Overview

overview

10

Static

static

10

Ösztönd�...am.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/04/2025, 09:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Ösztöndíjprogram.msi

  • Size

    2.9MB

  • MD5

    e52455d67d3d45211aae128bda4f57e9

  • SHA1

    6d1a56218a110cb0bd5539f946fa0055ac0962ae

  • SHA256

    7261e0c3d40bcaab476d265d98935c23379e2536e459503f27ecda30180db7d9

  • SHA512

    c513dee257778c82cab976c10cb64c0d79e4d1f440b14d931a0996257b04770ca36b1620ad0ae70dae93ed517a0e97e08d65f9235479fa0a34c412bfe252851b

  • SSDEEP

    49152:Z+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:Z+lUlz9FKbsodq0YaH7ZPxMb8tT

Score
10/10
ateraagentbootkitdiscoveryexecutionpersistenceprivilege_escalationratupx

Malware Config

Signatures

  • AteraAgent

    AteraAgent is a remote monitoring and management tool.

    ratateraagent
  • Ateraagent family
    ateraagent
  • Detects AteraAgent 1 IoCs
  • Blocklisted process makes network request 7 IoCs
  • Drops file in Drivers directory 6 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Downloads MZ/PE file 2 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in System32 directory 64 IoCs
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • UPX packed file 21 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Executes dropped EXE 64 IoCs
  • Launches sc.exe 5 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Loads dropped DLL 64 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 3 IoCs

    Using powershell.exe command.

    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Time Discovery 1 TTPs 20 IoCs

