
          • C:\Windows\TEMP\{66E640CB-B26D-4F31-91E0-823B7F7ACDE9}\_isEE6C.exe
            C:\Windows\TEMP\{66E640CB-B26D-4F31-91E0-823B7F7ACDE9}\_isEE6C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{77BFFD08-14CC-4C51-B42C-8A5FE2C5D8D4}
            3⤵
              PID:532
            • C:\Windows\TEMP\{66E640CB-B26D-4F31-91E0-823B7F7ACDE9}\_isEE6C.exe
              C:\Windows\TEMP\{66E640CB-B26D-4F31-91E0-823B7F7ACDE9}\_isEE6C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3E65EE38-8DF4-49C2-843A-16DBD1D80942}
              3⤵
                PID:5436
              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" -r
                3⤵
                • System Location Discovery: System Language Discovery
                PID:4428
            • C:\Windows\syswow64\MsiExec.exe
              C:\Windows\syswow64\MsiExec.exe -Embedding CAA31A9443DCABACD192C00E8AB589AF E Global\MSI0000
              2⤵
              • System Location Discovery: System Language Discovery
              PID:5304
            • C:\Windows\syswow64\MsiExec.exe
              C:\Windows\syswow64\MsiExec.exe -Embedding EED5305FB47D9AB8A820AABB7E26E2F0 E Global\MSI0000
              2⤵
              • System Location Discovery: System Language Discovery
              PID:2176
            • C:\Windows\syswow64\MsiExec.exe
              C:\Windows\syswow64\MsiExec.exe -Embedding 17FB9D46B395C260531F22A256354C2A E Global\MSI0000
              2⤵
              • System Location Discovery: System Language Discovery
              PID:5372
            • C:\Windows\syswow64\MsiExec.exe
              C:\Windows\syswow64\MsiExec.exe -Embedding 12F1C16752777656C37F8CB5F3355E74 E Global\MSI0000
              2⤵
              • System Location Discovery: System Language Discovery
              PID:6032
              • C:\Windows\SysWOW64\rundll32.exe
                rundll32.exe "C:\Windows\Installer\MSI7FC9.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240680953 483 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                3⤵
                • Drops file in Windows directory
                PID:5100
              • C:\Windows\SysWOW64\rundll32.exe
                rundll32.exe "C:\Windows\Installer\MSI80F2.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240681187 487 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
                3⤵
                • Blocklisted process makes network request
                • Drops file in Windows directory
                • System Location Discovery: System Language Discovery
                PID:5264
              • C:\Windows\SysWOW64\rundll32.exe
                rundll32.exe "C:\Windows\Installer\MSI8539.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240682312 492 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
                3⤵
                • Drops file in Windows directory
                • System Location Discovery: System Language Discovery
                PID:5128
              • C:\Windows\SysWOW64\NET.exe
                "NET" STOP AteraAgent
                3⤵
                • System Location Discovery: System Language Discovery
                PID:6004
                • C:\Windows\SysWOW64\net1.exe
                  C:\Windows\system32\net1 STOP AteraAgent
                  4⤵
                  • System Location Discovery: System Language Discovery
                  PID:1148
              • C:\Windows\SysWOW64\TaskKill.exe
                "TaskKill.exe" /f /im AteraAgent.exe
                3⤵
                • System Location Discovery: System Language Discovery
                • Kills process with taskkill
                PID:4804
              • C:\Windows\syswow64\NET.exe
                "NET" STOP AteraAgent
                3⤵
                • System Location Discovery: System Language Discovery
                PID:5096
                • C:\Windows\SysWOW64\net1.exe
                  C:\Windows\system32\net1 STOP AteraAgent
                  4⤵
                  • System Location Discovery: System Language Discovery
                  PID:3652
              • C:\Windows\syswow64\TaskKill.exe
                "TaskKill.exe" /f /im AteraAgent.exe
                3⤵
                • System Location Discovery: System Language Discovery
                • Kills process with taskkill
                PID:5780
              • C:\Windows\SysWOW64\rundll32.exe
                rundll32.exe "C:\Windows\Installer\MSIA4B1.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240690312 530 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
                3⤵
                • Blocklisted process makes network request
                • Drops file in Windows directory
                • System Location Discovery: System Language Discovery
                PID:1112
            • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
              "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /u
              2⤵
              • Drops file in System32 directory
              PID:1132
            • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe
              "C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="" /CompanyId="" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="" /AgentId="b4719279-8101-4d3f-b55e-77478890659b"
              2⤵
              • Drops file in System32 directory
              • Modifies data under HKEY_USERS
              PID:5068
          • C:\Windows\system32\vssvc.exe
            C:\Windows\system32\vssvc.exe
            1⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:2132
          • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
            "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
            1⤵
            • Drops file in System32 directory
            • Drops file in Program Files directory
            • Executes dropped EXE
            • Modifies data under HKEY_USERS
            • Modifies system certificate store
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:5704
            • C:\Windows\System32\sc.exe
              "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
              2⤵
              • Launches sc.exe
              PID:1844
            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
              "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" a9b206a9-ce96-4e65-bb7c-8acd7fd49c9a "64f3a3ae-96cd-4cfb-973d-08c70ea0f910" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000RfSDkIAN
              2⤵
              • Drops file in System32 directory
              • Executes dropped EXE
              • Suspicious behavior: EnumeratesProcesses
              PID:5248
            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
              "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" a9b206a9-ce96-4e65-bb7c-8acd7fd49c9a "269187fb-5a02-4caf-b385-70a71d8dc37a" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000RfSDkIAN
              2⤵
              • Executes dropped EXE
              • Suspicious behavior: EnumeratesProcesses
              PID:212
            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
              "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" a9b206a9-ce96-4e65-bb7c-8acd7fd49c9a "e2195a54-39df-4ef6-b972-5d42c6b1976a" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q300000RfSDkIAN
              2⤵
              • Executes dropped EXE
              PID:3992
            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
              "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" a9b206a9-ce96-4e65-bb7c-8acd7fd49c9a "14560a3f-5336-4d23-907e-cd44423bf9a2" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000RfSDkIAN
              2⤵
              • Executes dropped EXE
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of WriteProcessMemory
              PID:4376
              • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                3⤵
                • Drops file in System32 directory
                • Command and Scripting Interpreter: PowerShell
                • Modifies data under HKEY_USERS
                • Suspicious behavior: EnumeratesProcesses
                PID:4972
              • C:\Windows\System32\cmd.exe
                "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                3⤵
                • Suspicious use of WriteProcessMemory
                PID:3144
                • C:\Windows\system32\cscript.exe
                  cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                  4⤵
                  • Modifies data under HKEY_USERS
                  PID:4156
            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
              "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" a9b206a9-ce96-4e65-bb7c-8acd7fd49c9a "0dd370d6-ad21-49b6-bfc3-e55a5083ffa3" agent-api.atera.com/Production 443 or8ixLi90Mf "install eyJSbW1Db2RlIjoiaFpDREZQaEs3NW1KIiwiUmVxdWVzdFBlcm1pc3Npb25PcHRpb24iOjMsIlJlcXVpcmVQYXNzd29yZE9wdGlvbiI6bnVsbCwiUGFzc3dvcmQiOm51bGx9" 001Q300000RfSDkIAN
              2⤵
              • Downloads MZ/PE file
              • Executes dropped EXE
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of WriteProcessMemory
              PID:4868
              • C:\Windows\TEMP\SplashtopStreamer.exe
                "C:\Windows\TEMP\SplashtopStreamer.exe" prevercheck /s /i sec_opt=0,confirm_d=0,hidewindow=1
                3⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                • Modifies data under HKEY_USERS
                • Suspicious use of SetWindowsHookEx
                • Suspicious use of WriteProcessMemory
                PID:3672
                • C:\Windows\Temp\unpack\PreVerCheck.exe
                  "C:\Windows\Temp\unpack\PreVerCheck.exe" /s /i sec_opt=0,confirm_d=0,hidewindow=1
                  4⤵
                  • Executes dropped EXE
                  • Suspicious use of WriteProcessMemory
                  PID:4288
                  • C:\Windows\SysWOW64\msiexec.exe
                    msiexec /norestart /i "setup.msi" /qn /l*v "C:\Windows\TEMP\PreVer.log.txt" CA_EXTPATH=1 USERINFO="sec_opt=0,confirm_d=0,hidewindow=1"
                    5⤵
                    • System Location Discovery: System Language Discovery
                    PID:960
            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
              "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" a9b206a9-ce96-4e65-bb7c-8acd7fd49c9a "ed44d584-7681-492d-97ba-25c55ab148d9" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000RfSDkIAN
              2⤵
              • Drops file in System32 directory
              • Executes dropped EXE
              • Loads dropped DLL
              PID:1608
          • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
            "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
            1⤵
            • Drops file in Program Files directory
            • Executes dropped EXE
            • Modifies data under HKEY_USERS
            • Suspicious use of WriteProcessMemory
            PID:3528
            • C:\Windows\System32\sc.exe
              "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
              2⤵
              • Launches sc.exe
              PID:4828
            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
              "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" a9b206a9-ce96-4e65-bb7c-8acd7fd49c9a "2d90d97c-5a61-4c0c-a97d-223999b07100" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000RfSDkIAN
              2⤵
              • Modifies data under HKEY_USERS
              PID:4280
              • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                3⤵
                • Drops file in System32 directory
                • Command and Scripting Interpreter: PowerShell
                • Modifies data under HKEY_USERS
                PID:3768
              • C:\Windows\System32\cmd.exe
                "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                3⤵
                  PID:1460
                  • C:\Windows\system32\cscript.exe
                    cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                    4⤵
                    • Modifies data under HKEY_USERS
                    PID:5020
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" a9b206a9-ce96-4e65-bb7c-8acd7fd49c9a "9595e87d-b953-4e64-83a3-c0c702ada46f" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded" 001Q300000RfSDkIAN
                2⤵
                  PID:2232
                  • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                    "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe" -a "st-streamer://com.splashtop.streamer?rmm_code=hZCDFPhK75mJ&rmm_session_pwd=d3b717ec021d8f3f9ac0f25fd57a3317&rmm_session_pwd_ttl=86400"
                    3⤵
                    • System Location Discovery: System Language Discovery
                    PID:4220
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" a9b206a9-ce96-4e65-bb7c-8acd7fd49c9a "f10f61f3-2ad2-4b2e-bd79-04e542e09bde" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates" 001Q300000RfSDkIAN
                  2⤵
                    PID:4552
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" a9b206a9-ce96-4e65-bb7c-8acd7fd49c9a "2282615b-c9a9-493f-bfff-dadc1f2b3f53" agent-api.atera.com/Production 443 or8ixLi90Mf "probe" 001Q300000RfSDkIAN
                    2⤵
                      PID:5548
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe" a9b206a9-ce96-4e65-bb7c-8acd7fd49c9a "e778dbfc-8fa5-4be1-9b66-09c0a4a3aeea" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJDb21tYW5kTmFtZSI6Imluc3RhbGxkb3RuZXQiLCJEb3ROZXRWZXJzaW9uIjoiOC4wLjExIiwiTWFjQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzU1ZWIyYTQ5LTI1MjMtNDAyZS1iNjIzLTdhOTAxN2I4YmRlZi84Y2NkNDBhMjEzZWMyOTY0YWY0MTlmOWY3MjI2MzAyNy9kb3RuZXQtcnVudGltZS04LjAuMTEtb3N4LWFybTY0LnBrZyIsIk1hY1g2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci8zZjkyNmRkMi1kMjM0LTQzN2EtOGY2YS1lYTZkNzdjMzY4NGMvM2U4MzZhMzQ1YjEzNjA5MTcxM2E3NjliODdmMzQ5OTMvZG90bmV0LXJ1bnRpbWUtOC4wLjExLW9zeC14NjQucGtnIiwiV2luQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzljZjYyYmI3LTAyZmEtNDA3Mi1iNzY1LTVlMDRhZDA4OTc4OC8zZjM0ZGQ1NjU5Zjk5MTcyYWVhN2M0Y2M5ZGM3YTk3NS9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLWFybTY0LmV4ZSIsIldpblg2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci81M2U5ZTQxYy1iMzYyLTQ1OTgtOTk4NS00NWY5ODk1MTgwMTYvNTNjNWUxOTE5YmEyZmUyMzI3M2YyYWJhZmY2NTU5NWIvZG90bmV0LXJ1bnRpbWUtOC4wLjExLXdpbi14NjQuZXhlIiwiV2luWDg2RG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2E4ZDFhNDg5LTYwZDYtNGU2My05M2VlLWFiOWM0NGQ3OGIwZC81NTE5Zjk5ZmY1MGRlNmUwOTZiYjFkMjY2ZGQwZTY2Ny9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLXg4Ni5leGUiLCJNYWNBUk1DaGVja3N1bSI6Im1kZUhHZFVWTllIM21IcW1FMGJMaG5mNUpqNWNVaUZvdHFVSUk3bXltVEZKTXkwYzNvNWZ2YlFJSFx1MDAyQlU4bHA2QVdWZllPeS9wbXFLREpZZ3lTN3gyNEE9PSIsIk1hY1g2NENoZWNrc3VtIjoiTUdaVmR6Z0xqbjlIWmFZU21OWi9oMDZibVNRWS9ZSVJQeTdhQzNkM0kveWtLTFx1MDAyQkNubmUweUtQd1h5TW9pSHpONEtqWGZIeGdwcW0wWHJuaDlNSE04Zz09IiwiV2luQVJNQ2hlY2tzdW0iOiJWMEs0bVZwbFx1MDAyQjkxd0FYMWlZWEZyV2EyTTdORldYSjAvT29KSjMzQklWRlV1WXRzSE14TUsydWxnaTdcdTAwMkJQc1QwY1paeFBORDlhZ2t0dWZXRnZwMDl0b1E9PSIsIldpblg2NENoZWNrc3VtIjoiM05UbUVqazRubEg2Tm5ra1RmS2N1L1E5M1FNRlZHUjUxa3hlSGFQQTlESXZZS0N2VmpkYUxUNEpVY2x6VkcyL2djQW1pXHUwMDJCVXlrYXJkV2piR1hEXHUwMDJCUUh3PT0iLCJXaW5YODZDaGVja3N1bSI6InREanNWcmljT3g4RkJ1TEFzUjFVTXd4d2tQUktLOHhVdURSVVQ0L0E1b3NrdjVKdE03UzFrejBuU2FFMXRzY2JtcDROeDZ3SUNPUmZxRkJINzNlUnF3PT0iLCJXb3Jrc3BhY2VJZCI6ImJmMGNlNDlkLTc3Y2YtNDcyMS1iZjcwLTU3Njg2MzgzYzlhYiIsIkxvZ05hbWUiOiJEb3ROZXRSdW50aW1lSW5zdGFsbGF0aW9uUmVwb3J0IiwiU2hhcmVkS2V5IjoialVJUy9UOUNSVkRlS3hZZzRVcjNhQ2hoV1F1Y1k3UFZ2d2cwekh1cUpzY3JUampRMkx3SzZVamZ1N2NBMk5wckFSMHIvU1JBWEpZWWxkUEtLRnlLS1E9PSJ9" 001Q300000RfSDkIAN
                      2⤵
                      • Downloads MZ/PE file
                      • Drops file in System32 directory
                      • Modifies data under HKEY_USERS
                      PID:4940
                      • C:\Windows\SYSTEM32\cmd.exe
                        "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                        3⤵
                        • System Time Discovery
                        PID:5960
                        • C:\Program Files\dotnet\dotnet.exe
                          dotnet --list-runtimes
                          4⤵
                          • System Time Discovery
                          PID:3516
                      • C:\Program Files\dotnet\dotnet.exe
                        "C:\Program Files\dotnet\dotnet" --list-runtimes
                        3⤵
                        • System Time Discovery
                        PID:3652
                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe
                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe" /repair /quiet /norestart
                        3⤵
                        • System Location Discovery: System Language Discovery
                        PID:4556
                        • C:\Windows\Temp\{52839086-124F-4DE0-A5AB-DC5147DB29FE}\.cr\8-0-11.exe
                          "C:\Windows\Temp\{52839086-124F-4DE0-A5AB-DC5147DB29FE}\.cr\8-0-11.exe" -burn.clean.room="C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe" -burn.filehandle.attached=584 -burn.filehandle.self=724 /repair /quiet /norestart
                          4⤵
                          • System Location Discovery: System Language Discovery
                          • System Time Discovery
                          • Modifies data under HKEY_USERS
                          PID:5840
                          • C:\Windows\Temp\{76BA7730-3DC5-41B0-B223-2C9FB9B24355}\.be\dotnet-runtime-8.0.11-win-x64.exe
                            "C:\Windows\Temp\{76BA7730-3DC5-41B0-B223-2C9FB9B24355}\.be\dotnet-runtime-8.0.11-win-x64.exe" -q -burn.elevated BurnPipe.{99074AD7-9063-489F-9A5F-FCA50CE0FE9C} {DC7F2462-0A64-4A14-80F8-D77A07B6EC29} 5840
                            5⤵
                            • Adds Run key to start application
                            • System Time Discovery
                            • Modifies registry class
                            PID:4972
                      • C:\Windows\SYSTEM32\cmd.exe
                        "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                        3⤵
                        • System Time Discovery
                        PID:5304
                        • C:\Program Files\dotnet\dotnet.exe
                          dotnet --list-runtimes
                          4⤵
                          • System Time Discovery
                          PID:2388
                      • C:\Windows\SYSTEM32\cmd.exe
                        "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                        3⤵
                        • System Time Discovery
                        PID:5216
                        • C:\Program Files\dotnet\dotnet.exe
                          dotnet --list-runtimes
                          4⤵
                          • System Time Discovery
                          PID:5092
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe" a9b206a9-ce96-4e65-bb7c-8acd7fd49c9a "0638dd54-245e-452b-a860-d55b1547370e" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBZENvbW1hbmRUeXBlIjo1LCJJbnN0YWxsYXRpb25GaWxlVXJsIjoiaHR0cHM6Ly9wYWNrYWdlc3N0b3JlLmJsb2IuY29yZS53aW5kb3dzLm5ldC9pbnN0YWxsZXJzL0FueURlc2svV2luZG93cy9BZ2VudF9BbnlEZXNrX0N1c3RvbV9DbGllbnRfOS4wLjUubXNpIiwiRm9yY2VJbnN0YWxsIjpmYWxzZSwiVGFyZ2V0VmVyc2lvbiI6IjkuMC41In0=" 001Q300000RfSDkIAN
                      2⤵
                      • Drops file in System32 directory
                      PID:1188
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" a9b206a9-ce96-4e65-bb7c-8acd7fd49c9a "a9a26ce6-9fcd-49f5-8761-6fb9a79767d2" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000RfSDkIAN
                      2⤵
                        PID:1104
                        • C:\Windows\SYSTEM32\msiexec.exe
                          "msiexec.exe" /i C:\Windows\TEMP\ateraAgentSetup64_1_8_7_2.msi /lv* AteraSetupLog.txt /qn /norestart
                          3⤵
                            PID:1488
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" a9b206a9-ce96-4e65-bb7c-8acd7fd49c9a "b4b7d6a1-f770-41c7-9fd4-c801550ac793" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000RfSDkIAN
                          2⤵
                          • Drops file in System32 directory
                          PID:5640
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" a9b206a9-ce96-4e65-bb7c-8acd7fd49c9a "6decdf63-4460-43a4-80fe-8abf6fe8e0d2" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q300000RfSDkIAN
                          2⤵
                          • Drops file in System32 directory
                          • Drops file in Program Files directory
                          PID:3492
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" a9b206a9-ce96-4e65-bb7c-8acd7fd49c9a "a3b37c01-96a2-42c7-95bf-4f6dbb618d78" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000RfSDkIAN
                          2⤵
                          • Modifies registry class
                          PID:640
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe" a9b206a9-ce96-4e65-bb7c-8acd7fd49c9a "e5a5b4f6-e745-4627-9af4-fab9b09e4107" agent-api.atera.com/Production 443 or8ixLi90Mf "agentprovision" 001Q300000RfSDkIAN
                          2⤵
                          • Drops file in System32 directory
                          PID:2344
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" a9b206a9-ce96-4e65-bb7c-8acd7fd49c9a "30520acf-333a-45cc-a1ac-d747b5177d8f" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000RfSDkIAN
                          2⤵
                          • Writes to the Master Boot Record (MBR)
                          • Modifies data under HKEY_USERS
                          PID:5976
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe" a9b206a9-ce96-4e65-bb7c-8acd7fd49c9a "1e573211-0c23-4eb9-8b73-eb62a2155337" agent-api.atera.com/Production 443 or8ixLi90Mf "connect" 001Q300000RfSDkIAN
                          2⤵
                            PID:1468
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe" a9b206a9-ce96-4e65-bb7c-8acd7fd49c9a "9bc48687-0354-484f-9808-56ddb5dd333a" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIybWFpbnRlbmFuY2VcdTAwMjIsXHUwMDIyRW5hYmxlZFx1MDAyMjpmYWxzZSxcdTAwMjJSZXBlYXRJbnRlcnZhbE1pbnV0ZXNcdTAwMjI6MTAsXHUwMDIyRGF5c0ludGVydmFsXHUwMDIyOjEsXHUwMDIyUmVwZWF0RHVyYXRpb25EYXlzXHUwMDIyOjF9In0=" 001Q300000RfSDkIAN
                            2⤵
                              PID:2984
                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Software\Agent.Package.Software.exe
                              "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Software\Agent.Package.Software.exe" a9b206a9-ce96-4e65-bb7c-8acd7fd49c9a "8a5ba2b1-99bf-4b47-8009-c02ce4f97b85" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIyZ2V0LWluc3RhbGxlZC1zb2Z0d2FyZVx1MDAyMixcdTAwMjJDYWNoZVR0bEhvdXJzXHUwMDIyOjEyfSJ9" 001Q300000RfSDkIAN
                              2⤵
                                PID:4084
                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                              "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe"
                              1⤵
                              • System Location Discovery: System Language Discovery
                              • Suspicious behavior: EnumeratesProcesses
                              PID:872
                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe
                                "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe"
                                2⤵
                                • Drops file in System32 directory
                                • Drops file in Program Files directory
                                • Loads dropped DLL
                                • System Location Discovery: System Language Discovery
                                • Modifies data under HKEY_USERS
                                • Suspicious behavior: EnumeratesProcesses
                                PID:4820
                                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
                                  -h
                                  3⤵
                                  • Loads dropped DLL
                                  • Suspicious behavior: EnumeratesProcesses
                                  • Suspicious use of FindShellTrayWindow
                                  • Suspicious use of SetWindowsHookEx
                                  PID:5928
                                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe
                                  "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe"
                                  3⤵
                                  • Loads dropped DLL
                                  • System Location Discovery: System Language Discovery
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:4588
                                  • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe
                                    "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe" -v
                                    4⤵