    Adversary may gather the system time and/or time zone settings from a local or remote system.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Kills process with taskkill 13 IoCs
    defense_evasion
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 6 IoCs
    defense_evasionspywaretrojan
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Ösztöndíjprogram.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:5360
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:5316
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
        PID:3864
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding ECFB9798D8FC8C15384665C3680391BF
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:6024
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSI9B17.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240622703 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
          3⤵
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:1120
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSI9EE1.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240623359 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
          3⤵
          • Blocklisted process makes network request
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious use of AdjustPrivilegeToken
          PID:3392
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSIA2F9.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240624406 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
          3⤵
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:3712
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSIAE48.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240627281 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
          3⤵
          • Blocklisted process makes network request
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:1612
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 11B2727B3783412B7A0AE00EB9BED2C1 E Global\MSI0000
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3460
        • C:\Windows\SysWOW64\NET.exe
          "NET" STOP AteraAgent
          3⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2536
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 STOP AteraAgent
            4⤵
              PID:3084
          • C:\Windows\SysWOW64\TaskKill.exe
            "TaskKill.exe" /f /im AteraAgent.exe
            3⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            • Suspicious use of AdjustPrivilegeToken
            PID:4392
        • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
          "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="[email protected]" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000S8v2hIAB" /AgentId="858b08ed-8cd9-4ed7-8379-463c2fd48d58"
          2⤵
          • Drops file in System32 directory
          • Executes dropped EXE
          • Modifies data under HKEY_USERS
          PID:3232
        • C:\Windows\syswow64\MsiExec.exe
          C:\Windows\syswow64\MsiExec.exe -Embedding 86CB5DC90540ABB770C16C5BB7845131 E Global\MSI0000
          2⤵
          • Blocklisted process makes network request
          • Drops file in System32 directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Modifies data under HKEY_USERS
          • Modifies registry class
          PID:1404
          • C:\Windows\TEMP\{AEC0BE90-488D-452A-A2C6-15B2B18558F5}\_is17E8.exe
            C:\Windows\TEMP\{AEC0BE90-488D-452A-A2C6-15B2B18558F5}\_is17E8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1354D4CA-C1A6-453A-8097-F5DE3D2C86D6}
            3⤵
            • Executes dropped EXE
            PID:5592
          • C:\Windows\TEMP\{AEC0BE90-488D-452A-A2C6-15B2B18558F5}\_is17E8.exe
            C:\Windows\TEMP\{AEC0BE90-488D-452A-A2C6-15B2B18558F5}\_is17E8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{DA79796B-F24B-4F9F-BEC7-A1D954BC942F}
            3⤵
            • Executes dropped EXE
            PID:5588
          • C:\Windows\TEMP\{AEC0BE90-488D-452A-A2C6-15B2B18558F5}\_is17E8.exe
            C:\Windows\TEMP\{AEC0BE90-488D-452A-A2C6-15B2B18558F5}\_is17E8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3EA663F0-CB1A-48C2-9DE5-B9C9FEBCD83B}
            3⤵
            • Executes dropped EXE
            PID:5952
          • C:\Windows\TEMP\{AEC0BE90-488D-452A-A2C6-15B2B18558F5}\_is17E8.exe
            C:\Windows\TEMP\{AEC0BE90-488D-452A-A2C6-15B2B18558F5}\_is17E8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C0EBB416-110F-4467-B831-85EB224C7403}
            3⤵
            • Executes dropped EXE
            PID:4108
          • C:\Windows\TEMP\{AEC0BE90-488D-452A-A2C6-15B2B18558F5}\_is17E8.exe
            C:\Windows\TEMP\{AEC0BE90-488D-452A-A2C6-15B2B18558F5}\_is17E8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{606B1F94-76A0-4464-8AE0-5194EF5777A5}
            3⤵
            • Executes dropped EXE
            PID:5148
          • C:\Windows\TEMP\{AEC0BE90-488D-452A-A2C6-15B2B18558F5}\_is17E8.exe
            C:\Windows\TEMP\{AEC0BE90-488D-452A-A2C6-15B2B18558F5}\_is17E8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{278035AA-A475-4FF1-A6D5-D4F021F7DE19}
            3⤵
            • Executes dropped EXE
            PID:2384
          • C:\Windows\TEMP\{AEC0BE90-488D-452A-A2C6-15B2B18558F5}\_is17E8.exe
            C:\Windows\TEMP\{AEC0BE90-488D-452A-A2C6-15B2B18558F5}\_is17E8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5397C01D-0959-4752-A148-5FAFE5CCCFED}
            3⤵
            • Executes dropped EXE
            PID:3908
          • C:\Windows\TEMP\{AEC0BE90-488D-452A-A2C6-15B2B18558F5}\_is17E8.exe
            C:\Windows\TEMP\{AEC0BE90-488D-452A-A2C6-15B2B18558F5}\_is17E8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6690BB85-6245-406E-8501-1007A1D153B0}
            3⤵
            • Executes dropped EXE
            PID:5156
          • C:\Windows\TEMP\{AEC0BE90-488D-452A-A2C6-15B2B18558F5}\_is17E8.exe
            C:\Windows\TEMP\{AEC0BE90-488D-452A-A2C6-15B2B18558F5}\_is17E8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8C5C9117-F78D-4DE0-8D00-419FE4C9CFBD}
            3⤵
            • Executes dropped EXE
            PID:4684
          • C:\Windows\TEMP\{AEC0BE90-488D-452A-A2C6-15B2B18558F5}\_is17E8.exe
            C:\Windows\TEMP\{AEC0BE90-488D-452A-A2C6-15B2B18558F5}\_is17E8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D5D66158-32F6-4B62-9479-E387C32480A3}
            3⤵
            • Executes dropped EXE
            PID:3456
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRServer.exe /T"
            3⤵
              PID:3616
              • C:\Windows\SysWOW64\taskkill.exe
                taskkill.exe /F /IM SRServer.exe /T
                4⤵
                • Kills process with taskkill
                PID:5824
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRApp.exe /T"
              3⤵
              • System Location Discovery: System Language Discovery
              PID:4720
              • C:\Windows\SysWOW64\taskkill.exe
                taskkill.exe /F /IM SRApp.exe /T
                4⤵
                • System Location Discovery: System Language Discovery
                • Kills process with taskkill
                PID:5348
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAppPB.exe /T"
              3⤵
              • System Location Discovery: System Language Discovery
              PID:4620
              • C:\Windows\SysWOW64\taskkill.exe
                taskkill.exe /F /IM SRAppPB.exe /T
                4⤵
                • System Location Discovery: System Language Discovery
                • Kills process with taskkill
                PID:1588
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRFeature.exe /T"
              3⤵
              • System Location Discovery: System Language Discovery
              PID:5688
              • C:\Windows\SysWOW64\taskkill.exe
                taskkill.exe /F /IM SRFeature.exe /T
                4⤵
                • System Location Discovery: System Language Discovery
                • Kills process with taskkill
                PID:1220
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRFeatMini.exe /T"
              3⤵
                PID:2072
                • C:\Windows\SysWOW64\taskkill.exe
                  taskkill.exe /F /IM SRFeatMini.exe /T
                  4⤵
                  • Kills process with taskkill
                  PID:4232
              • C:\Windows\SysWOW64\cmd.exe
                C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRManager.exe /T"
                3⤵
                • System Location Discovery: System Language Discovery
                PID:2208
                • C:\Windows\SysWOW64\taskkill.exe
                  taskkill.exe /F /IM SRManager.exe /T
                  4⤵
                  • System Location Discovery: System Language Discovery
                  • Kills process with taskkill
                  PID:2196
              • C:\Windows\SysWOW64\cmd.exe
                C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAgent.exe /T"
                3⤵
                • System Location Discovery: System Language Discovery
                PID:1920
                • C:\Windows\SysWOW64\taskkill.exe
                  taskkill.exe /F /IM SRAgent.exe /T
                  4⤵
                  • System Location Discovery: System Language Discovery
                  • Kills process with taskkill
                  PID:2020
              • C:\Windows\SysWOW64\cmd.exe
                C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRChat.exe /T"
                3⤵
                  PID:2800
                  • C:\Windows\SysWOW64\taskkill.exe
                    taskkill.exe /F /IM SRChat.exe /T
                    4⤵
                    • System Location Discovery: System Language Discovery
                    • Kills process with taskkill
                    PID:5372
                • C:\Windows\SysWOW64\cmd.exe
                  C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAudioChat.exe /T"
                  3⤵
                  • System Location Discovery: System Language Discovery
                  PID:2320
                  • C:\Windows\SysWOW64\taskkill.exe
                    taskkill.exe /F /IM SRAudioChat.exe /T
                    4⤵
                    • System Location Discovery: System Language Discovery
                    • Kills process with taskkill
                    PID:2828
                • C:\Windows\SysWOW64\cmd.exe
                  C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRVirtualDisplay.exe /T"
                  3⤵
                    PID:3220
                    • C:\Windows\SysWOW64\taskkill.exe
                      taskkill.exe /F /IM SRVirtualDisplay.exe /T
                      4⤵
                      • System Location Discovery: System Language Discovery
                      • Kills process with taskkill
                      PID:5980
                  • C:\Windows\TEMP\{ED3F14AE-6246-45D1-993D-A2FB55FB5535}\_is23FF.exe
                    C:\Windows\TEMP\{ED3F14AE-6246-45D1-993D-A2FB55FB5535}\_is23FF.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1473C0DD-8016-4AF2-9EF6-F57D36B1EDE5}
                    3⤵
                    • Executes dropped EXE
                    PID:1624
                  • C:\Windows\TEMP\{ED3F14AE-6246-45D1-993D-A2FB55FB5535}\_is23FF.exe
                    C:\Windows\TEMP\{ED3F14AE-6246-45D1-993D-A2FB55FB5535}\_is23FF.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8D70FC23-F491-4BB3-BB74-127C4B4C79B6}
                    3⤵
                    • Executes dropped EXE
                    PID:4192
                  • C:\Windows\TEMP\{ED3F14AE-6246-45D1-993D-A2FB55FB5535}\_is23FF.exe
                    C:\Windows\TEMP\{ED3F14AE-6246-45D1-993D-A2FB55FB5535}\_is23FF.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B6E31857-3808-4B3C-A7C9-357A0A6802E5}
                    3⤵
                    • Executes dropped EXE
                    PID:5716
                  • C:\Windows\TEMP\{ED3F14AE-6246-45D1-993D-A2FB55FB5535}\_is23FF.exe
                    C:\Windows\TEMP\{ED3F14AE-6246-45D1-993D-A2FB55FB5535}\_is23FF.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C66CF24C-0ECB-45E1-9CD9-A3AF9D8F5BF0}
                    3⤵
                    • Executes dropped EXE
                    PID:3536
                  • C:\Windows\TEMP\{ED3F14AE-6246-45D1-993D-A2FB55FB5535}\_is23FF.exe
                    C:\Windows\TEMP\{ED3F14AE-6246-45D1-993D-A2FB55FB5535}\_is23FF.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C1B988CB-5FAB-4E4B-9DC4-66D03C17FED3}
                    3⤵
                    • Executes dropped EXE
                    PID:1744
                  • C:\Windows\TEMP\{ED3F14AE-6246-45D1-993D-A2FB55FB5535}\_is23FF.exe
                    C:\Windows\TEMP\{ED3F14AE-6246-45D1-993D-A2FB55FB5535}\_is23FF.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E6667F50-22B9-4E81-8DE2-93CF5E605D33}
                    3⤵
                    • Executes dropped EXE
                    PID:5408
                  • C:\Windows\TEMP\{ED3F14AE-6246-45D1-993D-A2FB55FB5535}\_is23FF.exe
                    C:\Windows\TEMP\{ED3F14AE-6246-45D1-993D-A2FB55FB5535}\_is23FF.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{94C40E31-3223-48F7-BC9B-55FD90F41184}
                    3⤵
                    • Executes dropped EXE
                    PID:4940
                  • C:\Windows\TEMP\{ED3F14AE-6246-45D1-993D-A2FB55FB5535}\_is23FF.exe
                    C:\Windows\TEMP\{ED3F14AE-6246-45D1-993D-A2FB55FB5535}\_is23FF.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B5CA3305-89EA-4623-87E7-90A64D8B9CEF}
                    3⤵
                    • Executes dropped EXE
                    PID:4480
                  • C:\Windows\TEMP\{ED3F14AE-6246-45D1-993D-A2FB55FB5535}\_is23FF.exe
                    C:\Windows\TEMP\{ED3F14AE-6246-45D1-993D-A2FB55FB5535}\_is23FF.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1D5C6B72-5680-4D37-8759-0383C12CF4CB}
                    3⤵
                    • Executes dropped EXE
                    PID:5592
                  • C:\Windows\TEMP\{ED3F14AE-6246-45D1-993D-A2FB55FB5535}\_is23FF.exe
                    C:\Windows\TEMP\{ED3F14AE-6246-45D1-993D-A2FB55FB5535}\_is23FF.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7974FEC1-4F5B-4E25-BB76-20A3DEB752DD}
                    3⤵
                    • Executes dropped EXE
                    PID:5588
                  • C:\Windows\TEMP\{51A2366C-1667-4E0D-A976-C9506C77B6D7}\_is3035.exe
                    C:\Windows\TEMP\{51A2366C-1667-4E0D-A976-C9506C77B6D7}\_is3035.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C7032AD2-CE12-4B08-888C-7C5083C71732}
                    3⤵
                    • Executes dropped EXE
                    PID:5236
                  • C:\Windows\TEMP\{51A2366C-1667-4E0D-A976-C9506C77B6D7}\_is3035.exe
                    C:\Windows\TEMP\{51A2366C-1667-4E0D-A976-C9506C77B6D7}\_is3035.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{46139879-C6D2-4829-8936-A6BAED786624}
                    3⤵
                    • Executes dropped EXE
                    PID:5408
                  • C:\Windows\TEMP\{51A2366C-1667-4E0D-A976-C9506C77B6D7}\_is3035.exe
                    C:\Windows\TEMP\{51A2366C-1667-4E0D-A976-C9506C77B6D7}\_is3035.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9D447620-AAF3-471A-BEE0-9040C6D34708}
                    3⤵
                    • Executes dropped EXE
                    PID:392
                  • C:\Windows\TEMP\{51A2366C-1667-4E0D-A976-C9506C77B6D7}\_is3035.exe
                    C:\Windows\TEMP\{51A2366C-1667-4E0D-A976-C9506C77B6D7}\_is3035.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1D7E571D-607F-46B9-BEFE-0731AA28CA76}
                    3⤵
                    • Executes dropped EXE
                    PID:1212
                  • C:\Windows\TEMP\{51A2366C-1667-4E0D-A976-C9506C77B6D7}\_is3035.exe
                    C:\Windows\TEMP\{51A2366C-1667-4E0D-A976-C9506C77B6D7}\_is3035.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7A17A84C-6710-48F1-88B5-B76113677C7F}
                    3⤵
                    • Executes dropped EXE
                    PID:2068
                  • C:\Windows\TEMP\{51A2366C-1667-4E0D-A976-C9506C77B6D7}\_is3035.exe
                    C:\Windows\TEMP\{51A2366C-1667-4E0D-A976-C9506C77B6D7}\_is3035.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{63DF3409-5DE9-44D0-BA94-B1713FEB469A}
                    3⤵
                    • Executes dropped EXE
                    PID:1992
                  • C:\Windows\TEMP\{51A2366C-1667-4E0D-A976-C9506C77B6D7}\_is3035.exe
                    C:\Windows\TEMP\{51A2366C-1667-4E0D-A976-C9506C77B6D7}\_is3035.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0D7D6B64-52C0-49B7-BF69-FDFE7775BC55}
                    3⤵
                    • Executes dropped EXE
                    PID:5804
                  • C:\Windows\TEMP\{51A2366C-1667-4E0D-A976-C9506C77B6D7}\_is3035.exe
                    C:\Windows\TEMP\{51A2366C-1667-4E0D-A976-C9506C77B6D7}\_is3035.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{64E671E7-F097-4B5D-838B-768E476D14F0}
                    3⤵
                    • Executes dropped EXE
                    PID:6116
                  • C:\Windows\TEMP\{51A2366C-1667-4E0D-A976-C9506C77B6D7}\_is3035.exe
                    C:\Windows\TEMP\{51A2366C-1667-4E0D-A976-C9506C77B6D7}\_is3035.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{AC28BF5F-E718-4C97-A174-6298B060222E}
                    3⤵
                    • Executes dropped EXE
                    PID:5748
                  • C:\Windows\TEMP\{51A2366C-1667-4E0D-A976-C9506C77B6D7}\_is3035.exe
                    C:\Windows\TEMP\{51A2366C-1667-4E0D-A976-C9506C77B6D7}\_is3035.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A8FA01F9-CAA9-4147-842D-8C9ACCFDD253}
                    3⤵
                    • Executes dropped EXE
                    PID:3912
                  • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
                    "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P ADDUSERINFO /V "sec_opt=0,confirm_d=0,hidewindow=1"
                    3⤵
                    • Executes dropped EXE
                    • System Location Discovery: System Language Discovery
                    PID:408
                  • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
                    "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P USERSESSIONID
                    3⤵
                    • Executes dropped EXE
                    • System Location Discovery: System Language Discovery
                    PID:2020
                  • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
                    "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P ST_EVENT
                    3⤵
                    • Executes dropped EXE
                    • System Location Discovery: System Language Discovery
                    • Modifies data under HKEY_USERS
                    • Suspicious behavior: EnumeratesProcesses
                    PID:2828
                    • C:\Windows\system32\cmd.exe
                      "C:\Windows\sysnative\cmd.exe" /C "C:\Windows\system32\wevtutil.exe" um "C:\ProgramData\Splashtop\Common\Event\stevt_srs_provider.man"
                      4⤵
                        PID:3300
                      • C:\Windows\system32\cmd.exe
                        "C:\Windows\sysnative\cmd.exe" /C "C:\Windows\system32\wevtutil.exe" im "C:\ProgramData\Splashtop\Common\Event\stevt_srs_provider.man"
                        4⤵
                          PID:4704
                      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe
                        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe" -g
                        3⤵
                        • Executes dropped EXE
                        • Suspicious behavior: EnumeratesProcesses
                        PID:1264
                      • C:\Windows\TEMP\{C7391A08-A657-479F-8A73-51D8787A6835}\_is4286.exe
                        C:\Windows\TEMP\{C7391A08-A657-479F-8A73-51D8787A6835}\_is4286.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6D1F153E-A38C-42D2-A84F-B621FDC81011}
                        3⤵
                        • Executes dropped EXE
                        PID:4940
                      • C:\Windows\TEMP\{C7391A08-A657-479F-8A73-51D8787A6835}\_is4286.exe
                        C:\Windows\TEMP\{C7391A08-A657-479F-8A73-51D8787A6835}\_is4286.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{AA5BBB18-77B2-46B4-BD32-52F63A1D8767}
                        3⤵
                        • Executes dropped EXE
                        PID:1152
                      • C:\Windows\TEMP\{C7391A08-A657-479F-8A73-51D8787A6835}\_is4286.exe
                        C:\Windows\TEMP\{C7391A08-A657-479F-8A73-51D8787A6835}\_is4286.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{133260DA-DAA6-44BB-A016-9CB12F3C002D}
                        3⤵
                        • Executes dropped EXE
                        PID:4200
                      • C:\Windows\TEMP\{C7391A08-A657-479F-8A73-51D8787A6835}\_is4286.exe
                        C:\Windows\TEMP\{C7391A08-A657-479F-8A73-51D8787A6835}\_is4286.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C912E7BE-5820-4E0F-BFCB-425BF0623DAA}
                        3⤵
                        • Executes dropped EXE
                        PID:2604
                      • C:\Windows\TEMP\{C7391A08-A657-479F-8A73-51D8787A6835}\_is4286.exe
                        C:\Windows\TEMP\{C7391A08-A657-479F-8A73-51D8787A6835}\_is4286.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2765865A-2D1C-4D88-A02D-04CB9E17B831}
                        3⤵
                        • Executes dropped EXE
                        PID:2252
                      • C:\Windows\TEMP\{C7391A08-A657-479F-8A73-51D8787A6835}\_is4286.exe
                        C:\Windows\TEMP\{C7391A08-A657-479F-8A73-51D8787A6835}\_is4286.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D558438F-F5E5-477D-91AB-3ACAE1BA2767}
                        3⤵
                        • Executes dropped EXE
                        PID:4276
                      • C:\Windows\TEMP\{C7391A08-A657-479F-8A73-51D8787A6835}\_is4286.exe
                        C:\Windows\TEMP\{C7391A08-A657-479F-8A73-51D8787A6835}\_is4286.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{00FE3B64-8867-4E3D-B489-EF71C9FFF786}
                        3⤵
                        • Executes dropped EXE
                        PID:2216
                      • C:\Windows\TEMP\{C7391A08-A657-479F-8A73-51D8787A6835}\_is4286.exe
                        C:\Windows\TEMP\{C7391A08-A657-479F-8A73-51D8787A6835}\_is4286.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{99D83478-1870-4B8B-8702-93E16D301D98}
                        3⤵
                        • Executes dropped EXE
                        PID:3456
                      • C:\Windows\TEMP\{C7391A08-A657-479F-8A73-51D8787A6835}\_is4286.exe
                        C:\Windows\TEMP\{C7391A08-A657-479F-8A73-51D8787A6835}\_is4286.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{368C43AB-E66A-46E8-B462-D84AA5459FA4}
                        3⤵
                        • Executes dropped EXE
                        PID:3104
                      • C:\Windows\TEMP\{C7391A08-A657-479F-8A73-51D8787A6835}\_is4286.exe
                        C:\Windows\TEMP\{C7391A08-A657-479F-8A73-51D8787A6835}\_is4286.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{156ABE41-644B-48F6-9F92-0CFAAA33C631}
                        3⤵
                        • Executes dropped EXE
                        PID:4660
                      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" -i
                        3⤵
                        • Executes dropped EXE
                        • System Location Discovery: System Language Discovery
                        • Modifies registry class
                        PID:5364
                      • C:\Windows\TEMP\{B3FF472F-2D40-4BFB-A136-E18D659C48F5}\_is44D9.exe
                        C:\Windows\TEMP\{B3FF472F-2D40-4BFB-A136-E18D659C48F5}\_is44D9.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{607F99A1-6EB4-41CB-97A7-8134FE77C51B}
                        3⤵
                        • Executes dropped EXE
                        PID:5708
                      • C:\Windows\TEMP\{B3FF472F-2D40-4BFB-A136-E18D659C48F5}\_is44D9.exe
                        C:\Windows\TEMP\{B3FF472F-2D40-4BFB-A136-E18D659C48F5}\_is44D9.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C4C50D90-06F3-497F-A6D6-F318AB3DD15B}
                        3⤵
                        • Executes dropped EXE
                        PID:2988
                      • C:\Windows\TEMP\{B3FF472F-2D40-4BFB-A136-E18D659C48F5}\_is44D9.exe
                        C:\Windows\TEMP\{B3FF472F-2D40-4BFB-A136-E18D659C48F5}\_is44D9.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{87A2A745-81CB-45F2-B9F2-341B706B2252}
                        3⤵
                        • Executes dropped EXE
                        PID:4908
                      • C:\Windows\TEMP\{B3FF472F-2D40-4BFB-A136-E18D659C48F5}\_is44D9.exe
                        C:\Windows\TEMP\{B3FF472F-2D40-4BFB-A136-E18D659C48F5}\_is44D9.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E8064965-0587-4427-AE79-4B0AC17CC67B}
                        3⤵
                        • Executes dropped EXE
                        PID:4748
                      • C:\Windows\TEMP\{B3FF472F-2D40-4BFB-A136-E18D659C48F5}\_is44D9.exe
                        C:\Windows\TEMP\{B3FF472F-2D40-4BFB-A136-E18D659C48F5}\_is44D9.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D6DE91DD-06D3-4A3E-AEE2-C308EE04A717}
                        3⤵
                        • Executes dropped EXE
                        PID:940
                      • C:\Windows\TEMP\{B3FF472F-2D40-4BFB-A136-E18D659C48F5}\_is44D9.exe
                        C:\Windows\TEMP\{B3FF472F-2D40-4BFB-A136-E18D659C48F5}\_is44D9.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5C8D6B90-0023-42C0-ABB6-39543A7F108D}
                        3⤵
                        • Executes dropped EXE
                        PID:6012
                      • C:\Windows\TEMP\{B3FF472F-2D40-4BFB-A136-E18D659C48F5}\_is44D9.exe
                        C:\Windows\TEMP\{B3FF472F-2D40-4BFB-A136-E18D659C48F5}\_is44D9.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2AA4882C-F880-4F37-B15F-58FD863AB4B3}
                        3⤵
                        • Executes dropped EXE
                        PID:1740
                      • C:\Windows\TEMP\{B3FF472F-2D40-4BFB-A136-E18D659C48F5}\_is44D9.exe
                        C:\Windows\TEMP\{B3FF472F-2D40-4BFB-A136-E18D659C48F5}\_is44D9.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0F29516F-3C08-4BC2-ACAA-66B13CFA0437}
                        3⤵
                          PID:2356
                        • C:\Windows\TEMP\{B3FF472F-2D40-4BFB-A136-E18D659C48F5}\_is44D9.exe
                          C:\Windows\TEMP\{B3FF472F-2D40-4BFB-A136-E18D659C48F5}\_is44D9.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{09455845-D48E-4C43-8FFE-452A955A25F7}
                          3⤵
                            PID:6140
                          • C:\Windows\TEMP\{B3FF472F-2D40-4BFB-A136-E18D659C48F5}\_is44D9.exe
                            C:\Windows\TEMP\{B3FF472F-2D40-4BFB-A136-E18D659C48F5}\_is44D9.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{ECCF397F-A3C8-42E0-9B86-1392BF975230}
                            3⤵
                              PID:4928
                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                              "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" -r
                              3⤵
                              • System Location Discovery: System Language Discovery
                              PID:4460
                          • C:\Windows\syswow64\MsiExec.exe
                            C:\Windows\syswow64\MsiExec.exe -Embedding 305B124C18D27815242F5B34BB17F051 E Global\MSI0000