                                      PID:5692
                                  • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe
                                    "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe"
                                    3⤵
                                    • System Location Discovery: System Language Discovery
                                    • Suspicious behavior: EnumeratesProcesses
                                    • Suspicious use of SetWindowsHookEx
                                    PID:2212
                                  • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
                                    "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe"
                                    3⤵
                                    • System Location Discovery: System Language Discovery
                                    PID:3576
                                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                                      SRUtility.exe -r
                                      4⤵
                                      • System Location Discovery: System Language Discovery
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:4608
                                  • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVirtualDisplay.exe
                                    "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVirtualDisplay.exe"
                                    3⤵
                                    • System Location Discovery: System Language Discovery
                                    • Modifies data under HKEY_USERS
                                    • Suspicious use of SetWindowsHookEx
                                    PID:5268
                                    • C:\Windows\System32\cmd.exe
                                      "C:\Windows\System32\cmd.exe" /c "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\install_driver64.bat" nosetkey
                                      4⤵
                                        PID:5956
                                        • C:\Windows\system32\cmd.exe
                                          C:\Windows\system32\cmd.exe /c ver
                                          5⤵
                                            PID:3452
                                          • C:\Windows\system32\sc.exe
                                            sc query ddmgr
                                            5⤵
                                            • Launches sc.exe
                                            PID:2644
                                          • C:\Windows\system32\sc.exe
                                            sc query lci_proxykmd
                                            5⤵
                                            • Launches sc.exe
                                            PID:2388
                                          • C:\Windows\system32\rundll32.exe
                                            rundll32 x64\my_setup.dll do_install_lci_proxywddm
                                            5⤵
                                            • Drops file in Windows directory
                                            • Checks SCSI registry key(s)
                                            • Modifies data under HKEY_USERS
                                            PID:1648
                                  • C:\Windows\system32\cmd.exe
                                    C:\Windows\system32\cmd.exe /c "C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" /burn.runonce
                                    1⤵
                                    • System Time Discovery
                                    PID:3728
                                    • C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe
                                      "C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" /burn.runonce
                                      2⤵
                                      • System Location Discovery: System Language Discovery
                                      • System Time Discovery
                                      PID:2396
                                      • C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe
                                        "C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" /quiet /norestart /burn.log.append "C:\Windows\TEMP\Microsoft_.NET_Runtime_-_8.0.11_(x64)_20250410205118.log"
                                        3⤵
                                        • System Location Discovery: System Language Discovery
                                        • System Time Discovery
                                        PID:3804
                                        • C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe
                                          "C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" -burn.filehandle.attached=520 -burn.filehandle.self=540 /quiet /norestart /burn.log.append "C:\Windows\TEMP\Microsoft_.NET_Runtime_-_8.0.11_(x64)_20250410205118.log"
                                          4⤵
                                          • Checks computer location settings
                                          • System Location Discovery: System Language Discovery
                                          • System Time Discovery
                                          PID:2844
                                          • C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe
                                            "C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" -q -burn.elevated BurnPipe.{D76D69A7-C04E-4DEA-BD1D-3E346FAA9081} {33F48A9F-ADFA-42D2-A375-F333739CA56E} 2844
                                            5⤵
                                            • Adds Run key to start application
                                            • System Location Discovery: System Language Discovery
                                            • System Time Discovery
                                            • Modifies registry class
                                            PID:620
                                  • C:\Windows\system32\cmd.exe
                                    C:\Windows\system32\cmd.exe /c "C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" /burn.runonce
                                    1⤵
                                    • System Time Discovery
                                    PID:4620
                                    • C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe
                                      "C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" /burn.runonce
                                      2⤵
                                      • System Location Discovery: System Language Discovery
                                      • System Time Discovery
                                      PID:3776
                                      • C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe
                                        "C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe"
                                        3⤵
                                        • System Location Discovery: System Language Discovery
                                        • System Time Discovery
                                        PID:2628
                                        • C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe
                                          "C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" -burn.filehandle.attached=532 -burn.filehandle.self=540
                                          4⤵
                                          • System Location Discovery: System Language Discovery
                                          • System Time Discovery
                                          PID:4340
                                  • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe
                                    "C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe"
                                    1⤵
                                    • Drops file in Program Files directory
                                    • Modifies data under HKEY_USERS
                                    PID:2912
                                    • C:\Windows\System32\sc.exe
                                      "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                                      2⤵
                                      • Launches sc.exe
                                      PID:628
                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                                      "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe" a9b206a9-ce96-4e65-bb7c-8acd7fd49c9a "2d667d9d-d51c-4718-b89b-529eae1aa8ad" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBZENvbW1hbmRUeXBlIjo1LCJJbnN0YWxsYXRpb25GaWxlVXJsIjoiaHR0cHM6Ly9wYWNrYWdlc3N0b3JlLmJsb2IuY29yZS53aW5kb3dzLm5ldC9pbnN0YWxsZXJzL0FueURlc2svV2luZG93cy9BZ2VudF9BbnlEZXNrX0N1c3RvbV9DbGllbnRfOS4wLjUubXNpIiwiRm9yY2VJbnN0YWxsIjpmYWxzZSwiVGFyZ2V0VmVyc2lvbiI6IjkuMC41In0=" 001Q300000RfSDkIAN
                                      2⤵
                                        PID:3176
                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Software\Agent.Package.Software.exe
                                        "C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Software\Agent.Package.Software.exe" a9b206a9-ce96-4e65-bb7c-8acd7fd49c9a "1f774e83-6968-44ed-85c7-358511c9bd82" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIyZ2V0LWluc3RhbGxlZC1zb2Z0d2FyZVx1MDAyMixcdTAwMjJDYWNoZVR0bEhvdXJzXHUwMDIyOjEyfSJ9" 001Q300000RfSDkIAN
                                        2⤵
                                          PID:5248
                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                                          "C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe" a9b206a9-ce96-4e65-bb7c-8acd7fd49c9a "b5f75951-6206-4ffe-85fa-6fd10c8b883d" agent-api.atera.com/Production 443 or8ixLi90Mf "connect" 001Q300000RfSDkIAN
                                          2⤵
                                            PID:4184
                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                            "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" a9b206a9-ce96-4e65-bb7c-8acd7fd49c9a "07a57d18-c1c3-4ae0-8a28-5cc252d4be24" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000RfSDkIAN
                                            2⤵
                                            • Drops file in Program Files directory
                                            PID:3604
                                            • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                              "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                                              3⤵
                                              • Drops file in System32 directory
                                              • Command and Scripting Interpreter: PowerShell
                                              • Modifies data under HKEY_USERS
                                              PID:2820
                                            • C:\Windows\System32\cmd.exe
                                              "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                                              3⤵
                                                PID:3392
                                                • C:\Windows\system32\cscript.exe
                                                  cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                                                  4⤵
                                                  • Modifies data under HKEY_USERS
                                                  PID:3532
                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                              "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" a9b206a9-ce96-4e65-bb7c-8acd7fd49c9a "66522e00-93a2-4eb4-8ebd-d0d419546d7c" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q300000RfSDkIAN
                                              2⤵
                                                PID:5508
                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                                                "C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe" a9b206a9-ce96-4e65-bb7c-8acd7fd49c9a "bae39ce1-dc20-4ad7-8cb5-c4c0d82a3dcc" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIybWFpbnRlbmFuY2VcdTAwMjIsXHUwMDIyRW5hYmxlZFx1MDAyMjpmYWxzZSxcdTAwMjJSZXBlYXRJbnRlcnZhbE1pbnV0ZXNcdTAwMjI6MTAsXHUwMDIyRGF5c0ludGVydmFsXHUwMDIyOjEsXHUwMDIyUmVwZWF0RHVyYXRpb25EYXlzXHUwMDIyOjF9In0=" 001Q300000RfSDkIAN
                                                2⤵
                                                  PID:1376
                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                                  "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" a9b206a9-ce96-4e65-bb7c-8acd7fd49c9a "9b336b5e-69b3-4879-b511-f1506f9657ae" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000RfSDkIAN
                                                  2⤵
                                                    PID:5504
                                                  • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                                                    "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe" a9b206a9-ce96-4e65-bb7c-8acd7fd49c9a "507b12c5-62b3-48ef-8f15-1ae1f99ba86c" agent-api.atera.com/Production 443 or8ixLi90Mf "agentprovision" 001Q300000RfSDkIAN
                                                    2⤵
                                                      PID:5612
                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                      "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" a9b206a9-ce96-4e65-bb7c-8acd7fd49c9a "f17e6fa0-1fcd-413f-a243-4b510493e193" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000RfSDkIAN
                                                      2⤵
                                                      • Writes to the Master Boot Record (MBR)
                                                      • Drops file in Program Files directory
                                                      PID:5844
                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                                                      "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe" a9b206a9-ce96-4e65-bb7c-8acd7fd49c9a "6692c3e5-8f8d-427e-9fb1-b59182dfe595" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJDb21tYW5kTmFtZSI6Imluc3RhbGxkb3RuZXQiLCJEb3ROZXRWZXJzaW9uIjoiOC4wLjExIiwiTWFjQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzU1ZWIyYTQ5LTI1MjMtNDAyZS1iNjIzLTdhOTAxN2I4YmRlZi84Y2NkNDBhMjEzZWMyOTY0YWY0MTlmOWY3MjI2MzAyNy9kb3RuZXQtcnVudGltZS04LjAuMTEtb3N4LWFybTY0LnBrZyIsIk1hY1g2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci8zZjkyNmRkMi1kMjM0LTQzN2EtOGY2YS1lYTZkNzdjMzY4NGMvM2U4MzZhMzQ1YjEzNjA5MTcxM2E3NjliODdmMzQ5OTMvZG90bmV0LXJ1bnRpbWUtOC4wLjExLW9zeC14NjQucGtnIiwiV2luQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzljZjYyYmI3LTAyZmEtNDA3Mi1iNzY1LTVlMDRhZDA4OTc4OC8zZjM0ZGQ1NjU5Zjk5MTcyYWVhN2M0Y2M5ZGM3YTk3NS9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLWFybTY0LmV4ZSIsIldpblg2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci81M2U5ZTQxYy1iMzYyLTQ1OTgtOTk4NS00NWY5ODk1MTgwMTYvNTNjNWUxOTE5YmEyZmUyMzI3M2YyYWJhZmY2NTU5NWIvZG90bmV0LXJ1bnRpbWUtOC4wLjExLXdpbi14NjQuZXhlIiwiV2luWDg2RG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2E4ZDFhNDg5LTYwZDYtNGU2My05M2VlLWFiOWM0NGQ3OGIwZC81NTE5Zjk5ZmY1MGRlNmUwOTZiYjFkMjY2ZGQwZTY2Ny9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLXg4Ni5leGUiLCJNYWNBUk1DaGVja3N1bSI6Im1kZUhHZFVWTllIM21IcW1FMGJMaG5mNUpqNWNVaUZvdHFVSUk3bXltVEZKTXkwYzNvNWZ2YlFJSFx1MDAyQlU4bHA2QVdWZllPeS9wbXFLREpZZ3lTN3gyNEE9PSIsIk1hY1g2NENoZWNrc3VtIjoiTUdaVmR6Z0xqbjlIWmFZU21OWi9oMDZibVNRWS9ZSVJQeTdhQzNkM0kveWtLTFx1MDAyQkNubmUweUtQd1h5TW9pSHpONEtqWGZIeGdwcW0wWHJuaDlNSE04Zz09IiwiV2luQVJNQ2hlY2tzdW0iOiJWMEs0bVZwbFx1MDAyQjkxd0FYMWlZWEZyV2EyTTdORldYSjAvT29KSjMzQklWRlV1WXRzSE14TUsydWxnaTdcdTAwMkJQc1QwY1paeFBORDlhZ2t0dWZXRnZwMDl0b1E9PSIsIldpblg2NENoZWNrc3VtIjoiM05UbUVqazRubEg2Tm5ra1RmS2N1L1E5M1FNRlZHUjUxa3hlSGFQQTlESXZZS0N2VmpkYUxUNEpVY2x6VkcyL2djQW1pXHUwMDJCVXlrYXJkV2piR1hEXHUwMDJCUUh3PT0iLCJXaW5YODZDaGVja3N1bSI6InREanNWcmljT3g4RkJ1TEFzUjFVTXd4d2tQUktLOHhVdURSVVQ0L0E1b3NrdjVKdE03UzFrejBuU2FFMXRzY2JtcDROeDZ3SUNPUmZxRkJINzNlUnF3PT0iLCJXb3Jrc3BhY2VJZCI6ImJmMGNlNDlkLTc3Y2YtNDcyMS1iZjcwLTU3Njg2MzgzYzlhYiIsIkxvZ05hbWUiOiJEb3ROZXRSdW50aW1lSW5zdGFsbGF0aW9uUmVwb3J0IiwiU2hhcmVkS2V5IjoialVJUy9UOUNSVkRlS3hZZzRVcjNhQ2hoV1F1Y1k3UFZ2d2cwekh1cUpzY3JUampRMkx3SzZVamZ1N2NBMk5wckFSMHIvU1JBWEpZWWxkUEtLRnlLS1E9PSJ9" 001Q300000RfSDkIAN
                                                      2⤵
                                                        PID:4336
                                                        • C:\Windows\SYSTEM32\cmd.exe
                                                          "cmd.exe" /K "cd /d C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                                                          3⤵
                                                          • System Time Discovery
                                                          PID:3148
                                                          • C:\Program Files\dotnet\dotnet.exe
                                                            dotnet --list-runtimes
                                                            4⤵
                                                            • System Time Discovery
                                                            PID:2956
                                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                                                        "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" a9b206a9-ce96-4e65-bb7c-8acd7fd49c9a "7028c0b7-f764-44aa-b28f-cf334f91b459" agent-api.atera.com/Production 443 or8ixLi90Mf "probe" 001Q300000RfSDkIAN
                                                        2⤵
                                                          PID:4620
                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                          "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" a9b206a9-ce96-4e65-bb7c-8acd7fd49c9a "dc230178-5466-4f50-84a6-0d1e8f454a9a" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded" 001Q300000RfSDkIAN
                                                          2⤵
                                                            PID:5668
                                                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                                                              "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe" -a "st-streamer://com.splashtop.streamer?rmm_code=hZCDFPhK75mJ&rmm_session_pwd=d3b717ec021d8f3f9ac0f25fd57a3317&rmm_session_pwd_ttl=86400"
                                                              3⤵
                                                              • System Location Discovery: System Language Discovery
                                                              PID:1800
                                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                                            "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" a9b206a9-ce96-4e65-bb7c-8acd7fd49c9a "92b773dc-e7e7-4061-92d0-618ab99044f2" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates" 001Q300000RfSDkIAN
                                                            2⤵
                                                              PID:2824
                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                              "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" a9b206a9-ce96-4e65-bb7c-8acd7fd49c9a "99ab3906-1f35-4d54-9ff0-da06851d0566" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000RfSDkIAN
                                                              2⤵
                                                              • Modifies registry class
                                                              PID:1232
                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                              "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" a9b206a9-ce96-4e65-bb7c-8acd7fd49c9a "49804b45-9e44-4f27-bb3f-ae144412e5bc" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000RfSDkIAN
                                                              2⤵
                                                                PID:4796
                                                                • C:\Windows\TEMP\AteraUpgradeAgentPackage\AgentPackageUpgradeAgent.exe
                                                                  "C:\Windows\TEMP\AteraUpgradeAgentPackage\AgentPackageUpgradeAgent.exe" "a9b206a9-ce96-4e65-bb7c-8acd7fd49c9a" "49804b45-9e44-4f27-bb3f-ae144412e5bc" "agent-api.atera.com/Production" "443" "or8ixLi90Mf" "checkforupdates" "001Q300000RfSDkIAN"
                                                                  3⤵
                                                                    PID:5424
                                                              • C:\Windows\system32\svchost.exe
                                                                C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
                                                                1⤵
                                                                • Drops file in Windows directory
                                                                • Checks SCSI registry key(s)
                                                                PID:5416
                                                                • C:\Windows\system32\DrvInst.exe
                                                                  DrvInst.exe "4" "1" "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\lci_iddcx.inf" "9" "4804066df" "0000000000000138" "WinSta0\Default" "0000000000000158" "208" "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10"
                                                                  2⤵
                                                                  • Drops file in System32 directory
                                                                  • Drops file in Windows directory
                                                                  • Checks SCSI registry key(s)
                                                                  • Modifies data under HKEY_USERS
                                                                  PID:3612
                                                                • C:\Windows\system32\DrvInst.exe
                                                                  DrvInst.exe "4" "1" "c:\program files (x86)\splashtop\splashtop remote\server\driver\lcidisplay\win10\lci_proxywddm.inf" "9" "4a8a251e7" "000000000000017C" "WinSta0\Default" "0000000000000158" "208" "c:\program files (x86)\splashtop\splashtop remote\server\driver\lcidisplay\win10"
                                                                  2⤵
                                                                  • Drops file in System32 directory
                                                                  • Drops file in Windows directory
                                                                  • Checks SCSI registry key(s)
                                                                  • Modifies data under HKEY_USERS
                                                                  PID:1180
                                                                • C:\Windows\system32\DrvInst.exe
                                                                  DrvInst.exe "2" "211" "ROOT\SYSTEM\0001" "C:\Windows\INF\oem4.inf" "oem4.inf:c276d4b8d1e66062:lci_proxywddm.Install:1.0.2018.1204:root\lci_proxywddm," "4a8a251e7" "0000000000000138"
                                                                  2⤵
                                                                  • Drops file in Drivers directory
                                                                  • Drops file in System32 directory
                                                                  • Checks SCSI registry key(s)
                                                                  PID:3108
                                                                • C:\Windows\system32\DrvInst.exe
                                                                  DrvInst.exe "1" "0" "LCI\IDDCX\1&79f5d87&0&WHO_CARE" "" "" "48ef22a9f" "0000000000000000"
                                                                  2⤵
                                                                  • Drops file in Drivers directory
                                                                  • Drops file in Windows directory
                                                                  • Checks SCSI registry key(s)
                                                                  PID:4732

                                                              Network

                                                              MITRE ATT&CK Enterprise v16

                                                              Reconnaissance

                                                              Resource Development

                                                              Initial Access

                                                              Execution

                                                              Command and Scripting Interpreter

                                                              1
                                                              T1059

                                                              PowerShell

                                                              1
                                                              T1059.001

                                                              Persistence

                                                              Boot or Logon Autostart Execution

                                                              1
                                                              T1547

                                                              Registry Run Keys / Startup Folder

                                                              1
                                                              T1547.001

                                                              Event Triggered Execution

                                                              2
                                                              T1546

                                                              Component Object Model Hijacking

                                                              1
                                                              T1546.015

                                                              Installer Packages

                                                              1
                                                              T1546.016

                                                              Pre-OS Boot

                                                              1
                                                              T1542

                                                              Bootkit

                                                              1
                                                              T1542.003

                                                              Privilege Escalation

                                                              Boot or Logon Autostart Execution

                                                              1
                                                              T1547

                                                              Registry Run Keys / Startup Folder

                                                              1
                                                              T1547.001

                                                              Event Triggered Execution

                                                              2
                                                              T1546

                                                              Component Object Model Hijacking

                                                              1
                                                              T1546.015

                                                              Installer Packages

                                                              1
                                                              T1546.016

                                                              Defense Evasion

                                                              Modify Registry

                                                              2
                                                              T1112

                                                              Pre-OS Boot

                                                              1
                                                              T1542

                                                              Bootkit

                                                              1
                                                              T1542.003

                                                              Subvert Trust Controls

                                                              1
                                                              T1553

                                                              Install Root Certificate

                                                              1
                                                              T1553.004

                                                              System Binary Proxy Execution

                                                              1
                                                              T1218

                                                              Msiexec

                                                              1
                                                              T1218.007

                                                              Credential Access

                                                              Discovery

                                                              Peripheral Device Discovery

                                                              2
                                                              T1120

                                                              Query Registry

                                                              5
                                                              T1012

                                                              System Information Discovery

                                                              4
                                                              T1082

                                                              System Location Discovery

                                                              1
                                                              T1614

                                                              System Language Discovery

                                                              1
                                                              T1614.001

                                                              System Time Discovery

                                                              1
                                                              T1124

                                                              Lateral Movement

                                                              Collection

                                                              Command and Control

                                                              Exfiltration

                                                              Impact

                                                              Replay Monitor

                                                              Loading Replay Monitor...

                                                              Downloads

                                                              • C:\Config.Msi\e576ef7.rbs
                                                                Filesize

                                                                8KB

                                                                MD5

                                                                1abe813f19d34b0226e093d88b120e1c

                                                                SHA1

                                                                7823471a1349617fcae0b8b7b9ab81b98f321f32

                                                                SHA256

                                                                ba6330d40d07cb99dd791f7420a6628e198c48878fa6ea8b4793478aa1877061

                                                                SHA512

                                                                7db662d2b6fba812f37e96051010966190c82a3ad4585a5ce89c985baad9f0673d02c4ef26f9b0c17bcc896fdf88e0915ef1cae311c0e1dd6e205dc7133b31aa

                                                                Download Submit

                                                              • C:\Config.Msi\e576efc.rbs
                                                                Filesize

                                                                74KB

                                                                MD5

                                                                47e0c384844e687142d1ea44f0c0f763

                                                                SHA1

                                                                1904c2310491dea6178f67b1f14e867c28dc75d5

                                                                SHA256

                                                                a1eac97120ebcbfb3dd4547bf9e91a87a415c29f0962795e3cf5f78d32955462

                                                                SHA512

                                                                97fbf18d598ccdf1baa4f922401b73d5df5c8a4f093bdb27b7e7aa9e38f2bb7e59078bad2eb28e860102c27d9c93743affe2ad4bf427923f1390845dea9fe756

                                                                Download Submit

                                                              • C:\Config.Msi\e576efe.rbs
                                                                Filesize

                                                                464B

                                                                MD5

                                                                9bd7659a8e03845ef4e00b8e3ad276b8

                                                                SHA1

                                                                2f76ca25e818c1cd4c832a0e555a609c211a8ad2

                                                                SHA256

                                                                6f7fd0a43c4764a46a9604ec6760196ca59b94a95beb0866111a5758763362e8

                                                                SHA512

                                                                cc3480539cbce30483e06abeb11484df1136d0cdab511780dd1cab342caee547ef70bbef703af322498665df146c9298133355cba132aacf40f2439107c6e02f

                                                                Download Submit

                                                              • C:\Config.Msi\e576f02.rbs
                                                                Filesize

                                                                48KB

                                                                MD5

                                                                4e04e734f166dd5da54c672854adf688

                                                                SHA1

                                                                b4e6afc297c7e776fa2d618461222000f7decc26

                                                                SHA256

                                                                6240f72198ee03454b96bf89361ebfeac02f43894a77264c2d5a527cd717ca72

                                                                SHA512

                                                                745fbb7af3ef01249c7781453e9bee57796d97ee3e348cd261fa0f04a5e1900d7f93f3e8eb19e91a62ed07efd9fd63d9f31e368101f42aed5c444c4730f50cda

                                                                Download Submit

                                                              • C:\Config.Msi\e576f07.rbs
                                                                Filesize

                                                                9KB

                                                                MD5

                                                                4d95394d641350aa853b6ea30bea3b9d

                                                                SHA1

                                                                f63af485cd0d622b0efbc18a0b588297380f8d28

                                                                SHA256

                                                                8a431f1f94d7591682bb6c5556e671ee6aaa4b2c5ded114e45b7550579f2251f

                                                                SHA512

                                                                5a185c20db3ecec8814e14180b0128390881e05107deeb8a59bd2c6208672b06d282e449eb6babd1491185eb60d4bad8975584e55c24d2c8a0bbc02025dd3109

                                                                Download Submit

                                                              • C:\Config.Msi\e576f0c.rbs
                                                                Filesize

                                                                11KB

                                                                MD5

                                                                aa854da0e00514915fe8313d9941c6f7

                                                                SHA1

                                                                215f8c451c2d4124ea0a1a49b532bddc0b7887c3

                                                                SHA256

                                                                a29f6beac5e3f59c6a5ff6012a9e86a60e64520e7f9fdea6c72d1a8ed05bddf1

                                                                SHA512

                                                                bbf69b1a2e0c0f88e6123c9ae7e0e3264216b337e5a489a3def5c6ba7f06330566c6b30d3d27ae244aeaab51025a50e089912c33c92dd1c910458f1c15d1fbcb

                                                                Download Submit

                                                              • C:\Config.Msi\e576f11.rbs
                                                                Filesize

                                                                8KB

                                                                MD5

                                                                5f0456e1f7a32f86517fa9487a3009bf

                                                                SHA1

                                                                2aeb64857bb4b7e02d71b0af2356288f8c26bd37

                                                                SHA256

                                                                5b3ea27487ecd99b8f4cb3f1276278678544af7f60ed5d6ad4ea33f0ca25cad0

                                                                SHA512

                                                                7543726545e36eca27fb2843018a57f5ede7aac3a4ec7f42e44ba1567f43fa60f42c33f754cc0ad58583e852acb4cd1267f386f898356efa232b20bb1717a376

                                                                Download Submit

                                                              • C:\Config.Msi\e576f12.rbf
                                                                Filesize

                                                                143KB

                                                                MD5

                                                                33b4c87f18b4c49114d7a8980241657a

                                                                SHA1

                                                                254c67b915e45ad8584434a4af5e06ca730baa3b

                                                                SHA256

                                                                587296f3ff624295079471e529104385e5c30ddc46462096d343c76515e1d662

                                                                SHA512

                                                                42b48b4dcd76a8b2200cfafddc064c053a9d1a4b91b81dee9153322c0b2269e4d75f340c1bf7e7750351fb656445efaf1e1fe0f7e543497b247dd3f83f0c86f9

                                                                Download Submit

                                                              • C:\Config.Msi\e576f13.rbf
                                                                Filesize

                                                                3B

                                                                MD5

                                                                21438ef4b9ad4fc266b6129a2f60de29

                                                                SHA1

                                                                5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd

                                                                SHA256

                                                                13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354

                                                                SHA512

                                                                37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237

                                                                Download Submit

                                                              • C:\Config.Msi\e576f19.rbs
                                                                Filesize

                                                                9KB

                                                                MD5

                                                                16912c54918cf0b0873b04f4f0eafd79

                                                                SHA1

                                                                d6c739fd9cebdf1d94fcda8d64d89a1e7bcad043

                                                                SHA256

                                                                46923b2d37eee573495300a686adcd68f64d6f2602a2149dd342d28ed8b7e1a4

                                                                SHA512

                                                                a16acedbc8ad3e6757b4d4db67fcb48fbad2754ea01b0a63ee8d01e7edf1eec25cbe46865162b8ee09bee497812149b77ce9276d24d2f635fb0c0f669f91c0bc

                                                                Download Submit

                                                              • C:\Config.Msi\e576f21.rbs
                                                                Filesize

                                                                8KB

                                                                MD5

                                                                6c0884ce25ef1eddc0f247b97fe1a4b4

                                                                SHA1

                                                                1baa08f0642f35cb50d206441418349b8112ac9a

                                                                SHA256

                                                                528d9c5f5d56583ef3d6bfeebe74da56fadbd1d0c1cc5d31b90f6520863eb94b

                                                                SHA512

                                                                a4c3921de16b8dcf96e28b12495b42737a83d09562e4a94b8b6ae36abd0c7e5fd819de0711e69a6d5519396991ac064141b87c7ce84027429faf97b30f653505