                            2⤵
                            • System Location Discovery: System Language Discovery
                            PID:1360
                            • C:\Windows\SysWOW64\rundll32.exe
                              rundll32.exe "C:\Windows\Installer\MSI8952.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240683390 464 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                              3⤵
                              • Drops file in System32 directory
                              • System Location Discovery: System Language Discovery
                              PID:3216
                            • C:\Windows\SysWOW64\rundll32.exe
                              rundll32.exe "C:\Windows\Installer\MSI8A6C.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240683625 468 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
                              3⤵
                              • Blocklisted process makes network request
                              • Drops file in Windows directory
                              • System Location Discovery: System Language Discovery
                              PID:2960
                            • C:\Windows\SysWOW64\rundll32.exe
                              rundll32.exe "C:\Windows\Installer\MSI902A.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240685093 473 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
                              3⤵
                              • Drops file in Windows directory
                              • System Location Discovery: System Language Discovery
                              PID:4832
                            • C:\Windows\SysWOW64\NET.exe
                              "NET" STOP AteraAgent
                              3⤵
                              • System Location Discovery: System Language Discovery
                              PID:6132
                              • C:\Windows\SysWOW64\net1.exe
                                C:\Windows\system32\net1 STOP AteraAgent
                                4⤵
                                • System Location Discovery: System Language Discovery
                                PID:3140
                            • C:\Windows\SysWOW64\TaskKill.exe
                              "TaskKill.exe" /f /im AteraAgent.exe
                              3⤵
                              • System Location Discovery: System Language Discovery
                              • Kills process with taskkill
                              PID:1120
                            • C:\Windows\syswow64\NET.exe
                              "NET" STOP AteraAgent
                              3⤵
                              • System Location Discovery: System Language Discovery
                              PID:5784
                              • C:\Windows\SysWOW64\net1.exe
                                C:\Windows\system32\net1 STOP AteraAgent
                                4⤵
                                • System Location Discovery: System Language Discovery
                                PID:1260
                            • C:\Windows\syswow64\TaskKill.exe
                              "TaskKill.exe" /f /im AteraAgent.exe
                              3⤵
                              • System Location Discovery: System Language Discovery
                              • Kills process with taskkill
                              PID:5400
                            • C:\Windows\SysWOW64\rundll32.exe
                              rundll32.exe "C:\Windows\Installer\MSIB89A.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240695421 511 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
                              3⤵
                              • Blocklisted process makes network request
                              • Drops file in Windows directory
                              • System Location Discovery: System Language Discovery
                              PID:5156
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /u
                            2⤵
                            • Drops file in System32 directory
                            PID:1264
                          • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe
                            "C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="" /CompanyId="" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="" /AgentId="09456a44-4650-41b6-be2a-fd1974fd5704"
                            2⤵
                            • Drops file in System32 directory
                            • Modifies data under HKEY_USERS
                            PID:512
                          • C:\Windows\syswow64\MsiExec.exe
                            C:\Windows\syswow64\MsiExec.exe -Embedding C48375D3F0E9AF2831A9D6183E73EC36 E Global\MSI0000
                            2⤵
                            • System Location Discovery: System Language Discovery
                            PID:4808
                          • C:\Windows\syswow64\MsiExec.exe
                            C:\Windows\syswow64\MsiExec.exe -Embedding 88BB0BBBCA2F4967E23F55515D7F8BF3 E Global\MSI0000
                            2⤵
                            • System Location Discovery: System Language Discovery
                            PID:3976
                          • C:\Windows\syswow64\MsiExec.exe
                            C:\Windows\syswow64\MsiExec.exe -Embedding 9272E11F8B3D394A40F943663A0CCDC6 E Global\MSI0000
                            2⤵
                            • System Location Discovery: System Language Discovery
                            PID:1580
                        • C:\Windows\system32\vssvc.exe
                          C:\Windows\system32\vssvc.exe
                          1⤵
                          • Checks SCSI registry key(s)
                          • Suspicious use of AdjustPrivilegeToken
                          PID:2728
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                          1⤵
                          • Drops file in System32 directory
                          • Drops file in Program Files directory
                          • Executes dropped EXE
                          • Modifies data under HKEY_USERS
                          • Modifies system certificate store
                          • Suspicious behavior: EnumeratesProcesses
                          • Suspicious use of WriteProcessMemory
                          PID:5280
                          • C:\Windows\System32\sc.exe
                            "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                            2⤵
                            • Launches sc.exe
                            PID:5528
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 858b08ed-8cd9-4ed7-8379-463c2fd48d58 "08b6a9fd-fc8a-452d-89ab-45f6a63602a9" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000S8v2hIAB
                            2⤵
                            • Drops file in System32 directory
                            • Executes dropped EXE
                            • Suspicious behavior: EnumeratesProcesses
                            PID:2972
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 858b08ed-8cd9-4ed7-8379-463c2fd48d58 "37b8be97-b91d-46a8-8a87-ea543e68e494" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000S8v2hIAB
                            2⤵
                            • Executes dropped EXE
                            • Suspicious behavior: EnumeratesProcesses
                            PID:4016
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 858b08ed-8cd9-4ed7-8379-463c2fd48d58 "3785d771-ef8c-414b-af19-1ece273efcb7" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000S8v2hIAB
                            2⤵
                            • Executes dropped EXE
                            • Suspicious behavior: EnumeratesProcesses
                            • Suspicious use of WriteProcessMemory
                            PID:5304
                            • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                              3⤵
                              • Command and Scripting Interpreter: PowerShell
                              • Modifies data under HKEY_USERS
                              • Suspicious behavior: EnumeratesProcesses
                              PID:5456
                            • C:\Windows\System32\cmd.exe
                              "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                              3⤵
                              • Suspicious use of WriteProcessMemory
                              PID:1652
                              • C:\Windows\system32\cscript.exe
                                cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                                4⤵
                                • Modifies data under HKEY_USERS
                                PID:5240
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 858b08ed-8cd9-4ed7-8379-463c2fd48d58 "3fd82008-c315-4bdd-b743-5c82b0b40302" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q300000S8v2hIAB
                            2⤵
                            • Executes dropped EXE
                            PID:2528
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 858b08ed-8cd9-4ed7-8379-463c2fd48d58 "1b1b0242-63a7-424d-8a1d-9e48ceab518f" agent-api.atera.com/Production 443 or8ixLi90Mf "install eyJSbW1Db2RlIjoiaFpDREZQaEs3NW1KIiwiUmVxdWVzdFBlcm1pc3Npb25PcHRpb24iOjMsIlJlcXVpcmVQYXNzd29yZE9wdGlvbiI6bnVsbCwiUGFzc3dvcmQiOm51bGx9" 001Q300000S8v2hIAB
                            2⤵
                            • Downloads MZ/PE file
                            • Drops file in System32 directory
                            • Drops file in Program Files directory
                            • Executes dropped EXE
                            • Modifies data under HKEY_USERS
                            • Suspicious behavior: EnumeratesProcesses
                            • Suspicious use of WriteProcessMemory
                            PID:3872
                            • C:\Windows\TEMP\SplashtopStreamer.exe
                              "C:\Windows\TEMP\SplashtopStreamer.exe" prevercheck /s /i sec_opt=0,confirm_d=0,hidewindow=1
                              3⤵
                              • Executes dropped EXE
                              • System Location Discovery: System Language Discovery
                              • Modifies data under HKEY_USERS
                              • Suspicious use of SetWindowsHookEx
                              • Suspicious use of WriteProcessMemory
                              PID:5388
                              • C:\Windows\Temp\unpack\PreVerCheck.exe
                                "C:\Windows\Temp\unpack\PreVerCheck.exe" /s /i sec_opt=0,confirm_d=0,hidewindow=1
                                4⤵
                                • Executes dropped EXE
                                • System Location Discovery: System Language Discovery
                                • Suspicious use of WriteProcessMemory
                                PID:2608
                                • C:\Windows\SysWOW64\msiexec.exe
                                  msiexec /norestart /i "setup.msi" /qn /l*v "C:\Windows\TEMP\PreVer.log.txt" CA_EXTPATH=1 USERINFO="sec_opt=0,confirm_d=0,hidewindow=1"
                                  5⤵
                                  • System Location Discovery: System Language Discovery
                                  PID:6056
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 858b08ed-8cd9-4ed7-8379-463c2fd48d58 "852a005e-e2d7-41c6-85fc-b2243b4d8b73" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000S8v2hIAB
                            2⤵
                            • Executes dropped EXE
                            • Loads dropped DLL
                            PID:1052
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                          1⤵
                          • Drops file in Program Files directory
                          • Executes dropped EXE
                          • Modifies data under HKEY_USERS
                          • Suspicious use of WriteProcessMemory
                          PID:4280
                          • C:\Windows\System32\sc.exe
                            "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                            2⤵
                            • Launches sc.exe
                            PID:5516
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 858b08ed-8cd9-4ed7-8379-463c2fd48d58 "37b8be97-b91d-46a8-8a87-ea543e68e494" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000S8v2hIAB
                            2⤵
                            • Executes dropped EXE
                            • Suspicious behavior: EnumeratesProcesses
                            PID:4464
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 858b08ed-8cd9-4ed7-8379-463c2fd48d58 "4cfa3f6b-e93a-4a61-bace-1d72299ebf21" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000S8v2hIAB
                            2⤵
                              PID:5980
                              • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                                3⤵
                                • Drops file in System32 directory
                                • Command and Scripting Interpreter: PowerShell
                                • Modifies data under HKEY_USERS
                                PID:4176
                              • C:\Windows\System32\cmd.exe
                                "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                                3⤵
                                  PID:728
                                  • C:\Windows\system32\cscript.exe
                                    cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                                    4⤵
                                    • Modifies data under HKEY_USERS
                                    PID:5832