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                                                Filesize

                                                                753B

                                                                MD5

                                                                8298451e4dee214334dd2e22b8996bdc

                                                                SHA1

                                                                bc429029cc6b42c59c417773ea5df8ae54dbb971

                                                                SHA256

                                                                6fbf5845a6738e2dc2aa67dd5f78da2c8f8cb41d866bbba10e5336787c731b25

                                                                SHA512

                                                                cda4ffd7d6c6dff90521c6a67a3dba27bf172cc87cee2986ae46dccd02f771d7e784dcad8aea0ad10decf46a1c8ae1041c184206ec2796e54756e49b9217d7ba

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                                                Filesize

                                                                1KB

                                                                MD5

                                                                337079222a6f6c6edf58f3f981ff20ae

                                                                SHA1

                                                                1f705fc0faa84c69e1fe936b34783b301323e255

                                                                SHA256

                                                                ae56a6c4f6622b5485c46d9fde5d3db468c1bfb573b34c9f199007b5eedcbda5

                                                                SHA512

                                                                ae9cd225f7327da6eeea63c661b9e159d6608dff4897fb6b9651a1756d69282e8051b058a2473d9153fc87c0b54aa59b9a1a865871df693adcb267f8b0157b61

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                Filesize

                                                                142KB

                                                                MD5

                                                                477293f80461713d51a98a24023d45e8

                                                                SHA1

                                                                e9aa4e6c514ee951665a7cd6f0b4a4c49146241d

                                                                SHA256

                                                                a96a0ba7998a6956c8073b6eff9306398cc03fb9866e4cabf0810a69bb2a43b2

                                                                SHA512

                                                                23f3bd44a5fb66be7fea3f7d6440742b657e4050b565c1f8f4684722502d46b68c9e54dcc2486e7de441482fcc6aa4ad54e94b1d73992eb5d070e2a17f35de2f

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config
                                                                Filesize

                                                                1KB

                                                                MD5

                                                                b3bb71f9bb4de4236c26578a8fae2dcd

                                                                SHA1

                                                                1ad6a034ccfdce5e3a3ced93068aa216bd0c6e0e

                                                                SHA256

                                                                e505b08308622ad12d98e1c7a07e5dc619a2a00bcd4a5cbe04fe8b078bcf94a2

                                                                SHA512

                                                                fb6a46708d048a8f964839a514315b9c76659c8e1ab2cd8c5c5d8f312aa4fb628ab3ce5d23a793c41c13a2aa6a95106a47964dad72a5ecb8d035106fc5b7ba71

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll
                                                                Filesize

                                                                210KB

                                                                MD5

                                                                c106df1b5b43af3b937ace19d92b42f3

                                                                SHA1

                                                                7670fc4b6369e3fb705200050618acaa5213637f

                                                                SHA256

                                                                2b5b7a2afbc88a4f674e1d7836119b57e65fae6863f4be6832c38e08341f2d68

                                                                SHA512

                                                                616e45e1f15486787418a2b2b8eca50cacac6145d353ff66bf2c13839cd3db6592953bf6feed1469db7ddf2f223416d5651cd013fb32f64dc6c72561ab2449ae

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll
                                                                Filesize

                                                                693KB

                                                                MD5

                                                                2c4d25b7fbd1adfd4471052fa482af72

                                                                SHA1

                                                                fd6cd773d241b581e3c856f9e6cd06cb31a01407

                                                                SHA256

                                                                2a7a84768cc09a15362878b270371daad9872caacbbeebe7f30c4a7ed6c03ca7

                                                                SHA512

                                                                f7f94ec00435466db2fb535a490162b906d60a3cfa531a36c4c552183d62d58ccc9a6bb8bbfe39815844b0c3a861d3e1f1178e29dbcb6c09fa2e6ebbb7ab943a

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                                                                Filesize

                                                                146KB

                                                                MD5

                                                                8d477b63bc5a56ae15314bda8dea7a3a

                                                                SHA1

                                                                3ca390584cd3e11172a014784e4c968e7cbb18f5

                                                                SHA256

                                                                9eec91cdd39cbb560ad5b1d063df67088f412da4b851ae41e71304fb8a444293

                                                                SHA512

                                                                44e3d91ad96b4cb919c06ccb91d3c3e31165b2412e1d78bfbaca0bee6f0c1a3253b3e3ddf19009cebf12c261a0392f6a0b7091cf8aba1d0cc4c1ed61c1b6dc42

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Software\Agent.Package.Software.exe
                                                                Filesize

                                                                145KB

                                                                MD5

                                                                32b43563e860a1797f9b5197b2893bec

                                                                SHA1

                                                                ef8125963e9382db994629865a929d9317e07b95

                                                                SHA256

                                                                a1b45513a6946b0d7b972429feb069ea6bb27670d3c5271db02455f26c451a69

                                                                SHA512

                                                                b8e299cac3b948f4af16544b558e9644f3402f9baca4f4a72a7074176b0507b5664fd92b2095e94d687323acec761f1f1899057364103199077e67216c05e6b2

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                                                                Filesize

                                                                145KB

                                                                MD5

                                                                2b9beb2fdbc41afc48d68d32ef41dd08

                                                                SHA1

                                                                4a9ea4cf8e02e34ef2dd0ef849ffc0cd9ea6f91c

                                                                SHA256

                                                                977d48979e30a146417937d7e11b26334edec2abddfae1369a9c4348e34857b1

                                                                SHA512

                                                                3e3c3e39ff2df0d1ed769e6c5acba6f7c5d2737d3c426fb4f0e19f3cf6c604707155917584e454a3f208524ed46766b7a3d2d861fa7419f8258c3b6022238e10

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                                                                Filesize

                                                                51KB

                                                                MD5

                                                                3180c705182447f4bcc7ce8e2820b25d

                                                                SHA1

                                                                ad6486557819a33d3f29b18d92b43b11707aae6e

                                                                SHA256

                                                                5b536eda4bff1fdb5b1db4987e66da88c6c0e1d919777623344cd064d5c9ba22

                                                                SHA512

                                                                228149e1915d8375aa93a0aff8c5a1d3417df41b46f5a6d9a7052715dbb93e1e0a034a63f0faad98d4067bcfe86edb5eb1ddf750c341607d33931526c784eb35

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.INI
                                                                Filesize

                                                                12B

                                                                MD5

                                                                eca4e75e54ad1f7399e57c18580474ab

                                                                SHA1

                                                                28fbde46981fa9643dccc45f556f4b2eee0bba54

                                                                SHA256

                                                                8e8a22eb5f91f1f8fdcfa57e849fda18ff69dbdc3e9da179302673780f597331

                                                                SHA512

                                                                d9f0ce128adcc236d4f570de6d41c2c002a455f5e73ff3144ef66590e46f5867fc144465ea4050b790b697450c66b4ee595fda4cbbadba2940e6406b99835e48

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                Filesize

                                                                248KB

                                                                MD5

                                                                51ecaf32a6076ecfa733ffa645634756

                                                                SHA1

                                                                a5b7560e810f9482290c15eedec92731ab10bb41

                                                                SHA256

                                                                b2b04d4e08c152d0f43764efc14f155e76fa1fba58475188cbd3cdc92e51f457

                                                                SHA512

                                                                83222a1b9253364190b2733409190427a01fd05c173a7a04bede45642ddf8619fc10d1067e73fd110a4d83c9da82728ad1e83d35326bb2787d8b46c27fa797a9

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config
                                                                Filesize

                                                                1021B

                                                                MD5

                                                                51a41966b950af62998eee5043f543b0

                                                                SHA1

                                                                d4ce80134834a1f10d50a6cac3ca3a3e80ff1dc2

                                                                SHA256

                                                                f1461b023e02fac832979ebf9bfa59ee7043885c90fc8ee6f8077f07a1cb7097

                                                                SHA512

                                                                9c4ba08451116f92036ce24075a641eb5973b740bb876cb8ec7229dae10308364404f175b8abd1f0d6eefa73b9123fa857bf2c3b39577d767831444f99435936

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll
                                                                Filesize

                                                                109KB

                                                                MD5

                                                                308b8f226c9731513b42fb975a39dfdb

                                                                SHA1

                                                                95aad91d1c3e97b3f9af8d955f1ee761f3714a89

                                                                SHA256

                                                                fbbd3028ed6e373ffd489f441871b3bb336280d9dbef7adf4bb358c6b195fcda

                                                                SHA512

                                                                7abd7675d5f85b2eb6321e9e18c6ee4388898c77e88086bae183d348763a1ee2efda322dfe05a478c29b9cdbada4667455f0e5e70e9bae932268b1cab811278c

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll
                                                                Filesize

                                                                693KB

                                                                MD5

                                                                8e004ca7e38e44a7ff12d0b519a6b1c2

                                                                SHA1

                                                                aba81436ea4b88c4f662029e8e105e3fa1dde139

                                                                SHA256

                                                                623918f6cb0d86fed4499655308916db984a5ff69afb90975cdb40611cf6e0c0

                                                                SHA512

                                                                b7b6621ac35fc89f50167036552bc729140d474c7e776b9757c0cfacd4203f118540d382a571055c1e8ef83ff4f4a988fd850acbce902919e87f3de0c1db4018

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                                                Filesize

                                                                27KB

                                                                MD5

                                                                797c9554ec56fd72ebb3f6f6bef67fb5

                                                                SHA1

                                                                40af8f7e72222ba9ec2ea2dd1e42ff51dc2eb1bb

                                                                SHA256

                                                                7138b6beda7a3f640871e232d93b4307065ab3cd9cfac1bd7964a6bec9e60f49

                                                                SHA512

                                                                4f461a8a25da59f47ced0c0dbf59318ddb30c21758037e22bbaa3b03d08ff769bfd1bfc7f43f0e020df8ae4668355ab4b9e42950dca25435c2dd3e9a341c4a08

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                                                Filesize

                                                                214KB

                                                                MD5

                                                                01807774f043028ec29982a62fa75941

                                                                SHA1

                                                                afc25cf6a7a90f908c0a77f2519744f75b3140d4

                                                                SHA256

                                                                9d4727352bf6d1cca9cba16953ebd1be360b9df570fd7ba022172780179c251e

                                                                SHA512

                                                                33bd2b21db275dc8411da6a1c78effa6f43b34afd2f57959e2931aa966edea46c78d7b11729955879889cbe8b81a8e3fb9d3f7e4988e3b7f309cbd1037e0dc02

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                                                                Filesize

                                                                37KB

                                                                MD5

                                                                efb4712c8713cb05eb7fe7d87a83a55a

                                                                SHA1

                                                                c94d106bba77aecf88540807da89349b50ea5ae7

                                                                SHA256

                                                                30271d8a49c2547ab63a80bc170f42e9f240cf359a844b10bc91340444678e75

                                                                SHA512

                                                                3594955ad79a07f75c697229b0de30c60c2c7372b5a94186a705159a25d2e233e398b9e2dc846b8b47e295dcddd1765a8287b13456c0a3b3c4e296409a428ef8

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring.zip
                                                                Filesize

                                                                3.5MB

                                                                MD5

                                                                723a7f489fb1861821fee5f5de0acba0

                                                                SHA1

                                                                ad76a8ec8cd52346c575894e08c458e1adf620b7

                                                                SHA256

                                                                0b1afe081f2e2aefdcf40cada67e79e287536999e99145748aeeb4f0010730f5

                                                                SHA512

                                                                b3ea87dd52d79b73b443154b71ea44da1ce86032bb4646d2a2813218e55113b3c1b854dc638229ecda370fa49863228dea1e86b6d455457095a9de865e25b0e1

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                                Filesize

                                                                396KB

                                                                MD5

                                                                b5929e2ca0e402a373b633bb78d0414a

                                                                SHA1

                                                                38146d4f3ddca1b1e854bf638b7722356e5e2195

                                                                SHA256

                                                                d7b43a4807e1841b94353656fcfd45b69f7550adf137c56aefb85104883fb821

                                                                SHA512

                                                                65e02019656d61238b8fc784496eb6ccf238a5f6eff9b101893641cb45d9c63058cf67abb2bc75007e9e2726458115eb8e9ad9a4cf34a86435ea637dc78c3ea6

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                                Filesize

                                                                48KB

                                                                MD5

                                                                1eed1e8fa96721e83384f9217e4f53fd

                                                                SHA1

                                                                05f059303899a33a3f3490811a2847a0de073d75

                                                                SHA256

                                                                8d87ea9bc87d6125a521fec00012ea57d0eb8ed8a208388158784626af7d9ffb

                                                                SHA512

                                                                1eea0b5c96aa2dabbf4ceb8ba4df8f69e59b627b7f0755ddd2b3c9b09fe6479f34edec8b9b8f0d885b020d45b927350cde7e5f184464577f7faa72d9e7d9a9db

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                                                Filesize

                                                                303KB

                                                                MD5

                                                                3599654fec6a32f214fcd3169886703b

                                                                SHA1

                                                                523dece93e47234d1a1d4030e0f2504c3d16158b

                                                                SHA256

                                                                06cabbb9f17822cfa44ac78e33ef2d6381b12cb013e7a462586450ea7c6f26ee

                                                                SHA512

                                                                88de39813a91bbcc50ab7c0602585a943a6dbdca2c5418bf758c3f21791c0c1307c9dffda5b508d00dbb4cf76090fd5166311d26ada798f40a60cf3f3cf31fa8

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                                                                Filesize

                                                                53KB

                                                                MD5

                                                                8c105c1fdaac154d727df0ed34bca083

                                                                SHA1

                                                                3525fc304f7464876ec0bac3305d604e8a2340c9

                                                                SHA256

                                                                dd4b31b650621c6ee76bc65ef7d4a56901fc4d6629816e64c3fbe2539ea6d4e2

                                                                SHA512

                                                                47793671c67625a5595c09f87bcb592e403f9103a410a62d1e8d37b5d38ced47fb8efecb9fb7d55e5b41834923907af91aa8fbe884aecd73a888cfa7170fc9f4

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote.zip
                                                                Filesize

                                                                333KB

                                                                MD5

                                                                745714d838c4d4f88c6e0db6a434f444

                                                                SHA1

                                                                90689ce709bf2464b678c7afa7b1e18f080d52bb

                                                                SHA256

                                                                e35302995dad1d5e4b7147d8763f7262500271cf01eac8edfa896b392ac7139f

                                                                SHA512

                                                                08cbfac0b604530108978c757ad8481c69ed62deac5520777bacee9751f3f260d2c3158609fd723819d8d6626c46b302fe7da7005efc09ab571871ac9d58a0ed

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                                Filesize

                                                                70KB

                                                                MD5

                                                                e9b3a59f67febdd7f8fbe68d71c5d0ab

                                                                SHA1

                                                                22bd3ec3f8e0be2f317ade9d553acdb3ea11f52e

                                                                SHA256

                                                                bff4de54dacec104e1e63659857ca99d3e9658dcc09d6e1cbf54dc7b22629cbf

                                                                SHA512

                                                                00e95ea600777025a30e23c755522b869320ca445ac5bd74f123306457d0793efa338220cba9d064e5d25cc3dcf19d66e4e48d3a1c72d196eeb77fb61e4b0688

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                                                                Filesize

                                                                50KB

                                                                MD5

                                                                5bb0687e2384644ea48f688d7e75377b

                                                                SHA1

                                                                44e4651a52517570894cfec764ec790263b88c4a

                                                                SHA256

                                                                963a4c7863beae55b1058f10f38b5f0d026496c28c78246230d992fd7b19b70a

                                                                SHA512

                                                                260b661f52287af95c5033b0a03ac2e182211d165cadb7c4a19e5a8ca765e76fc84b0daf298c3eccb4904504a204194a9bf2547fc91039c3ec2d41f9977ff650

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                                Filesize

                                                                32KB

                                                                MD5

                                                                0308f32676d9211746048594a5bcb7c3

                                                                SHA1

                                                                5caf000789ba28a18de93a6ce536a352414fd871

                                                                SHA256

                                                                0c64ec6ff34865a8d2fc0e267ead43c8f70a6dc36ab476af6748797995f4bc43

                                                                SHA512

                                                                980248cf713fd9721f2a41aed19a227ad76c2bcbac928df70129b4e4441c62a00b5df5cda0a583cffd365424ea6a7625ded6132f89ed70aa61c851b90b2487d2

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                Filesize

                                                                60KB

                                                                MD5

                                                                99c72ae773f0e16818bc628e6c30272a

                                                                SHA1

                                                                901b18faa2eeb35946746bcf80a3ed7a67f6daab

                                                                SHA256

                                                                9159d0f626aebaca406d0ff9abfe19d6153f3d6eefbc1f831a48c17f4aea7a81

                                                                SHA512

                                                                f05b5884ab3f8b2c0960c2ccbb982555948d293fd37bd29df1157d40c138f1eed6fc94ac5a7d7a4fd098755e9d242d4da992d073ddffcc8f0c543e538b322633

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll
                                                                Filesize

                                                                588KB

                                                                MD5

                                                                17d74c03b6bcbcd88b46fcc58fc79a0d

                                                                SHA1

                                                                bc0316e11c119806907c058d62513eb8ce32288c

                                                                SHA256

                                                                13774cc16c1254752ea801538bfb9a9d1328f8b4dd3ff41760ac492a245fbb15

                                                                SHA512

                                                                f1457a8596a4d4f9b98a7dcb79f79885fa28bd7fc09a606ad3cd6f37d732ec7e334a64458e51e65d839ddfcdf20b8b5676267aa8ced0080e8cf81a1b2291f030

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt
                                                                Filesize

                                                                219B

                                                                MD5

                                                                f3cd10114e463617513f6705b4712157

                                                                SHA1

                                                                899bf1dc2f119b6d0c6a6de6faf63698a4a74962

                                                                SHA256

                                                                b4bf8283e1549fc075e53508a362b0604d45088279d89bd1f094be46fadd09fd

                                                                SHA512

                                                                9526dffe52e2f6566701c3b4496fcf43c41fed5de21556ad92c142309d5bac7f31311526e7546f9e016ecf46e873bcd5d4fc803450905e1c59957de34e42d967

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt
                                                                Filesize

                                                                256B

                                                                MD5

                                                                84c1241f78a70574e9ed25f7b96abb56

                                                                SHA1

                                                                e83988f7cc6f69b3d858df0dc9918ee9416251c2

                                                                SHA256

                                                                2a7cf524f6459e20ed31349eb458e095e932011404a640d1133b28a1585e29c1

                                                                SHA512

                                                                1e10c7fec3df0e830d696524b60d409f3d0c2c47c5a679ecfafde19b18fd231e0138f0d99c1ec52e95cafbb9088048c1e42c4ec14781b57c113c7aa0db0b28d7

                                                                Download Submit

                                                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd.exe
                                                                Filesize

                                                                9KB

                                                                MD5

                                                                1ef7574bc4d8b6034935d99ad884f15b

                                                                SHA1

                                                                110709ab33f893737f4b0567f9495ac60c37667c

                                                                SHA256

                                                                0814aad232c96a4661081e570cf1d9c5f09a8572cfd8e9b5d3ead0fa0f5ca271

                                                                SHA512

                                                                947c306a3a1eec7fce29eaa9b8d4b5e00fd0918fe9d7a25e262d621fb3ee829d5f4829949e766a660e990d1ac14f87e13e5dbd5f7c8252ae9b2dc82e2762fb73

                                                                Download Submit

                                                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd64.exe
                                                                Filesize

                                                                10KB

                                                                MD5

                                                                f512536173e386121b3ebd22aac41a4e

                                                                SHA1

                                                                74ae133215345beaebb7a95f969f34a40dda922a

                                                                SHA256

                                                                a993872ad05f33cb49543c00dfca036b32957d2bd09aaa9dafe33b934b7a3e4a

                                                                SHA512

                                                                1efa432ef2d61a6f7e7fc3606c5c982f1b95eabc4912ea622d533d540ddca1a340f8a5f4652af62a9efc112ca82d4334e74decf6ddbc88b0bd191060c08a63b9

                                                                Download Submit

                                                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon.exe
                                                                Filesize

                                                                76KB

                                                                MD5

                                                                b40fe65431b18a52e6452279b88954af

                                                                SHA1

                                                                c25de80f00014e129ff290bf84ddf25a23fdfc30

                                                                SHA256

                                                                800e396be60133b5ab7881872a73936e24cbebd7a7953cee1479f077ffcf745e

                                                                SHA512

                                                                e58cf187fd71e6f1f5cf7eac347a2682e77bc9a88a64e79a59e1a480cac20b46ad8d0f947dd2cb2840a2e0bb6d3c754f8f26fcf2d55b550eea4f5d7e57a4d91d

                                                                Download Submit

                                                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon64.exe
                                                                Filesize

                                                                80KB

                                                                MD5

                                                                3904d0698962e09da946046020cbcb17

                                                                SHA1

                                                                edae098e7e8452ca6c125cf6362dda3f4d78f0ae

                                                                SHA256

                                                                a51e25acc489948b31b1384e1dc29518d19b421d6bc0ced90587128899275289

                                                                SHA512

                                                                c24ab680981d8d6db042b52b7b5c5e92078df83650cad798874fc09ce8c8a25462e1b69340083f4bcad20d67068668abcfa8097e549cfa5ad4f1ee6a235d6eea

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                                                Filesize

                                                                717B

                                                                MD5

                                                                ef0a07aec4367a64c16c581da2657aa9

                                                                SHA1

                                                                13011a5abcbadb3424fb6ecee560665556bb1d24

                                                                SHA256

                                                                f8c02541eba2fde1b29b3ce428cbb0f1913110d4bba9b52f7252f728e9fce987

                                                                SHA512

                                                                35cfaedb4e5f754dde69f4cef508bbd6127408c405baa5ee2e20104f9aaa1ff2a228f0bfa42d51dcd1006e026ce238bd7042906e449ca78ef91e4d00b08c5c46

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallState
                                                                Filesize

                                                                7KB

                                                                MD5

                                                                362ce475f5d1e84641bad999c16727a0

                                                                SHA1

                                                                6b613c73acb58d259c6379bd820cca6f785cc812

                                                                SHA256

                                                                1f78f1056761c6ebd8965ed2c06295bafa704b253aff56c492b93151ab642899

                                                                SHA512

                                                                7630e1629cf4abecd9d3ddea58227b232d5c775cb480967762a6a6466be872e1d57123b08a6179fe1cfbc09403117d0f81bc13724f259a1d25c1325f1eac645b

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability.zip
                                                                Filesize

                                                                1.3MB

                                                                MD5

                                                                40df7f2a02cdfa70ae76d70d21473428

                                                                SHA1

                                                                4baddbc082fdb197c77bc1c232be2881a82a7ec8

                                                                SHA256

                                                                f037309cf6b0174ba282106da31c141e3912486c69c438a53afe7ff589743dc2

                                                                SHA512

                                                                2522483e9d1b9fc20f14ffab3dcb2a9e5735a260e08e7196a05319076ad9b4d7a9fe94b28c52559022f003d2fe55ec5e4abcecb1b11f4000e804dae5b1c0126f

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.runtimeconfig.json
                                                                Filesize

                                                                375B

                                                                MD5

                                                                e8d9109bd15637b1fbf349f9c7ff776f

                                                                SHA1

                                                                19762daa20afc8085ba6417a7215f1fe2d619f60

                                                                SHA256

                                                                c4a84cdd787cb31aaa46e8282f7d288f0641fdaa4252ac78979340131c8b9110

                                                                SHA512

                                                                5cc792c0cdf32c4c893eebc6651aabed7428d2f467b58d3b58ad21dfce9dd4ee0924257b4699297f6d41069f27829ce8b8a711642f3208981761b48382d68b74

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Software.zip
                                                                Filesize

                                                                1.6MB

                                                                MD5

                                                                0e716ebf03f2937d544ecd16508a2606

                                                                SHA1

                                                                13ea3144117ed76c3347d9e29cb4398c329c79d4

                                                                SHA256

                                                                57603d1a9b47fb699a5ec6747eaad408fff65f35bee665bdccff9d09334bd608

                                                                SHA512

                                                                4680687f19fa46d089b5c80c6b83d6822eb70a27ec9586a9d602ac14afda6a918b02adbc3567205378c0fea59715119acb5a32ea16366ebf48382553496ba763

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog.zip
                                                                Filesize

                                                                1.8MB

                                                                MD5

                                                                5ed9543e9f5826ead203316ef0a8863d

                                                                SHA1

                                                                8235c0e7568ec42d6851c198adc76f006883eb4b

                                                                SHA256

                                                                33583a8e2dcf039382e80bfa855944407bcba71976ec41c52810cb8358f42043

                                                                SHA512

                                                                5b4318ddc6953f31531ee8163463259da5546f1018c0fe671280337751f1c57398a5fd28583afba85e93d70167494b8997c23fee121e67bf2f6fb4ca076e9d9f

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote.zip
                                                                Filesize

                                                                1.1MB

                                                                MD5

                                                                9a9b1fd85b5f1dcd568a521399a0d057

                                                                SHA1

                                                                34ed149b290a3a94260d889ba50cb286f1795fa6

                                                                SHA256

                                                                88d5a5a4a1b56963d509989b9be1a914afe3e9ee25c2d786328df85da4a7820d

                                                                SHA512

                                                                7c1259dddff406fdaadb236bf4c7dfb734c9da34fd7bad9994839772e298ebf3f19f02eb0655e773ba82702aa9175337ba4416c561dc2cb604d08e271cc74776

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation.zip
                                                                Filesize

                                                                673KB

                                                                MD5

                                                                4273b6b6cf5856ffbed8ccbb31328892

                                                                SHA1

                                                                cbd8196a984b7da22ec10f4c1b3c835a384a395e

                                                                SHA256

                                                                f8853371616211c2eb21b999dbd4907c005183b34f67f06f3b4acfbf75093df6

                                                                SHA512

                                                                ae11669a9c28d820a7779713fb071a7c07fdbc2199312ea7ad6d61bc3b37e11be8fca720796d982a5eccc1b273a53fd37b9590e118d6101a71f01f3eada358d5

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat.zip
                                                                Filesize

                                                                321KB

                                                                MD5

                                                                d3901e62166e9c42864fe3062cb4d8d5

                                                                SHA1

                                                                c9c19eec0fa04514f2f8b20f075d8f31b78bae70

                                                                SHA256

                                                                dbc0e52e6de93a0567a61c7b1e86daa51fbef725a4a31eef4c9bbff86f43671c

                                                                SHA512

                                                                ae33e57759e573773b9bb79944b09251f0dc4e07cdb8f373ec06963abfc1e6a6326df7f3b5fecf90bd2b060e3cb5a48b913b745cc853ac32d2558a8651c76111

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller.zip
                                                                Filesize

                                                                814KB

                                                                MD5

                                                                9b1f97a41bfb95f148868b49460d9d04

                                                                SHA1

                                                                768031d5e877e347a249dfdeab7c725df941324b

                                                                SHA256

                                                                09491858d849212847e4718d6cc8f2b1bc3caa671ceb165cf522290b960262e4

                                                                SHA512

                                                                9c8929a78cb459f519ace48db494d710efd588a19a7dbea84f46d02563cc9615db8aa78a020f08eca6fa2b99473d15c8192a513b4df8073aef595040d8962ae4

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace.zip
                                                                Filesize

                                                                1.2MB

                                                                MD5

                                                                e74d2a16da1ddb7f9c54f72b8a25897c

                                                                SHA1

                                                                32379af2dc1c1cb998dc81270b7d6be054f7c1a0

                                                                SHA256

                                                                a0c2f9479b5e3da9d7a213ebc59f1dd983881f4fc47a646ffc0a191e07966f46

                                                                SHA512

                                                                52b8de90dc9ca41388edc9ae637d5b4ce5c872538c87cc3e7d45edcf8eff78b0f5743ab4927490abda1cff38f2a19983b7ccc0fe3f854b0eacca9c9ce28eda75

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.ini
                                                                Filesize

                                                                12B

                                                                MD5

                                                                b2d5d511002960697118598e9233b21d

                                                                SHA1

                                                                9f0c9252594d590e47027d9fb6afc34abbd3d6f1

                                                                SHA256

                                                                a7a70e5be36672e698230c01904255958bf3e5d81bb5655ffc8dc9221b6134be

                                                                SHA512

                                                                d773d1c77c59c51270ec4f1357ae227e81ca599a98798001ad2c587f1b54877501128a9895ebdc47a5d0a0372a2804ecdc9fb9b47f1ea53607c54eb74a4a7dd7

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                                Filesize

                                                                48KB

                                                                MD5

                                                                b4a865268d5aca5f93bab91d7d83c800

                                                                SHA1

                                                                95ac9334096f5a38ca1c92df31b1e73ae4586930

                                                                SHA256

                                                                5cbf60b0873660b151cf8cd62e326fe8006d1d0cbde2fad697e7f8ad3f284203

                                                                SHA512

                                                                c46ee29861f7e2a1e350cf32602b4369991510804b4b87985465090dd7af64cf6d8dbfa2300f73b2f90f6af95fc0cb5fd1e444b5ddb41dbc89746f04dca6137b

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                                Filesize

                                                                48KB

                                                                MD5

                                                                f6162e1abeb65491e35e42d161689df3

                                                                SHA1

                                                                b6251100f6f5585db96e463c014b86403fa46f91

                                                                SHA256

                                                                3788a381113cf41f83343328c1cd75356ab959029db329fee7fab2353375a1a1

                                                                SHA512

                                                                8876bc8bbe33ae95d29c2ebe3f1c259496cd3276d16808254d4e39c4b14830dbe3e87ab0c779114e2d8b3d9a90b6642cb1fc1ad497548277565f0f549cec4b24

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                                Filesize

                                                                48KB

                                                                MD5

                                                                c2b40d6a3fb9dca80aea295cfdb7dc75

                                                                SHA1

                                                                28c7df75ef312b2d61f23af2428584e1d7df042c

                                                                SHA256

                                                                c80ed54f98655edecfd0188554a89692451324866985c691f7fddfe0854eaee5

                                                                SHA512

                                                                16af80a6ff123e5f1cd8e8b91eadac570003e950f8c26cc259e2569de0e6418e2f4b688a3e0fbe214b6f5319cc9ab4f4377b02be8baa7c666a86e7d114b522f5

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates.zip
                                                                Filesize

                                                                2.8MB

                                                                MD5

                                                                a5b275a4daa8669700b6e9ce1e2c41d8

                                                                SHA1

                                                                85a982c682d19623010e9d595dbde72fba738161

                                                                SHA256

                                                                cf789fc90c44cb5064de670816131a12cd855c65a735da0f0210e2ca62697e4c

                                                                SHA512

                                                                e18d194855e459a7f7c06a0d2d2f205084f4f5d410b2b8c09db194198a959519b22c892fd712ed2ee3437c4a90f4e76a5c3c48e8f775c612c48981e8c0cdf1e8

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller.zip
                                                                Filesize

                                                                1.1MB

                                                                MD5

                                                                bccad70b35abf4bdd51d2cabe9e2a114

                                                                SHA1

                                                                2d255cb7170b6b592b4849fb9f00b0add0a99c48

                                                                SHA256

                                                                6d25105508b5e94af634d97f1751b9926adcbc5ad86f3bc2d79d26c4712d1c06

                                                                SHA512

                                                                394de4ffe8a9fcf9e4ca6038b3579dc04a6f1c15e8cb3428b10540726aaf563073a893efb14dba1d109af15994a0bf1370a0cd53de5a8c759ee123ed362e0b29

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe.config
                                                                Filesize

                                                                541B

                                                                MD5

                                                                d0efb0a6d260dbe5d8c91d94b77d7acd

                                                                SHA1

                                                                e33a8c642d2a4b3af77e0c79671eab5200a45613

                                                                SHA256

                                                                7d38534766a52326a04972a47caca9c05e95169725d59ab4a995f8a498678102

                                                                SHA512

                                                                a3f1cff570201b8944780cf475b58969332c6af9bea0a6231e59443b05fc96df06a005ff05f78954dbe2fec42da207f6d26025aa558d0a30a36f0df23a44a35c

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.ini
                                                                Filesize

                                                                12B

                                                                MD5

                                                                880d31390a25de6a9cd34463b46c75e6

                                                                SHA1

                                                                837af65938c9606b5de3c6f2195fc3e855554cd7

                                                                SHA256

                                                                425adf50cf113d68bd6aa8dc1015db43422bbc1c977933d5f8c1ecaabf18eb2e

                                                                SHA512

                                                                8e9dd066ff73625a5a55d1ece5ba1e4fb248ab14a32880a3d4d86266176cb4f1c61f8301e1ff49839c283affe877b9fbcd3bc2b9763c08b0b63ba56023c2282b

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools.zip
                                                                Filesize

                                                                670KB

                                                                MD5

                                                                96e50bbca30d75af7b8b40acf8dda817

                                                                SHA1

                                                                4b1255280dff8de8b7be47def58f83f6ec39ded6

                                                                SHA256

                                                                a3ad00ccb61bc87d58eb7977f68130b78a0b95e74d61e6a4624ac114ccde5736

                                                                SHA512

                                                                0034c08cb878b703f272e3fd2734bb928ff1bdba85cf79a151519b019c83bd4d199c80af0aa30db28ef82f7ee68a9d59dcaede92f83bfe8787f6a5d4d5e9817c

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing.zip
                                                                Filesize