                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 858b08ed-8cd9-4ed7-8379-463c2fd48d58 "bea0221a-a138-42d2-8601-3f90406cc8ae" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded" 001Q300000S8v2hIAB
                                2⤵
                                  PID:5584
                                  • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                                    "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe" -a "st-streamer://com.splashtop.streamer?rmm_code=hZCDFPhK75mJ&rmm_session_pwd=97e21f2cfc4f95c19854ec3f979c57d0&rmm_session_pwd_ttl=86400"
                                    3⤵
                                    • System Location Discovery: System Language Discovery
                                    PID:2068
                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" 858b08ed-8cd9-4ed7-8379-463c2fd48d58 "30c9031c-124f-4c73-8b73-0aa806ad3784" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000S8v2hIAB
                                  2⤵
                                  • Modifies registry class
                                  PID:2828
                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" 858b08ed-8cd9-4ed7-8379-463c2fd48d58 "9bc1166c-a4bc-4cd7-ac5f-4bf29239eca5" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000S8v2hIAB
                                  2⤵
                                  • Modifies data under HKEY_USERS
                                  PID:3964
                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" 858b08ed-8cd9-4ed7-8379-463c2fd48d58 "cda77408-7722-4ce6-99fa-115b963ad435" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q300000S8v2hIAB
                                  2⤵
                                  • Drops file in System32 directory
                                  PID:228
                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe" 858b08ed-8cd9-4ed7-8379-463c2fd48d58 "89bd4c95-112a-4978-9d90-4de1afe508c9" agent-api.atera.com/Production 443 or8ixLi90Mf "agentprovision" 001Q300000S8v2hIAB
                                  2⤵
                                  • Drops file in System32 directory
                                  PID:2852
                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" 858b08ed-8cd9-4ed7-8379-463c2fd48d58 "910b2710-99c2-459a-bb56-7d839d05f5a5" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates" 001Q300000S8v2hIAB
                                  2⤵
                                  • Drops file in System32 directory
                                  • Modifies data under HKEY_USERS
                                  PID:3616
                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe" 858b08ed-8cd9-4ed7-8379-463c2fd48d58 "19258704-97e6-4b74-b666-7c9bca33b303" agent-api.atera.com/Production 443 or8ixLi90Mf "connect" 001Q300000S8v2hIAB
                                  2⤵
                                    PID:2788
                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe" 858b08ed-8cd9-4ed7-8379-463c2fd48d58 "830e3d40-0647-44be-a069-3991ecc031a1" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIybWFpbnRlbmFuY2VcdTAwMjIsXHUwMDIyRW5hYmxlZFx1MDAyMjpmYWxzZSxcdTAwMjJSZXBlYXRJbnRlcnZhbE1pbnV0ZXNcdTAwMjI6MTAsXHUwMDIyRGF5c0ludGVydmFsXHUwMDIyOjEsXHUwMDIyUmVwZWF0RHVyYXRpb25EYXlzXHUwMDIyOjF9In0=" 001Q300000S8v2hIAB
                                    2⤵
                                      PID:2608
                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe" 858b08ed-8cd9-4ed7-8379-463c2fd48d58 "847bcd61-32de-4416-8111-b864e1710f22" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJDb21tYW5kTmFtZSI6Imluc3RhbGxkb3RuZXQiLCJEb3ROZXRWZXJzaW9uIjoiOC4wLjExIiwiTWFjQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzU1ZWIyYTQ5LTI1MjMtNDAyZS1iNjIzLTdhOTAxN2I4YmRlZi84Y2NkNDBhMjEzZWMyOTY0YWY0MTlmOWY3MjI2MzAyNy9kb3RuZXQtcnVudGltZS04LjAuMTEtb3N4LWFybTY0LnBrZyIsIk1hY1g2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci8zZjkyNmRkMi1kMjM0LTQzN2EtOGY2YS1lYTZkNzdjMzY4NGMvM2U4MzZhMzQ1YjEzNjA5MTcxM2E3NjliODdmMzQ5OTMvZG90bmV0LXJ1bnRpbWUtOC4wLjExLW9zeC14NjQucGtnIiwiV2luQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzljZjYyYmI3LTAyZmEtNDA3Mi1iNzY1LTVlMDRhZDA4OTc4OC8zZjM0ZGQ1NjU5Zjk5MTcyYWVhN2M0Y2M5ZGM3YTk3NS9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLWFybTY0LmV4ZSIsIldpblg2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci81M2U5ZTQxYy1iMzYyLTQ1OTgtOTk4NS00NWY5ODk1MTgwMTYvNTNjNWUxOTE5YmEyZmUyMzI3M2YyYWJhZmY2NTU5NWIvZG90bmV0LXJ1bnRpbWUtOC4wLjExLXdpbi14NjQuZXhlIiwiV2luWDg2RG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2E4ZDFhNDg5LTYwZDYtNGU2My05M2VlLWFiOWM0NGQ3OGIwZC81NTE5Zjk5ZmY1MGRlNmUwOTZiYjFkMjY2ZGQwZTY2Ny9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLXg4Ni5leGUiLCJNYWNBUk1DaGVja3N1bSI6Im1kZUhHZFVWTllIM21IcW1FMGJMaG5mNUpqNWNVaUZvdHFVSUk3bXltVEZKTXkwYzNvNWZ2YlFJSFx1MDAyQlU4bHA2QVdWZllPeS9wbXFLREpZZ3lTN3gyNEE9PSIsIk1hY1g2NENoZWNrc3VtIjoiTUdaVmR6Z0xqbjlIWmFZU21OWi9oMDZibVNRWS9ZSVJQeTdhQzNkM0kveWtLTFx1MDAyQkNubmUweUtQd1h5TW9pSHpONEtqWGZIeGdwcW0wWHJuaDlNSE04Zz09IiwiV2luQVJNQ2hlY2tzdW0iOiJWMEs0bVZwbFx1MDAyQjkxd0FYMWlZWEZyV2EyTTdORldYSjAvT29KSjMzQklWRlV1WXRzSE14TUsydWxnaTdcdTAwMkJQc1QwY1paeFBORDlhZ2t0dWZXRnZwMDl0b1E9PSIsIldpblg2NENoZWNrc3VtIjoiM05UbUVqazRubEg2Tm5ra1RmS2N1L1E5M1FNRlZHUjUxa3hlSGFQQTlESXZZS0N2VmpkYUxUNEpVY2x6VkcyL2djQW1pXHUwMDJCVXlrYXJkV2piR1hEXHUwMDJCUUh3PT0iLCJXaW5YODZDaGVja3N1bSI6InREanNWcmljT3g4RkJ1TEFzUjFVTXd4d2tQUktLOHhVdURSVVQ0L0E1b3NrdjVKdE03UzFrejBuU2FFMXRzY2JtcDROeDZ3SUNPUmZxRkJINzNlUnF3PT0iLCJXb3Jrc3BhY2VJZCI6ImJmMGNlNDlkLTc3Y2YtNDcyMS1iZjcwLTU3Njg2MzgzYzlhYiIsIkxvZ05hbWUiOiJEb3ROZXRSdW50aW1lSW5zdGFsbGF0aW9uUmVwb3J0IiwiU2hhcmVkS2V5IjoialVJUy9UOUNSVkRlS3hZZzRVcjNhQ2hoV1F1Y1k3UFZ2d2cwekh1cUpzY3JUampRMkx3SzZVamZ1N2NBMk5wckFSMHIvU1JBWEpZWWxkUEtLRnlLS1E9PSJ9" 001Q300000S8v2hIAB
                                      2⤵
                                      • Downloads MZ/PE file
                                      • Modifies data under HKEY_USERS
                                      PID:5712
                                      • C:\Windows\SYSTEM32\cmd.exe
                                        "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                                        3⤵
                                        • System Time Discovery
                                        PID:3440
                                        • C:\Program Files\dotnet\dotnet.exe
                                          dotnet --list-runtimes
                                          4⤵
                                          • System Time Discovery
                                          PID:2812
                                      • C:\Program Files\dotnet\dotnet.exe
                                        "C:\Program Files\dotnet\dotnet" --list-runtimes
                                        3⤵
                                        • System Time Discovery
                                        PID:6112
                                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe
                                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe" /repair /quiet /norestart
                                        3⤵
                                        • System Location Discovery: System Language Discovery
                                        PID:4804
                                        • C:\Windows\Temp\{D269B5B1-91F6-4CA2-8185-5C9FE6085539}\.cr\8-0-11.exe
                                          "C:\Windows\Temp\{D269B5B1-91F6-4CA2-8185-5C9FE6085539}\.cr\8-0-11.exe" -burn.clean.room="C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe" -burn.filehandle.attached=728 -burn.filehandle.self=692 /repair /quiet /norestart
                                          4⤵
                                          • System Location Discovery: System Language Discovery
                                          • System Time Discovery
                                          PID:4664
                                          • C:\Windows\Temp\{82BAFB0D-6FCE-494E-A2FC-29B88AB631B9}\.be\dotnet-runtime-8.0.11-win-x64.exe
                                            "C:\Windows\Temp\{82BAFB0D-6FCE-494E-A2FC-29B88AB631B9}\.be\dotnet-runtime-8.0.11-win-x64.exe" -q -burn.elevated BurnPipe.{C85B2321-178C-4BC9-957B-DAB4D05A3141} {C8176FA5-F0B6-40D5-A417-8F68AC1D86A8} 4664
                                            5⤵
                                            • Adds Run key to start application
                                            • System Location Discovery: System Language Discovery
                                            • System Time Discovery
                                            • Modifies registry class
                                            PID:4412
                                      • C:\Windows\SYSTEM32\cmd.exe
                                        "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                                        3⤵
                                        • System Time Discovery
                                        PID:2196
                                        • C:\Program Files\dotnet\dotnet.exe
                                          dotnet --list-runtimes
                                          4⤵
                                          • System Time Discovery
                                          PID:1780
                                      • C:\Windows\SYSTEM32\cmd.exe
                                        "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                                        3⤵
                                        • System Time Discovery
                                        PID:2732
                                        • C:\Program Files\dotnet\dotnet.exe
                                          dotnet --list-runtimes
                                          4⤵
                                          • System Time Discovery
                                          PID:1724
                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe" 858b08ed-8cd9-4ed7-8379-463c2fd48d58 "58006eec-4e7f-4719-af47-20ed6df57662" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBZENvbW1hbmRUeXBlIjo1LCJJbnN0YWxsYXRpb25GaWxlVXJsIjoiaHR0cHM6Ly9wYWNrYWdlc3N0b3JlLmJsb2IuY29yZS53aW5kb3dzLm5ldC9pbnN0YWxsZXJzL0FueURlc2svV2luZG93cy9BZ2VudF9BbnlEZXNrX0N1c3RvbV9DbGllbnRfOS4wLjUubXNpIiwiRm9yY2VJbnN0YWxsIjpmYWxzZSwiVGFyZ2V0VmVyc2lvbiI6IjkuMC41In0=" 001Q300000S8v2hIAB
                                      2⤵
                                        PID:1508
                                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" 858b08ed-8cd9-4ed7-8379-463c2fd48d58 "8a221d7d-1d7a-4a6a-ad30-cf5cc888fcdf" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000S8v2hIAB
                                        2⤵
                                        • Drops file in System32 directory
                                        PID:5224
                                        • C:\Windows\SYSTEM32\msiexec.exe
                                          "msiexec.exe" /i C:\Windows\TEMP\ateraAgentSetup64_1_8_7_2.msi /lv* AteraSetupLog.txt /qn /norestart
                                          3⤵
                                          • Modifies data under HKEY_USERS
                                          PID:1240
                                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" 858b08ed-8cd9-4ed7-8379-463c2fd48d58 "44546241-21ea-4b77-b922-48ffa527c3b7" agent-api.atera.com/Production 443 or8ixLi90Mf "probe" 001Q300000S8v2hIAB
                                        2⤵
                                          PID:4632
                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Software\Agent.Package.Software.exe
                                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Software\Agent.Package.Software.exe" 858b08ed-8cd9-4ed7-8379-463c2fd48d58 "f659e1d1-e979-4e13-99a5-e0de775824f2" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIyZ2V0LWluc3RhbGxlZC1zb2Z0d2FyZVx1MDAyMixcdTAwMjJDYWNoZVR0bEhvdXJzXHUwMDIyOjEyfSJ9" 001Q300000S8v2hIAB
                                          2⤵
                                            PID:3100
                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 858b08ed-8cd9-4ed7-8379-463c2fd48d58 "c21e37a8-def2-4be8-ac33-05e42924b78b" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000S8v2hIAB
                                            2⤵
                                            • Writes to the Master Boot Record (MBR)
                                            • Drops file in Program Files directory
                                            PID:3224
                                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                                          "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe"
                                          1⤵
                                          • Drops file in Program Files directory
                                          • System Location Discovery: System Language Discovery
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:632
                                          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe
                                            "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe"
                                            2⤵
                                            • Drops file in System32 directory
                                            • Loads dropped DLL
                                            • System Location Discovery: System Language Discovery
                                            • Modifies data under HKEY_USERS
                                            • Suspicious behavior: EnumeratesProcesses
                                            PID:1576
                                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
                                              -h