                                                                3.1MB

                                                                MD5

                                                                9c8eb5e114c1446f78f1312256ab61e4

                                                                SHA1

                                                                6b820d9158359687e52878d72b6121b295ad6ffd

                                                                SHA256

                                                                3f5eef6b6777c84ebd4d957bf7c0ab096614554453339327286f7535dcc480f5

                                                                SHA512

                                                                2f8c831a7e75ce92fdbe005cd5bd7213850a4f8937ded0712210c69b8e1748732a6222ba5ec26ce9c2ee73b2a3b6e391551bf09b3db2914be5c7096ae7565c9c

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent.zip
                                                                Filesize

                                                                571KB

                                                                MD5

                                                                dec72136e998b6a5b71eefa2b6e8d68b

                                                                SHA1

                                                                a2cdaf23bb441e493fceb7d380730008da5593ee

                                                                SHA256

                                                                106fa7ff5a149f345af041964b7339814b08bf3a26fa922908b94bc806f53662

                                                                SHA512

                                                                b99fa42bf18436d26071f48dd921145fbd8a54f5c62f01204bfb454ccd56aa336fe5147502deea7200b5fbdadbf774af2f0171374de964c8ed5877a30a37b3fc

                                                                Download Submit

                                                              • C:\Program Files\dotnet\dotnet.exe
                                                                Filesize

                                                                143KB

                                                                MD5

                                                                71026b098f8fb39c88b003df746d9fa0

                                                                SHA1

                                                                013ca259f551ad6f33db53fff0e121e74408e20e

                                                                SHA256

                                                                11058e8c2cd05f30dcf1775644bf19d2913c9a6d674c12f91d1896d95d9cc5c2

                                                                SHA512

                                                                9830be3444225a4b2f9fa4aedbc8af4f45fdb2548f0b6a2eba2a2a407ea3c7d8fd78c0e37fac66cafbdfad781ae78b076d225fd5c836a451f57a54053ccef9ad

                                                                Download Submit

                                                              • C:\ProgramData\Splashtop\Splashtop Remote Server\Credential\53bc0cb99c22ae1e3dd61c2aa47819da
                                                                Filesize

                                                                16KB

                                                                MD5

                                                                b2e89027a140a89b6e3eb4e504e93d96

                                                                SHA1

                                                                f3b1b34874b73ae3032decb97ef96a53a654228f

                                                                SHA256

                                                                5f97b3a9d3702d41e15c0c472c43bea25f825401adbc6e0e1425717e75174982

                                                                SHA512

                                                                93fc993af1c83f78fd991cc3d145a81ee6229a89f2c70e038c723032bf5ad12d9962309005d94cdbe0ef1ab11dc5205f57bcf1bc638ee0099fedf88977b99a19

                                                                Download Submit

                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_93E8F0A6DF0B1F1414474691911362FC
                                                                Filesize

                                                                727B

                                                                MD5

                                                                f70c78af15f64b6bbe31a21c45d24d03

                                                                SHA1

                                                                176400de9b70caf7b0522c5ed0c28cfa6124e026

                                                                SHA256

                                                                88aecc13f1b8440fbd6a6d2e60dfc59835dbb7178bf18cbb9659e1fcf8c77d2f

                                                                SHA512

                                                                eba6ffdcde3f943386b0ff47ab055d8526f3baf4edb499b067184beca131a60b40ffd0f197a426bc0aa20536a11b78aea347b552f4f4d9c8c99e9f6836aee414

                                                                Download Submit

                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_93E8F0A6DF0B1F1414474691911362FC
                                                                Filesize

                                                                412B

                                                                MD5

                                                                73565fed70e4334bee3a65712610bdeb

                                                                SHA1

                                                                2426a0d1c979f32d914c49723ba612a38735ebd3

                                                                SHA256

                                                                d77bda568de08b423113672936b970c225132e6fe7dab15e5ea1a81bad264f92

                                                                SHA512

                                                                1682a3e8ca846916d25a68af51bcfc8ee9cd1c7e6146a34f961502935da47e3effe4e86f8b2e61fe5c9685e8c86dcdcc0c4df7605d65eb66815230fa1cbf3fa0

                                                                Download Submit

                                                              • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log
                                                                Filesize

                                                                651B

                                                                MD5

                                                                9bbfe11735bac43a2ed1be18d0655fe2

                                                                SHA1

                                                                61141928bb248fd6e9cd5084a9db05a9b980fb3a

                                                                SHA256

                                                                549953bd4fc8acc868a9374ec684ebd9e7b23939adf551016f3433b642697b74

                                                                SHA512

                                                                a78c52b2ddc057dabf260eeb744b9f55eab3374ad96e1938a291d2b17f204a0d6e1aa02802de75f0b2cd6d156540d2ddee15e889b89d5e619207054df4c1d483

                                                                Download Submit

                                                              • C:\Windows\Installer\MSI4F97.tmp
                                                                Filesize

                                                                219KB

                                                                MD5

                                                                928f4b0fc68501395f93ad524a36148c

                                                                SHA1

                                                                084590b18957ca45b4a0d4576d1cc72966c3ea10

                                                                SHA256

                                                                2bf33a9b9980e44d21d48f04cc6ac4eed4c68f207bd5990b7d3254a310b944ae

                                                                SHA512

                                                                7f2163f651693f9b73a67e90b5c820af060a23502667a5c32c3beb2d6b043f5459f22d61072a744089d622c05502d80f7485e0f86eb6d565ff711d5680512372

                                                                Download Submit

                                                              • C:\Windows\Installer\MSI6F63.tmp
                                                                Filesize

                                                                509KB

                                                                MD5

                                                                88d29734f37bdcffd202eafcdd082f9d

                                                                SHA1

                                                                823b40d05a1cab06b857ed87451bf683fdd56a5e

                                                                SHA256

                                                                87c97269e2b68898be87b884cd6a21880e6f15336b1194713e12a2db45f1dccf

                                                                SHA512

                                                                1343ed80dccf0fa4e7ae837b68926619d734bc52785b586a4f4102d205497d2715f951d9acacc8c3e5434a94837820493173040dc90fb7339a34b6f3ef0288d0

                                                                Download Submit

                                                              • C:\Windows\Installer\MSI6F63.tmp-\AlphaControlAgentInstallation.dll
                                                                Filesize

                                                                25KB

                                                                MD5

                                                                aa1b9c5c685173fad2dabebeb3171f01

                                                                SHA1

                                                                ed756b1760e563ce888276ff248c734b7dd851fb

                                                                SHA256

                                                                e44a6582cd3f84f4255d3c230e0a2c284e0cffa0ca5e62e4d749e089555494c7

                                                                SHA512

                                                                d3bfb4bd7e7fdb7159fbfc14056067c813ce52cdd91e885bdaac36820b5385fb70077bf58ec434d31a5a48245eb62b6794794618c73fe7953f79a4fc26592334

                                                                Download Submit

                                                              • C:\Windows\Installer\MSI6F63.tmp-\Microsoft.Deployment.WindowsInstaller.dll
                                                                Filesize

                                                                179KB

                                                                MD5

                                                                1a5caea6734fdd07caa514c3f3fb75da

                                                                SHA1

                                                                f070ac0d91bd337d7952abd1ddf19a737b94510c

                                                                SHA256

                                                                cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

                                                                SHA512

                                                                a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

                                                                Download Submit

                                                              • C:\Windows\Installer\MSI71B6.tmp-\CustomAction.config
                                                                Filesize

                                                                1KB

                                                                MD5

                                                                bc17e956cde8dd5425f2b2a68ed919f8

                                                                SHA1

                                                                5e3736331e9e2f6bf851e3355f31006ccd8caa99

                                                                SHA256

                                                                e4ff538599c2d8e898d7f90ccf74081192d5afa8040e6b6c180f3aa0f46ad2c5

                                                                SHA512

                                                                02090daf1d5226b33edaae80263431a7a5b35a2ece97f74f494cc138002211e71498d42c260395ed40aee8e4a40474b395690b8b24e4aee19f0231da7377a940

                                                                Download Submit

                                                              • C:\Windows\Installer\MSI71B6.tmp-\Newtonsoft.Json.dll
                                                                Filesize

                                                                695KB

                                                                MD5

                                                                715a1fbee4665e99e859eda667fe8034

                                                                SHA1

                                                                e13c6e4210043c4976dcdc447ea2b32854f70cc6

                                                                SHA256

                                                                c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

                                                                SHA512

                                                                bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

                                                                Download Submit

                                                              • C:\Windows\Installer\MSI792B.tmp
                                                                Filesize

                                                                211KB

                                                                MD5

                                                                a3ae5d86ecf38db9427359ea37a5f646

                                                                SHA1

                                                                eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

                                                                SHA256

                                                                c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

                                                                SHA512

                                                                96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

                                                                Download Submit

                                                              • C:\Windows\Installer\MSI7FC9.tmp-\System.Management.dll
                                                                Filesize

                                                                60KB

                                                                MD5

                                                                878e361c41c05c0519bfc72c7d6e141c

                                                                SHA1

                                                                432ef61862d3c7a95ab42df36a7caf27d08dc98f

                                                                SHA256

                                                                24de61b5cab2e3495fe8d817fb6e80094662846f976cf38997987270f8bbae40

                                                                SHA512

                                                                59a7cbb9224ee28a0f3d88e5f0c518b248768ff0013189c954a3012463e5c0ba63a7297497131c9c0306332646af935dd3a1acf0d3e4e449351c28ec9f1be1fa

                                                                Download Submit

                                                              • C:\Windows\Installer\MSID88C.tmp
                                                                Filesize

                                                                4.5MB

                                                                MD5

                                                                08211c29e0d617a579ffa2c41bde1317

                                                                SHA1

                                                                4991dae22d8cdc6ca172ad1846010e3d9e35c301

                                                                SHA256

                                                                3334a7025ff6cd58d38155a8f9b9867f1a2d872964c72776c9bf4c50f51f9621

                                                                SHA512

                                                                d6ae36a09745fdd6d0d508b18eb9f3499a06a7eeafa0834bb47a7004f4b7d54f15fec0d0a45b7e6347a85c8091ca52fe4c679f6f23c3668efe75a660a8ce917f

                                                                Download Submit

                                                              • C:\Windows\Installer\e576ef6.msi
                                                                Filesize

                                                                2.9MB

                                                                MD5

                                                                4166a7fc9a5726e2a468dc7e053b2a24

                                                                SHA1

                                                                fa2e7de96f5f4cafdc95767c4e8adee460d0399e

                                                                SHA256

                                                                f2cf1589f2c34fb845c7514db1a07ade8e5f5b786e690f795507fdedc871fd3c

                                                                SHA512

                                                                b5676a7e71ea5764946c436ee2816345dbd263f90ffb00a2b69558a1c1419324f6ef6d6a5f5a0d3de492a491725d9d1e9ad21af0302a12fe8c9220c8f0665b69

                                                                Download Submit

                                                              • C:\Windows\Installer\e576f03.msi
                                                                Filesize

                                                                26.3MB

                                                                MD5

                                                                b9c6d23462adef092b8a5b7880531b03

                                                                SHA1

                                                                9e8c4f7f48d38fb54a93789a583852869c074f2d

                                                                SHA256

                                                                2e23da54aa1ff64de09021ab089c1be6d4a323bdf0d8f46f78b5c6a33df83109

                                                                SHA512

                                                                18623991c5690e516541eaf867f22b3a1a02317392178943143bedc7f7eda5e02e69665c3c4a5fa50ade516a191bbbf16fd71e60f3225f660fb10ebc25cd01a5

                                                                Download Submit

                                                              • C:\Windows\Installer\e576f04.msi
                                                                Filesize

                                                                772KB

                                                                MD5

                                                                d73de5788ab129f16afdd990d8e6bfa9

                                                                SHA1

                                                                88cb87af50ea4999e2079d9269ce64c8eb1a584e

                                                                SHA256

                                                                4f9ac5a094e9b1b4f0285e6e69c2e914e42dcc184dfe6fe93894f8e03ca6c193

                                                                SHA512

                                                                bfc32f9a20e30045f5207446c6ab6e8ef49a3fd7a5a41491c2242e10fee8efd2f82f81c3ff3bf7681e5e660fde065a315a89d87e9f488c863421fe1d6381ba3b

                                                                Download Submit

                                                              • C:\Windows\System32\DriverStore\Temp\{63cb23da-bd64-9b43-a849-1f43652557db}\lci_iddcx.cat
                                                                Filesize

                                                                10KB

                                                                MD5

                                                                62458e58313475c9a3642a392363e359

                                                                SHA1

                                                                e63a3866f20e8c057933ba75d940e5fd2bf62bc6

                                                                SHA256

                                                                85620d87874f27d1aaf1743c0ca47e210c51d9afd0c9381fc0cd8acca3854562

                                                                SHA512

                                                                49fb8ca58aecf97a6ab6b97de7d367accb7c5be76fbcd324af4ce75efe96642e8c488f273c0363250f7a5bcea7f7055242d28fd4b1f130b68a1a5d9a078e7fad

                                                                Download Submit

                                                              • C:\Windows\System32\DriverStore\Temp\{63cb23da-bd64-9b43-a849-1f43652557db}\lci_iddcx.inf
                                                                Filesize

                                                                4KB

                                                                MD5

                                                                1cec22ca85e1b5a8615774fca59a420b

                                                                SHA1

                                                                049a651751ef38321a1088af6a47c4380f9293fc

                                                                SHA256

                                                                60a018f46d17b7640fc34587667cd852a16fa8e82f957a69522637f22e5fe5cf

                                                                SHA512

                                                                0f24fe3914aef080a0d109df6cfac548a880947fb85e7490f0d8fa174a606730b29dc8d2ae10525dba4d1ca05ac9b190e4704629b86ac96867188df4ca3168bb

                                                                Download Submit

                                                              • C:\Windows\System32\DriverStore\Temp\{63cb23da-bd64-9b43-a849-1f43652557db}\x64\lci_iddcx.dll
                                                                Filesize

                                                                52KB

                                                                MD5

                                                                01e8bc64139d6b74467330b11331858d

                                                                SHA1

                                                                b6421a1d92a791b4d4548ab84f7140f4fc4eb829

                                                                SHA256

                                                                148359a84c637d05c20a58f5038d8b2c5390f99a5a229be8eccbb5f85e969438

                                                                SHA512

                                                                4099e8038d65d95d3f00fd32eba012f55ae16d0da3828e5d689ef32e20352fdfcc278cd6f78536dc7f28fb97d07185e654fe6eee610822ea8d9e9d5af696dff5

                                                                Download Submit

                                                              • C:\Windows\System32\DriverStore\Temp\{a640a265-6ff0-784b-93df-58c72fb1ac5f}\lci_proxywddm.cat
                                                                Filesize

                                                                12KB

                                                                MD5

                                                                8e16d54f986dbe98812fd5ec04d434e8

                                                                SHA1

                                                                8bf49fa8e12f801559cc2869365f0b184d7f93fe

                                                                SHA256

                                                                7c772fb24326e90d6e9c60a08495f32f7d5def1c52037d78cbd0436ad70549cd

                                                                SHA512

                                                                e1da797044663ad6362641189fa78116cc4b8e611f9d33c89d6c562f981d5913920acb12a4f7ef6c1871490563470e583910045378bda5c7a13db25f987e9029

                                                                Download Submit

                                                              • C:\Windows\System32\DriverStore\Temp\{a640a265-6ff0-784b-93df-58c72fb1ac5f}\lci_proxywddm.inf
                                                                Filesize

                                                                2KB

                                                                MD5

                                                                0315a579f5afe989154cb7c6a6376b05

                                                                SHA1

                                                                e352ff670358cf71e0194918dfe47981e9ccbb88

                                                                SHA256

                                                                d10fa136d6ae9a15216202e4dd9f787b3a148213569e438da3bf82b618d8001d

                                                                SHA512

                                                                c7ce8278bc5ee8f8b4738ef8bb2c0a96398b40dc65eea1c28688e772ae0f873624311146f4f4ec8971c91df57983d2d8cdbec1fe98eaa7f9d15a2c159d80e0af

                                                                Download Submit

                                                              • C:\Windows\System32\DriverStore\Temp\{a640a265-6ff0-784b-93df-58c72fb1ac5f}\x64\lci_proxyumd.dll
                                                                Filesize

                                                                179KB

                                                                MD5

                                                                4dc11547a5fc28ca8f6965fa21573481

                                                                SHA1

                                                                d531b0d8d2f8d49d81a4c17fbaf3bc294845362c

                                                                SHA256

                                                                e9db5cd21c8d709a47fc0cfb2c6ca3bb76a3ed8218bed5dc37948b3f9c7bd99d

                                                                SHA512

                                                                bd0f0a3bbc598480a9b678aa1b35728b2380bf57b195b0249936d0eaaa014f219031a563f486871099bf1c78ccc758f6b25b97cfc5296a73fc60b6caff9877f6

                                                                Download Submit

                                                              • C:\Windows\System32\DriverStore\Temp\{a640a265-6ff0-784b-93df-58c72fb1ac5f}\x64\lci_proxyumd32.dll
                                                                Filesize

                                                                135KB

                                                                MD5

                                                                67ae7b2c36c9c70086b9d41b4515b0a8

                                                                SHA1

                                                                ba735d6a338c8fdfa61c98f328b97bf3e8e48b8b

                                                                SHA256

                                                                79876f242b79269fe0fe3516f2bdb0a1922c86d820ce1dd98500b385511dac69

                                                                SHA512

                                                                4d8320440f3472ee0e9bd489da749a738370970de07b0920b535642723c92de848f4b3d7f898689c817145ce7b08f65128abe91d816827aeb7e5e193d7027078

                                                                Download Submit

                                                              • C:\Windows\System32\DriverStore\Temp\{a640a265-6ff0-784b-93df-58c72fb1ac5f}\x64\lci_proxywddm.sys
                                                                Filesize

                                                                119KB

                                                                MD5

                                                                b9b0e9b4d93b18b99ece31a819d71d00

                                                                SHA1

                                                                2be1ad570f3ccb2e6f2e2b16d1e0002ca4ec8d9e

                                                                SHA256

                                                                0f1c64c0fa08fe45beac15dc675d3b956525b8f198e92e0ccac21d2a70ce42cf

                                                                SHA512

                                                                465e389806f3b87a544ab8b0b7b49864feeba2eeef4fb51628d40175573ed1ba00b26d6a2abebc74c31369194206ed31d32c68471dddcf817fdd2d26e3da7a53

                                                                Download Submit

                                                              • C:\Windows\Temp\B7C5EA94-B96A-41F5-BE95-25D78B486678-20-50-48.dat
                                                                Filesize

                                                                602B

                                                                MD5

                                                                ccc8ab9d983d7202288ea626a21c3003

                                                                SHA1

                                                                8ab5cadad6f85a2efcc953befe2f1cf5b7b644a4

                                                                SHA256

                                                                b22f3bfb161738a794f4219cc91b29d5625458c77df238a824d6b8feb76cbfb0

                                                                SHA512

                                                                a02045d31740541556b35ec5c12a2130aff77844ec5e7b64e03cc260d9a8b6c9fce387f9987b619e4ae5238dd3dfd9085da36ed0d451c7a595c500f993a31700

                                                                Download Submit

                                                              • C:\Windows\Temp\InstallUtil.log
                                                                Filesize

                                                                4KB

                                                                MD5

                                                                baec22cf54df8c2f960cb975271e778c

                                                                SHA1

                                                                36de8f690b4a59ab7059dc352100cd23233565cb

                                                                SHA256

                                                                83e8782b992bc57c361d1f43ef80fee0aa2b7362420538f64e4e0dee8da5174e

                                                                SHA512

                                                                8ce42c227aec6187e6e9a70b6e4b30ec2266d632afe3b721153f8bc8283fff4baa01411c938b5c3ebd29b9b8e32c88d805250dc5565d05bbb28d65836237274e

                                                                Download Submit

                                                              • C:\Windows\Temp\InstallUtil.log
                                                                Filesize

                                                                708B

                                                                MD5

                                                                fbed015fe94abf49de72903690283d17

                                                                SHA1

                                                                3c606ce1ceb0022d09c6fdf630db42ae310250bd

                                                                SHA256

                                                                7d5a5ce0707a0e969ec863f0285b321c7109b520844683bbbe41af9154a0c265

                                                                SHA512

                                                                d10638f541400fffda2de5b20f2d9f71f8796bd8d4566bbab3925b62abc0995731c978a7a64d97dd2c5c79327837a51891a142efe4ed1cbe7a4cb68e1c9d5947

                                                                Download Submit

                                                              • C:\Windows\Temp\PreVer.log
                                                                Filesize

                                                                2KB

                                                                MD5

                                                                72e962b98bee0203dba3ad7a5802433c

                                                                SHA1

                                                                b7b7c80ab8e69f21fed87546f19817324b7edfd8

                                                                SHA256

                                                                4f3101cf58162d4371c2988d45d8ab6c9f7a696cd4da56179d2123c805a9d8bd

                                                                SHA512

                                                                f346920336c0da4ed570f013a10ae50cf71954d2282fcd48afcc5cfb852164e917e5541746f4a7960784fd3dad32185ab4aa6bd677b4c1247bad14a7ce1fc062

                                                                Download Submit

                                                              • C:\Windows\Temp\__PSScriptPolicyTest_1jlmokol.2aw.ps1
                                                                Filesize

                                                                60B

                                                                MD5

                                                                d17fe0a3f47be24a6453e9ef58c94641

                                                                SHA1

                                                                6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                SHA256

                                                                96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                SHA512

                                                                5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                Download Submit

                                                              • C:\Windows\Temp\unpack.log
                                                                Filesize

                                                                2KB

                                                                MD5

                                                                8c8f0d411f7affe02920ec8781385549

                                                                SHA1

                                                                39ffafff1662257fffaed999ab6f33463455dc5d

                                                                SHA256

                                                                a46eeac9f62bd96e4418a853c964248cb10a993416c092b287e8c1e8876c7e38

                                                                SHA512

                                                                3838ea3ec325fb5ccd7132f8252f6ddc9a9aa6aec833860b2ee93a95a8a8ff1124044c08d28126cc1f5fad9374125b10a18e8c51adc2b0b8aac9cd62d4549217

                                                                Download Submit

                                                              • C:\Windows\Temp\unpack.log
                                                                Filesize

                                                                4KB

                                                                MD5

                                                                6402dd0cd5ea5760eebb118d22710a6f

                                                                SHA1

                                                                8b58e7e7341e9b83a17476ca5971ba1485c945c6

                                                                SHA256

                                                                9c20308f70637ff9d26d73c202ec4c8c53b9bb46ce93c624f3d5165b4f0eb52b

                                                                SHA512

                                                                aa1d59b12d7cf7fc08d6f7ce16dd7db5c6efcd622c3db592b1887c01584012f85b83065de36d72e64e6252b0e9c91dedfc0003a2290e5b90b00128907104e20f

                                                                Download Submit

                                                              • C:\Windows\Temp\unpack\PreVerCheck.exe
                                                                Filesize

                                                                3.2MB

                                                                MD5

                                                                2c18826adf72365827f780b2a1d5ea75

                                                                SHA1

                                                                a85b5eae6eba4af001d03996f48d97f7791e36eb

                                                                SHA256

                                                                ae06a5a23b6c61d250e8c28534ed0ffa8cc0c69b891c670ffaf54a43a9bf43be

                                                                SHA512

                                                                474fce1ec243b9f63ea3d427eb1117ad2ebc5a122f64853c5015193e6727ffc8083c5938117b66e572da3739fd0a86cd5bc118f374c690fa7a5fe9f0c071c167

                                                                Download Submit

                                                              • C:\Windows\Temp\{2E622935-99D9-4D09-AAB8-32113DCE90F6}\IsConfig.ini
                                                                Filesize

                                                                571B

                                                                MD5

                                                                d239b8964e37974225ad69d78a0a8275

                                                                SHA1

                                                                cf208e98a6f11d1807cd84ca61504ad783471679

                                                                SHA256

                                                                0ce4b4c69344a2d099dd6ca99e44801542fa2011b5505dd9760f023570049b73

                                                                SHA512

                                                                88eb06ae80070203cb7303a790ba0e8a63c503740ca6e7d70002a1071c89b640f9b43f376ddc3c9d6ee29bae0881f736fa71e677591416980b0a526b27ee41e8

                                                                Download Submit

                                                              • C:\Windows\Temp\{2E622935-99D9-4D09-AAB8-32113DCE90F6}\String1033.txt
                                                                Filesize

                                                                182KB

                                                                MD5

                                                                99bbffd900115fe8672c73fb1a48a604

                                                                SHA1

                                                                8f587395fa6b954affef337c70781ce00913950e

                                                                SHA256

                                                                57ceff2d980d9224c53a910a6f9e06475dc170f42a0070ae4934868ccd13d2dc

                                                                SHA512

                                                                d578b1931a8daa1ef0f0238639a0c1509255480b5dbd464c639b4031832e2e7537f003c646d7bd65b75e721a7ad584254b4dfa7efc41cf6c8fbd6b72d679eeff

                                                                Download Submit

                                                              • C:\Windows\Temp\{2E622935-99D9-4D09-AAB8-32113DCE90F6}\_isCBAD.exe
                                                                Filesize

                                                                179KB

                                                                MD5

                                                                7a1c100df8065815dc34c05abc0c13de

                                                                SHA1

                                                                3c23414ae545d2087e5462a8994d2b87d3e6d9e2

                                                                SHA256

                                                                e46c768950aad809d04c91fb4234cb4b2e7d0b195f318719a71e967609e3bbed

                                                                SHA512

                                                                bbec114913bc2f92e8de7a4dd9513bff31f6b0ef4872171b9b6b63fef7faa363cf47e63e2d710dd32e9fc84c61f828e0fae3d48d06b76da023241bee9d4a6327

                                                                Download Submit

                                                              • C:\Windows\Temp\{2E622935-99D9-4D09-AAB8-32113DCE90F6}\setup.inx
                                                                Filesize

                                                                345KB

                                                                MD5

                                                                0376dd5b7e37985ea50e693dc212094c

                                                                SHA1

                                                                02859394164c33924907b85ab0aaddc628c31bf1

                                                                SHA256

                                                                c9e6af6fb0bdbeb532e297436a80eb92a2ff7675f9c777c109208ee227f73415

                                                                SHA512

                                                                69d79d44908f6305eee5d8e6f815a0fee0c6d913f4f40f0c2c9f2f2e50f24bf7859ebe12c85138d971e5db95047f159f077ae687989b8588f76517cab7d3e0d5

                                                                Download Submit

                                                              • C:\Windows\Temp\{4B4AB557-FA08-483D-A8EF-FEB348D11A53}\.ba\BootstrapperApplicationData.xml
                                                                Filesize

                                                                6KB

                                                                MD5

                                                                4487aea1acc637f079c0b95cc52556ce

                                                                SHA1

                                                                dc4dcc5bd9824e212ab4439632f8d79e5bfcb34f

                                                                SHA256

                                                                062c872144b676d3557be20f17acaf98eb0015b135576f3b30a966bc9e0df4ff

                                                                SHA512

                                                                8f8915bbc50e14df1969b3e20df22dc968847e0a15aa6a85b7f1d6dbb2f3fbc87c1018d0605292d64d4d3405d74ea6e904bcea04ec060f3589443005ec997311

                                                                Download Submit

                                                              • C:\Windows\Temp\{4B4AB557-FA08-483D-A8EF-FEB348D11A53}\.ba\thm.xml
                                                                Filesize

                                                                11KB

                                                                MD5

                                                                03cf60952e7b59460fd22807e8cb28e1

                                                                SHA1

                                                                5f4454019c5f33059ae53522ffb534eef815a5f5

                                                                SHA256

                                                                af7c42ac777b45751763bceaf8604fa5b842b096da4d1370158a1c3422713555

                                                                SHA512

                                                                bfb3c642759522cd4fd8c784909e97c38e6c44cced11d70167d0e243d8da12555a94aa2cd9978745849fa5233a1915485d3e1cb011d985c92a115e44a11b7140

                                                                Download Submit

                                                              • C:\Windows\Temp\{514F1402-2909-4B0F-B696-3CFBC2CE06BE}\.ba\1033\thm.wxl
                                                                Filesize

                                                                5KB

                                                                MD5

                                                                34d0c531eed48550be3d877290ad2553

                                                                SHA1

                                                                7983955032f9e7d2ee72cabc644a14c892a92289

                                                                SHA256

                                                                0d2abde2e4974cc8b7231f017975180d67592ee6d3418cd6dc52e2bc4bf03e50

                                                                SHA512

                                                                0c9d916ac420c6a27e723d8bab2db80372cc6303c79a6e1c3b2bd462711b711f2cc45fae43ceb2ce603708c884b0ec6bb7217981ef2a03e0fc3e6c6916716e7a

                                                                Download Submit

                                                              • C:\Windows\Temp\{514F1402-2909-4B0F-B696-3CFBC2CE06BE}\.ba\wixstdba.dll
                                                                Filesize

                                                                190KB

                                                                MD5

                                                                f1919c6bd85d7a78a70c228a5b227fbe

                                                                SHA1

                                                                71647ebf4e7bed3bc1663d520419ac550fe630ff

                                                                SHA256

                                                                dcea15f3710822ffc262e62ec04cc7bbbf0f33f5d1a853609fbfb65cb6a45640

                                                                SHA512

                                                                c7ff9b19c9bf320454a240c6abbc382950176a6befce05ea73150eeb0085d0b6ed5b65b2dcb4b04621ef9cca1d5c4e59c6682b9c85d1d5845e5ce3e5eedfd2eb

                                                                Download Submit

                                                              • C:\Windows\Temp\{76BA7730-3DC5-41B0-B223-2C9FB9B24355}\.ba\bg.png
                                                                Filesize

                                                                4KB

                                                                MD5

                                                                9eb0320dfbf2bd541e6a55c01ddc9f20

                                                                SHA1

                                                                eb282a66d29594346531b1ff886d455e1dcd6d99

                                                                SHA256

                                                                9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79

                                                                SHA512

                                                                9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

                                                                Download Submit

                                                              • C:\Windows\Temp\{76BA7730-3DC5-41B0-B223-2C9FB9B24355}\.be\dotnet-runtime-8.0.11-win-x64.exe
                                                                Filesize

                                                                607KB

                                                                MD5

                                                                669de3ab32955e69decfe13a3c89891e

                                                                SHA1

                                                                ab2e90613c8b9261f022348ca11952a29f9b2c73

                                                                SHA256

                                                                2240e6318171b3cddcee6a801488f59145c1f54ca123068c2a73564535954677

                                                                SHA512

                                                                be5d737a7d25cc779736b60b1ea59982593f0598e207340219a13fd9572d140cfbcd112e3cf93e3be6085fe284a54d4458563e6f6e4e1cfe7c919685c9ee5442

                                                                Download Submit

                                                              • C:\Windows\Temp\{C1C3DED6-860A-463E-B03A-515F8E74AF04}\ISRT.dll
                                                                Filesize

                                                                427KB

                                                                MD5

                                                                85315ad538fa5af8162f1cd2fce1c99d

                                                                SHA1

                                                                31c177c28a05fa3de5e1f934b96b9d01a8969bba

                                                                SHA256

                                                                70735b13f629f247d6af2be567f2da8112039fbced5fbb37961e53a2a3ec1ec7

                                                                SHA512

                                                                877eb3238517eeb87c2a5d42839167e6c58f9ca7228847db3d20a19fb13b176a6280c37decda676fa99a6ccf7469569ddc0974eccf4ad67514fdedf9e9358556

                                                                Download Submit

                                                              • C:\Windows\Temp\{C1C3DED6-860A-463E-B03A-515F8E74AF04}\_isres_0x0409.dll
                                                                Filesize

                                                                1.8MB

                                                                MD5

                                                                befe2ef369d12f83c72c5f2f7069dd87

                                                                SHA1

                                                                b89c7f6da1241ed98015dc347e70322832bcbe50

                                                                SHA256

                                                                9652ffae3f5c57d1095c6317ab6d75a9c835bb296e7c8b353a4d55d55c49a131

                                                                SHA512

                                                                760631b05ef79c308570b12d0c91c1d2a527427d51e4e568630e410b022e4ba24c924d6d85be6462ba7f71b2f0ba05587d3ec4b8f98fcdb8bb4f57949a41743b

                                                                Download Submit

                                                              • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                                Filesize

                                                                727B

                                                                MD5

                                                                a7cd85326cc2e0bd3105bb674fe0c990

                                                                SHA1

                                                                55a3ce73b7d79d131b8c14dde12196a6ac948e2c

                                                                SHA256

                                                                e4725a253af44079f091cbbb5d63070585cdf3d831271607e2a1070e2f6aad2c

                                                                SHA512

                                                                c001387281ef078331899740dd4555ee465506743ce42840bb7b3efa47dafceae56da1dc3e24bac7a6a15267d2a10e94ee74f63c31ed8f242a2a81dd8c8cca86

                                                                Download Submit

                                                              • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                                Filesize

                                                                412B

                                                                MD5

                                                                60adb22e83d17779fabe5168dc129f17

                                                                SHA1

                                                                c7d5a60b8a0a923a160c8e93acd939161390d52b

                                                                SHA256

                                                                6d7f2bf531824a5f72bbdbc47c43862e7fb5b5efcf4da9503e154b0bb61ea1cb

                                                                SHA512

                                                                b9ce3e07804cad892ee9f91ebe6c8793d74185c2d12ee1ae06769c214cca1dc83ca7167e86697b31334fcab7e0b335f9e2afad7f4e1c71b2dbe1a952dc4e324b