                                              3⤵
                                              • Loads dropped DLL
                                              • System Location Discovery: System Language Discovery
                                              • Suspicious use of FindShellTrayWindow
                                              • Suspicious use of SetWindowsHookEx
                                              PID:4208
                                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe
                                              "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe"
                                              3⤵
                                              • Loads dropped DLL
                                              • System Location Discovery: System Language Discovery
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:5296
                                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe
                                                "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe" -v
                                                4⤵
                                                  PID:5216
                                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe
                                                "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe"
                                                3⤵
                                                • System Location Discovery: System Language Discovery
                                                • Suspicious behavior: EnumeratesProcesses
                                                • Suspicious use of SetWindowsHookEx
                                                PID:4608
                                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
                                                "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe"
                                                3⤵
                                                • System Location Discovery: System Language Discovery
                                                PID:3456
                                                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                                                  SRUtility.exe -r
                                                  4⤵
                                                  • System Location Discovery: System Language Discovery
                                                  PID:3100
                                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVirtualDisplay.exe
                                                "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVirtualDisplay.exe"
                                                3⤵
                                                • Suspicious use of SetWindowsHookEx
                                                PID:5344
                                                • C:\Windows\System32\cmd.exe
                                                  "C:\Windows\System32\cmd.exe" /c "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\install_driver64.bat" nosetkey
                                                  4⤵
                                                    PID:4584
                                                    • C:\Windows\system32\cmd.exe
                                                      C:\Windows\system32\cmd.exe /c ver
                                                      5⤵
                                                        PID:1052
                                                      • C:\Windows\system32\sc.exe
                                                        sc query ddmgr
                                                        5⤵
                                                        • Launches sc.exe
                                                        PID:4036
                                                      • C:\Windows\system32\sc.exe
                                                        sc query lci_proxykmd
                                                        5⤵
                                                        • Launches sc.exe
                                                        PID:2544
                                                      • C:\Windows\system32\rundll32.exe
                                                        rundll32 x64\my_setup.dll do_install_lci_proxywddm
                                                        5⤵
                                                        • Checks SCSI registry key(s)
                                                        • Modifies data under HKEY_USERS
                                                        PID:4600
                                              • C:\Windows\system32\svchost.exe
                                                C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
                                                1⤵
                                                • Drops file in Windows directory
                                                • Checks SCSI registry key(s)
                                                PID:5076
                                                • C:\Windows\system32\DrvInst.exe
                                                  DrvInst.exe "4" "1" "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\lci_iddcx.inf" "9" "4804066df" "0000000000000140" "WinSta0\Default" "0000000000000150" "208" "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10"
                                                  2⤵
                                                  • Drops file in System32 directory
                                                  • Drops file in Windows directory
                                                  • Checks SCSI registry key(s)
                                                  • Modifies data under HKEY_USERS
                                                  PID:3524
                                                • C:\Windows\system32\DrvInst.exe
                                                  DrvInst.exe "4" "1" "c:\program files (x86)\splashtop\splashtop remote\server\driver\lcidisplay\win10\lci_proxywddm.inf" "9" "4a8a251e7" "000000000000014C" "WinSta0\Default" "0000000000000174" "208" "c:\program files (x86)\splashtop\splashtop remote\server\driver\lcidisplay\win10"
                                                  2⤵
                                                  • Drops file in System32 directory
                                                  • Drops file in Windows directory
                                                  • Checks SCSI registry key(s)
                                                  • Modifies data under HKEY_USERS
                                                  PID:4992
                                                • C:\Windows\system32\DrvInst.exe
                                                  DrvInst.exe "2" "211" "ROOT\SYSTEM\0001" "C:\Windows\INF\oem4.inf" "oem4.inf:c276d4b8d1e66062:lci_proxywddm.Install:1.0.2018.1204:root\lci_proxywddm," "4a8a251e7" "000000000000014C"
                                                  2⤵
                                                  • Drops file in Drivers directory
                                                  • Drops file in System32 directory
                                                  • Checks SCSI registry key(s)
                                                  PID:5980
                                                • C:\Windows\system32\DrvInst.exe
                                                  DrvInst.exe "1" "0" "LCI\IDDCX\1&79f5d87&0&WHO_CARE" "" "" "48ef22a9f" "0000000000000000"
                                                  2⤵
                                                  • Drops file in Drivers directory
                                                  • Drops file in Windows directory
                                                  • Checks SCSI registry key(s)
                                                  PID:5172
                                              • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe
                                                "C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe"
                                                1⤵
                                                • Drops file in Program Files directory
                                                • Modifies data under HKEY_USERS
                                                PID:4512
                                                • C:\Windows\System32\sc.exe
                                                  "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                                                  2⤵
                                                  • Launches sc.exe
                                                  PID:2104
                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                                                  "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe" 858b08ed-8cd9-4ed7-8379-463c2fd48d58 "1611789f-27fc-42f6-a94e-da238860eb7f" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBZENvbW1hbmRUeXBlIjo1LCJJbnN0YWxsYXRpb25GaWxlVXJsIjoiaHR0cHM6Ly9wYWNrYWdlc3N0b3JlLmJsb2IuY29yZS53aW5kb3dzLm5ldC9pbnN0YWxsZXJzL0FueURlc2svV2luZG93cy9BZ2VudF9BbnlEZXNrX0N1c3RvbV9DbGllbnRfOS4wLjUubXNpIiwiRm9yY2VJbnN0YWxsIjpmYWxzZSwiVGFyZ2V0VmVyc2lvbiI6IjkuMC41In0=" 001Q300000S8v2hIAB
                                                  2⤵
                                                    PID:6004
                                                  • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Software\Agent.Package.Software.exe
                                                    "C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Software\Agent.Package.Software.exe" 858b08ed-8cd9-4ed7-8379-463c2fd48d58 "d6bd586d-d418-4c3a-8b7d-c03ff05ff1d8" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIyZ2V0LWluc3RhbGxlZC1zb2Z0d2FyZVx1MDAyMixcdTAwMjJDYWNoZVR0bEhvdXJzXHUwMDIyOjEyfSJ9" 001Q300000S8v2hIAB
                                                    2⤵
                                                      PID:4568
                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                                      "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" 858b08ed-8cd9-4ed7-8379-463c2fd48d58 "9423a464-bd80-4241-a779-cf5672e55cd8" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000S8v2hIAB
                                                      2⤵
                                                        PID:5156
                                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                        "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 858b08ed-8cd9-4ed7-8379-463c2fd48d58 "1691aab3-1542-4491-b295-de27b68869de" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000S8v2hIAB
                                                        2⤵
                                                          PID:1420
                                                          • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                            "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                                                            3⤵
                                                            • Drops file in System32 directory
                                                            • Command and Scripting Interpreter: PowerShell
                                                            • Modifies data under HKEY_USERS
                                                            PID:3700
                                                          • C:\Windows\System32\cmd.exe
                                                            "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                                                            3⤵
                                                              PID:224
                                                              • C:\Windows\system32\cscript.exe
                                                                cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                                                                4⤵
                                                                • Modifies data under HKEY_USERS
                                                                PID:808
                                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                                                            "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe" 858b08ed-8cd9-4ed7-8379-463c2fd48d58 "541f9dd4-76e1-4e09-bfed-bac63697cf00" agent-api.atera.com/Production 443 or8ixLi90Mf "agentprovision" 001Q300000S8v2hIAB
                                                            2⤵
                                                            • Modifies data under HKEY_USERS
                                                            PID:4296
                                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                                                            "C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe" 858b08ed-8cd9-4ed7-8379-463c2fd48d58 "82a92a97-1bba-495a-bb61-dc776fa4797d" agent-api.atera.com/Production 443 or8ixLi90Mf "connect" 001Q300000S8v2hIAB
                                                            2⤵
                                                              PID:2104
                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                                              "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" 858b08ed-8cd9-4ed7-8379-463c2fd48d58 "44948069-df27-49e1-a1fa-e3a68553d947" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q300000S8v2hIAB
                                                              2⤵
                                                                PID:4924