                                                                Download Submit

                                                              • C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log
                                                                Filesize

                                                                1KB

                                                                MD5

                                                                9cad061ddf5ad182cfe7879190aeed71

                                                                SHA1

                                                                cfd292d16d937f95b642527464403b7e5ef6af96

                                                                SHA256

                                                                b2d273fa926ebf6946e69e8808ad332db42bc65f449748082e088aa732e408ca

                                                                SHA512

                                                                df517d66358f441a7c4c690cd90e214f18d490e3de767dd76164effaa179b1dd865a0056d68ce3ab6aee55917465c7f39146e7694b1ac475fcc95c280fb29e92

                                                                Download Submit

                                                              • memory/640-1745-0x00000242A5F10000-0x00000242A5F1C000-memory.dmp

                                                                Filesize

                                                                48KB

                                                                Download

                                                              • memory/640-1751-0x00000242A6750000-0x00000242A6768000-memory.dmp

                                                                Filesize

                                                                96KB

                                                                Download

                                                              • memory/640-1756-0x00000242A6770000-0x00000242A6790000-memory.dmp

                                                                Filesize

                                                                128KB

                                                                Download

                                                              • memory/640-1752-0x00000242BF120000-0x00000242BF1D2000-memory.dmp

                                                                Filesize

                                                                712KB

                                                                Download

                                                              • memory/1104-1908-0x000001F4446C0000-0x000001F444714000-memory.dmp

                                                                Filesize

                                                                336KB

                                                                Download

                                                              • memory/1104-1677-0x000001F42B9A0000-0x000001F42B9BC000-memory.dmp

                                                                Filesize

                                                                112KB

                                                                Download

                                                              • memory/1104-1678-0x000001F444780000-0x000001F444832000-memory.dmp

                                                                Filesize

                                                                712KB

                                                                Download

                                                              • memory/1104-1674-0x000001F42B5D0000-0x000001F42B5E2000-memory.dmp

                                                                Filesize

                                                                72KB

                                                                Download

                                                              • memory/1188-1759-0x000001D89D180000-0x000001D89D190000-memory.dmp

                                                                Filesize

                                                                64KB

                                                                Download

                                                              • memory/1188-1761-0x000001D89D9B0000-0x000001D89D9CC000-memory.dmp

                                                                Filesize

                                                                112KB

                                                                Download

                                                              • memory/1188-1904-0x000001D89D9D0000-0x000001D89D9D8000-memory.dmp

                                                                Filesize

                                                                32KB

                                                                Download

                                                              • memory/1188-1895-0x000001D8B6470000-0x000001D8B654C000-memory.dmp

                                                                Filesize

                                                                880KB

                                                                Download

                                                              • memory/1188-1760-0x000001D89DB60000-0x000001D89DBAA000-memory.dmp

                                                                Filesize

                                                                296KB

                                                                Download

                                                              • memory/1188-1896-0x000001D8B6550000-0x000001D8B6602000-memory.dmp

                                                                Filesize

                                                                712KB

                                                                Download

                                                              • memory/1400-93-0x0000000005450000-0x00000000054B6000-memory.dmp

                                                                Filesize

                                                                408KB

                                                                Download

                                                              • memory/1608-363-0x00000227AA330000-0x00000227AA398000-memory.dmp

                                                                Filesize

                                                                416KB

                                                                Download

                                                              • memory/1608-359-0x00000227AA270000-0x00000227AA322000-memory.dmp

                                                                Filesize

                                                                712KB

                                                                Download

                                                              • memory/1608-354-0x00000227A9F10000-0x00000227A9F5C000-memory.dmp

                                                                Filesize

                                                                304KB

                                                                Download

                                                              • memory/1608-352-0x0000022791630000-0x000002279167A000-memory.dmp

                                                                Filesize

                                                                296KB

                                                                Download

                                                              • memory/1608-357-0x0000022791690000-0x000002279169A000-memory.dmp

                                                                Filesize

                                                                40KB

                                                                Download

                                                              • memory/1608-358-0x00000227AA190000-0x00000227AA26C000-memory.dmp

                                                                Filesize

                                                                880KB

                                                                Download

                                                              • memory/1608-362-0x00000227AA0E0000-0x00000227AA0E8000-memory.dmp

                                                                Filesize

                                                                32KB

                                                                Download

                                                              • memory/1608-360-0x00000227AA0C0000-0x00000227AA0C8000-memory.dmp

                                                                Filesize

                                                                32KB

                                                                Download

                                                              • memory/1608-351-0x0000022790D70000-0x0000022790DD6000-memory.dmp

                                                                Filesize

                                                                408KB

                                                                Download

                                                              • memory/1608-366-0x00000227AA0F0000-0x00000227AA116000-memory.dmp

                                                                Filesize

                                                                152KB

                                                                Download

                                                              • memory/1608-355-0x00000227A9F60000-0x00000227A9FA8000-memory.dmp

                                                                Filesize

                                                                288KB

                                                                Download

                                                              • memory/1608-361-0x00000227AA0D0000-0x00000227AA0D8000-memory.dmp

                                                                Filesize

                                                                32KB

                                                                Download

                                                              • memory/1608-364-0x00000227AA120000-0x00000227AA14A000-memory.dmp

                                                                Filesize

                                                                168KB

                                                                Download

                                                              • memory/1608-365-0x00000227AA3E0000-0x00000227AA41A000-memory.dmp

                                                                Filesize

                                                                232KB

                                                                Download

                                                              • memory/1608-353-0x0000022791600000-0x000002279161C000-memory.dmp

                                                                Filesize

                                                                112KB

                                                                Download

                                                              • memory/1608-356-0x0000022791680000-0x0000022791688000-memory.dmp

                                                                Filesize

                                                                32KB

                                                                Download

                                                              • memory/2344-1796-0x00000238757D0000-0x000002387581A000-memory.dmp

                                                                Filesize

                                                                296KB

                                                                Download

                                                              • memory/2344-1794-0x0000023874E10000-0x0000023874E1C000-memory.dmp

                                                                Filesize

                                                                48KB

                                                                Download

                                                              • memory/2344-1909-0x0000023876160000-0x0000023876210000-memory.dmp

                                                                Filesize

                                                                704KB

                                                                Download

                                                              • memory/2344-1797-0x0000023875640000-0x000002387565C000-memory.dmp

                                                                Filesize

                                                                112KB

                                                                Download

                                                              • memory/2576-148-0x000001C315F60000-0x000001C315F9C000-memory.dmp

                                                                Filesize

                                                                240KB

                                                                Download

                                                              • memory/2576-147-0x000001C315DE0000-0x000001C315DF2000-memory.dmp

                                                                Filesize

                                                                72KB

                                                                Download

                                                              • memory/2576-143-0x000001C32E850000-0x000001C32E8E8000-memory.dmp

                                                                Filesize

                                                                608KB

                                                                Download

                                                              • memory/2576-131-0x000001C314240000-0x000001C314268000-memory.dmp

                                                                Filesize

                                                                160KB

                                                                Download

                                                              • memory/2952-489-0x00000000031D0000-0x0000000003397000-memory.dmp

                                                                Filesize

                                                                1.8MB

                                                                Download

                                                              • memory/2952-1089-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                Filesize

                                                                1.1MB

                                                                Download

                                                              • memory/2952-485-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                Filesize

                                                                1.1MB

                                                                Download

                                                              • memory/2952-521-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                Filesize

                                                                1.1MB

                                                                Download

                                                              • memory/2952-909-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                Filesize

                                                                1.1MB

                                                                Download

                                                              • memory/2952-912-0x0000000003210000-0x00000000033D7000-memory.dmp

                                                                Filesize

                                                                1.8MB

                                                                Download

                                                              • memory/2952-996-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                Filesize

                                                                1.1MB

                                                                Download

                                                              • memory/2952-1052-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                Filesize

                                                                1.1MB

                                                                Download

                                                              • memory/3492-1716-0x000001DA2AB40000-0x000001DA2AB7A000-memory.dmp

                                                                Filesize

                                                                232KB

                                                                Download

                                                              • memory/3492-1912-0x000001DA43CE0000-0x000001DA43D92000-memory.dmp

                                                                Filesize

                                                                712KB

                                                                Download

                                                              • memory/4220-1894-0x0000000072550000-0x000000007291D000-memory.dmp

                                                                Filesize

                                                                3.8MB

                                                                Download

                                                              • memory/4220-1901-0x0000000072920000-0x0000000072A3C000-memory.dmp

                                                                Filesize

                                                                1.1MB

                                                                Download

                                                              • memory/4220-1893-0x0000000072920000-0x0000000072A3C000-memory.dmp

                                                                Filesize

                                                                1.1MB

                                                                Download

                                                              • memory/4220-1902-0x0000000072550000-0x000000007291D000-memory.dmp

                                                                Filesize

                                                                3.8MB

                                                                Download

                                                              • memory/4440-22-0x0000000004790000-0x00000000047BE000-memory.dmp

                                                                Filesize

                                                                184KB

                                                                Download

                                                              • memory/4440-26-0x00000000047D0000-0x00000000047DC000-memory.dmp

                                                                Filesize

                                                                48KB

                                                                Download

                                                              • memory/4552-1583-0x000002B886700000-0x000002B88671C000-memory.dmp

                                                                Filesize

                                                                112KB

                                                                Download

                                                              • memory/4552-1587-0x000002B886240000-0x000002B88624C000-memory.dmp

                                                                Filesize

                                                                48KB

                                                                Download

                                                              • memory/4552-1586-0x000002B8868B0000-0x000002B8868C8000-memory.dmp

                                                                Filesize

                                                                96KB

                                                                Download

                                                              • memory/4552-1582-0x000002B886760000-0x000002B8867AA000-memory.dmp

                                                                Filesize

                                                                296KB

                                                                Download

                                                              • memory/4552-1581-0x000002B885D70000-0x000002B885DC0000-memory.dmp

                                                                Filesize

                                                                320KB

                                                                Download

                                                              • memory/4552-1690-0x000002B89F030000-0x000002B89F07A000-memory.dmp

                                                                Filesize

                                                                296KB

                                                                Download

                                                              • memory/4552-1903-0x000002B89F160000-0x000002B89F23C000-memory.dmp

                                                                Filesize

                                                                880KB

                                                                Download

                                                              • memory/4588-1170-0x0000000072550000-0x000000007291D000-memory.dmp

                                                                Filesize

                                                                3.8MB

                                                                Download

                                                              • memory/4588-1891-0x0000000072920000-0x0000000072A3C000-memory.dmp

                                                                Filesize

                                                                1.1MB

                                                                Download

                                                              • memory/4588-1892-0x0000000072550000-0x000000007291D000-memory.dmp

                                                                Filesize

                                                                3.8MB

                                                                Download

                                                              • memory/4588-1163-0x0000000072920000-0x0000000072A3C000-memory.dmp

                                                                Filesize

                                                                1.1MB

                                                                Download

                                                              • memory/4820-2605-0x0000000072550000-0x000000007291D000-memory.dmp

                                                                Filesize

                                                                3.8MB

                                                                Download

                                                              • memory/4820-1220-0x0000000072920000-0x0000000072A3C000-memory.dmp

                                                                Filesize

                                                                1.1MB

                                                                Download

                                                              • memory/4820-2604-0x0000000072920000-0x0000000072A3C000-memory.dmp

                                                                Filesize

                                                                1.1MB

                                                                Download

                                                              • memory/4820-1143-0x0000000072550000-0x000000007291D000-memory.dmp

                                                                Filesize

                                                                3.8MB

                                                                Download

                                                              • memory/4820-1142-0x0000000072920000-0x0000000072A3C000-memory.dmp

                                                                Filesize

                                                                1.1MB

                                                                Download

                                                              • memory/4820-1221-0x0000000072550000-0x000000007291D000-memory.dmp

                                                                Filesize

                                                                3.8MB

                                                                Download

                                                              • memory/4868-296-0x000001A7F1210000-0x000001A7F122C000-memory.dmp

                                                                Filesize

                                                                112KB

                                                                Download

                                                              • memory/4868-294-0x000001A7F09C0000-0x000001A7F09D6000-memory.dmp

                                                                Filesize

                                                                88KB

                                                                Download

                                                              • memory/4868-295-0x000001A7F1B10000-0x000001A7F1BC2000-memory.dmp

                                                                Filesize

                                                                712KB

                                                                Download

                                                              • memory/4940-1707-0x0000021FBB590000-0x0000021FBB5DA000-memory.dmp

                                                                Filesize

                                                                296KB

                                                                Download

                                                              • memory/4940-1907-0x0000021FD4220000-0x0000021FD42FC000-memory.dmp

                                                                Filesize

                                                                880KB

                                                                Download

                                                              • memory/4940-1706-0x0000021FBAD10000-0x0000021FBAD22000-memory.dmp

                                                                Filesize

                                                                72KB

                                                                Download

                                                              • memory/4940-1708-0x0000021FBB560000-0x0000021FBB57C000-memory.dmp

                                                                Filesize

                                                                112KB

                                                                Download

                                                              • memory/4940-1906-0x0000021FD4080000-0x0000021FD4132000-memory.dmp

                                                                Filesize

                                                                712KB

                                                                Download

                                                              • memory/5248-263-0x0000021FFB1C0000-0x0000021FFB272000-memory.dmp

                                                                Filesize

                                                                712KB

                                                                Download

                                                              • memory/5248-260-0x0000021FE1FC0000-0x0000021FE2002000-memory.dmp

                                                                Filesize

                                                                264KB

                                                                Download

                                                              • memory/5248-265-0x0000021FE2850000-0x0000021FE2870000-memory.dmp

                                                                Filesize

                                                                128KB

                                                                Download

                                                              • memory/5548-1579-0x00000223ACBC0000-0x00000223ACBE0000-memory.dmp

                                                                Filesize

                                                                128KB

                                                                Download

                                                              • memory/5548-1578-0x00000223AC260000-0x00000223AC270000-memory.dmp

                                                                Filesize

                                                                64KB

                                                                Download

                                                              • memory/5548-1585-0x00000223ACBE0000-0x00000223ACBF4000-memory.dmp

                                                                Filesize

                                                                80KB

                                                                Download

                                                              • memory/5548-1584-0x00000223C5320000-0x00000223C5386000-memory.dmp

                                                                Filesize

                                                                408KB

                                                                Download

                                                              • memory/5548-1580-0x00000223C53E0000-0x00000223C5492000-memory.dmp

                                                                Filesize

                                                                712KB

                                                                Download

                                                              • memory/5640-1754-0x0000020A75F20000-0x0000020A75FD2000-memory.dmp

                                                                Filesize

                                                                712KB

                                                                Download

                                                              • memory/5640-1746-0x0000020A5D170000-0x0000020A5D18A000-memory.dmp

                                                                Filesize

                                                                104KB

                                                                Download

                                                              • memory/5640-1744-0x0000020A5CD90000-0x0000020A5CD9A000-memory.dmp

                                                                Filesize

                                                                40KB

                                                                Download

                                                              • memory/5704-178-0x000001C0F6A90000-0x000001C0F6B42000-memory.dmp

                                                                Filesize

                                                                712KB

                                                                Download

                                                              • memory/5704-184-0x000001C0F69D0000-0x000001C0F69F2000-memory.dmp

                                                                Filesize

                                                                136KB

                                                                Download

                                                              • memory/5704-224-0x000001C0F6F90000-0x000001C0F6FC8000-memory.dmp

                                                                Filesize

                                                                224KB

                                                                Download

                                                              • memory/5928-2614-0x0000000072550000-0x000000007291D000-memory.dmp

                                                                Filesize

                                                                3.8MB

                                                                Download

                                                              • memory/5928-1241-0x0000000072920000-0x0000000072A3C000-memory.dmp

                                                                Filesize

                                                                1.1MB

                                                                Download

                                                              • memory/5928-1242-0x0000000072550000-0x000000007291D000-memory.dmp

                                                                Filesize

                                                                3.8MB

                                                                Download

                                                              • memory/5928-1154-0x0000000072920000-0x0000000072A3C000-memory.dmp

                                                                Filesize

                                                                1.1MB

                                                                Download

                                                              • memory/5928-1155-0x0000000072550000-0x000000007291D000-memory.dmp

                                                                Filesize

                                                                3.8MB

                                                                Download

                                                              • memory/5928-2613-0x0000000072920000-0x0000000072A3C000-memory.dmp

                                                                Filesize

                                                                1.1MB

                                                                Download

                                                              • memory/6124-63-0x0000000005550000-0x00000000058A4000-memory.dmp

                                                                Filesize

                                                                3.3MB

                                                                Download

                                                              • memory/6124-62-0x00000000053E0000-0x0000000005402000-memory.dmp

                                                                Filesize

                                                                136KB

                                                                Download

                                                              • memory/6124-59-0x0000000005490000-0x0000000005542000-memory.dmp

                                                                Filesize

                                                                712KB

                                                                Download