                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                                                                "C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe" 858b08ed-8cd9-4ed7-8379-463c2fd48d58 "b7847b2d-6dee-41ee-80d8-bf86ebeb94ec" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIybWFpbnRlbmFuY2VcdTAwMjIsXHUwMDIyRW5hYmxlZFx1MDAyMjpmYWxzZSxcdTAwMjJSZXBlYXRJbnRlcnZhbE1pbnV0ZXNcdTAwMjI6MTAsXHUwMDIyRGF5c0ludGVydmFsXHUwMDIyOjEsXHUwMDIyUmVwZWF0RHVyYXRpb25EYXlzXHUwMDIyOjF9In0=" 001Q300000S8v2hIAB
                                                                2⤵
                                                                  PID:6048
                                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                                  "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 858b08ed-8cd9-4ed7-8379-463c2fd48d58 "23aebf88-01ba-4b88-aa6f-f1fda7fcefe2" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000S8v2hIAB
                                                                  2⤵
                                                                  • Writes to the Master Boot Record (MBR)
                                                                  PID:4016
                                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                                  "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 858b08ed-8cd9-4ed7-8379-463c2fd48d58 "0d64d4e9-1d95-444c-aeb3-78f7328ae76c" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded" 001Q300000S8v2hIAB
                                                                  2⤵
                                                                    PID:2076
                                                                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                                                                      "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe" -a "st-streamer://com.splashtop.streamer?rmm_code=hZCDFPhK75mJ&rmm_session_pwd=97e21f2cfc4f95c19854ec3f979c57d0&rmm_session_pwd_ttl=86400"
                                                                      3⤵
                                                                      • System Location Discovery: System Language Discovery
                                                                      PID:1100
                                                                  • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                                                                    "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe" 858b08ed-8cd9-4ed7-8379-463c2fd48d58 "788b2e8b-2eff-47a8-8eb0-c6d419de16a0" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJDb21tYW5kTmFtZSI6Imluc3RhbGxkb3RuZXQiLCJEb3ROZXRWZXJzaW9uIjoiOC4wLjExIiwiTWFjQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzU1ZWIyYTQ5LTI1MjMtNDAyZS1iNjIzLTdhOTAxN2I4YmRlZi84Y2NkNDBhMjEzZWMyOTY0YWY0MTlmOWY3MjI2MzAyNy9kb3RuZXQtcnVudGltZS04LjAuMTEtb3N4LWFybTY0LnBrZyIsIk1hY1g2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci8zZjkyNmRkMi1kMjM0LTQzN2EtOGY2YS1lYTZkNzdjMzY4NGMvM2U4MzZhMzQ1YjEzNjA5MTcxM2E3NjliODdmMzQ5OTMvZG90bmV0LXJ1bnRpbWUtOC4wLjExLW9zeC14NjQucGtnIiwiV2luQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzljZjYyYmI3LTAyZmEtNDA3Mi1iNzY1LTVlMDRhZDA4OTc4OC8zZjM0ZGQ1NjU5Zjk5MTcyYWVhN2M0Y2M5ZGM3YTk3NS9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLWFybTY0LmV4ZSIsIldpblg2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci81M2U5ZTQxYy1iMzYyLTQ1OTgtOTk4NS00NWY5ODk1MTgwMTYvNTNjNWUxOTE5YmEyZmUyMzI3M2YyYWJhZmY2NTU5NWIvZG90bmV0LXJ1bnRpbWUtOC4wLjExLXdpbi14NjQuZXhlIiwiV2luWDg2RG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2E4ZDFhNDg5LTYwZDYtNGU2My05M2VlLWFiOWM0NGQ3OGIwZC81NTE5Zjk5ZmY1MGRlNmUwOTZiYjFkMjY2ZGQwZTY2Ny9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLXg4Ni5leGUiLCJNYWNBUk1DaGVja3N1bSI6Im1kZUhHZFVWTllIM21IcW1FMGJMaG5mNUpqNWNVaUZvdHFVSUk3bXltVEZKTXkwYzNvNWZ2YlFJSFx1MDAyQlU4bHA2QVdWZllPeS9wbXFLREpZZ3lTN3gyNEE9PSIsIk1hY1g2NENoZWNrc3VtIjoiTUdaVmR6Z0xqbjlIWmFZU21OWi9oMDZibVNRWS9ZSVJQeTdhQzNkM0kveWtLTFx1MDAyQkNubmUweUtQd1h5TW9pSHpONEtqWGZIeGdwcW0wWHJuaDlNSE04Zz09IiwiV2luQVJNQ2hlY2tzdW0iOiJWMEs0bVZwbFx1MDAyQjkxd0FYMWlZWEZyV2EyTTdORldYSjAvT29KSjMzQklWRlV1WXRzSE14TUsydWxnaTdcdTAwMkJQc1QwY1paeFBORDlhZ2t0dWZXRnZwMDl0b1E9PSIsIldpblg2NENoZWNrc3VtIjoiM05UbUVqazRubEg2Tm5ra1RmS2N1L1E5M1FNRlZHUjUxa3hlSGFQQTlESXZZS0N2VmpkYUxUNEpVY2x6VkcyL2djQW1pXHUwMDJCVXlrYXJkV2piR1hEXHUwMDJCUUh3PT0iLCJXaW5YODZDaGVja3N1bSI6InREanNWcmljT3g4RkJ1TEFzUjFVTXd4d2tQUktLOHhVdURSVVQ0L0E1b3NrdjVKdE03UzFrejBuU2FFMXRzY2JtcDROeDZ3SUNPUmZxRkJINzNlUnF3PT0iLCJXb3Jrc3BhY2VJZCI6ImJmMGNlNDlkLTc3Y2YtNDcyMS1iZjcwLTU3Njg2MzgzYzlhYiIsIkxvZ05hbWUiOiJEb3ROZXRSdW50aW1lSW5zdGFsbGF0aW9uUmVwb3J0IiwiU2hhcmVkS2V5IjoialVJUy9UOUNSVkRlS3hZZzRVcjNhQ2hoV1F1Y1k3UFZ2d2cwekh1cUpzY3JUampRMkx3SzZVamZ1N2NBMk5wckFSMHIvU1JBWEpZWWxkUEtLRnlLS1E9PSJ9" 001Q300000S8v2hIAB
                                                                    2⤵
                                                                    • Drops file in Program Files directory
                                                                    PID:5832
                                                                    • C:\Windows\SYSTEM32\cmd.exe
                                                                      "cmd.exe" /K "cd /d C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                                                                      3⤵
                                                                      • System Time Discovery
                                                                      PID:1268
                                                                      • C:\Program Files\dotnet\dotnet.exe
                                                                        dotnet --list-runtimes
                                                                        4⤵
                                                                        • System Time Discovery
                                                                        PID:4968
                                                                  • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                                                    "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" 858b08ed-8cd9-4ed7-8379-463c2fd48d58 "0ab30545-b5f1-4e91-bca3-fc6e7729354b" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates" 001Q300000S8v2hIAB
                                                                    2⤵
                                                                      PID:5432
                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                                                                      "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" 858b08ed-8cd9-4ed7-8379-463c2fd48d58 "b574a425-d8a7-4ab1-931a-450345bab747" agent-api.atera.com/Production 443 or8ixLi90Mf "probe" 001Q300000S8v2hIAB
                                                                      2⤵
                                                                        PID:1132
                                                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                                        "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" 858b08ed-8cd9-4ed7-8379-463c2fd48d58 "2d5a8a98-5aa9-42e1-9029-0074377df3f7" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000S8v2hIAB
                                                                        2⤵
                                                                        • Modifies registry class
                                                                        PID:1740
                                                                    • C:\Windows\system32\cmd.exe
                                                                      C:\Windows\system32\cmd.exe /c "C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" /burn.runonce
                                                                      1⤵
                                                                      • System Time Discovery
                                                                      PID:5392
                                                                      • C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe
                                                                        "C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" /burn.runonce
                                                                        2⤵
                                                                        • System Location Discovery: System Language Discovery
                                                                        • System Time Discovery
                                                                        PID:3420
                                                                        • C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe
                                                                          "C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" /quiet /norestart /burn.log.append "C:\Windows\TEMP\Microsoft_.NET_Runtime_-_8.0.11_(x64)_20250414091147.log"
                                                                          3⤵
                                                                          • System Location Discovery: System Language Discovery
                                                                          • System Time Discovery
                                                                          PID:5784
                                                                          • C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe
                                                                            "C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" -burn.filehandle.attached=520 -burn.filehandle.self=540 /quiet /norestart /burn.log.append "C:\Windows\TEMP\Microsoft_.NET_Runtime_-_8.0.11_(x64)_20250414091147.log"
                                                                            4⤵
                                                                            • Checks computer location settings
                                                                            • System Location Discovery: System Language Discovery
                                                                            • System Time Discovery
                                                                            PID:804
                                                                            • C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe
                                                                              "C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" -q -burn.elevated BurnPipe.{06C81690-7F5D-4A1F-9B5D-C654209BE747} {86011A9A-00E2-4294-B40E-CCFB11E6D256} 804
                                                                              5⤵
                                                                              • Adds Run key to start application
                                                                              • System Location Discovery: System Language Discovery
                                                                              • System Time Discovery
                                                                              • Modifies registry class
                                                                              PID:5220
                                                                    • C:\Windows\system32\cmd.exe
                                                                      C:\Windows\system32\cmd.exe /c "C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" /burn.runonce
                                                                      1⤵
                                                                      • System Time Discovery
                                                                      PID:4164
                                                                      • C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe
                                                                        "C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" /burn.runonce
                                                                        2⤵
                                                                        • System Location Discovery: System Language Discovery
                                                                        • System Time Discovery
                                                                        PID:2904
                                                                        • C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe
                                                                          "C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe"
                                                                          3⤵
                                                                          • System Location Discovery: System Language Discovery
                                                                          • System Time Discovery
                                                                          PID:5424
                                                                          • C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe
                                                                            "C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" -burn.filehandle.attached=532 -burn.filehandle.self=540
                                                                            4⤵
                                                                            • System Location Discovery: System Language Discovery
                                                                            • System Time Discovery
                                                                            PID:3524

                                                                    Network

                                                                    MITRE ATT&CK Enterprise v16

                                                                    Reconnaissance

                                                                    Resource Development

                                                                    Initial Access

                                                                    Execution

                                                                    Command and Scripting Interpreter

                                                                    1
                                                                    T1059

                                                                    PowerShell

                                                                    1
                                                                    T1059.001

                                                                    Persistence

                                                                    Boot or Logon Autostart Execution

                                                                    1
                                                                    T1547

                                                                    Registry Run Keys / Startup Folder

                                                                    1
                                                                    T1547.001

                                                                    Event Triggered Execution

                                                                    2
                                                                    T1546

                                                                    Component Object Model Hijacking

                                                                    1
                                                                    T1546.015

                                                                    Installer Packages

                                                                    1
                                                                    T1546.016

                                                                    Pre-OS Boot

                                                                    1
                                                                    T1542

                                                                    Bootkit

                                                                    1
                                                                    T1542.003

                                                                    Privilege Escalation

                                                                    Boot or Logon Autostart Execution

                                                                    1
                                                                    T1547

                                                                    Registry Run Keys / Startup Folder

                                                                    1
                                                                    T1547.001

                                                                    Event Triggered Execution

                                                                    2
                                                                    T1546

                                                                    Component Object Model Hijacking

                                                                    1
                                                                    T1546.015

                                                                    Installer Packages

                                                                    1
                                                                    T1546.016

                                                                    Defense Evasion

                                                                    Modify Registry

                                                                    2
                                                                    T1112

                                                                    Pre-OS Boot

                                                                    1
                                                                    T1542

                                                                    Bootkit

                                                                    1
                                                                    T1542.003

                                                                    Subvert Trust Controls

                                                                    1
                                                                    T1553

                                                                    Install Root Certificate

                                                                    1
                                                                    T1553.004

                                                                    System Binary Proxy Execution

                                                                    1
                                                                    T1218

                                                                    Msiexec

                                                                    1
                                                                    T1218.007

                                                                    Credential Access

                                                                    Discovery

                                                                    Peripheral Device Discovery

                                                                    2
                                                                    T1120

                                                                    Query Registry

                                                                    5
                                                                    T1012

                                                                    System Information Discovery

                                                                    4
                                                                    T1082

                                                                    System Location Discovery

                                                                    1
                                                                    T1614

                                                                    System Language Discovery

                                                                    1
                                                                    T1614.001

                                                                    System Time Discovery

                                                                    1
                                                                    T1124

                                                                    Lateral Movement

                                                                    Collection

                                                                    Command and Control

                                                                    Exfiltration

                                                                    Impact

                                                                    Replay Monitor

                                                                    Loading Replay Monitor...

                                                                    Downloads

                                                                    • C:\Config.Msi\e579a9b.rbs
                                                                      Filesize

                                                                      8KB

                                                                      MD5

                                                                      1a43eb248d772aef24c342c4e9caea6c

                                                                      SHA1

                                                                      6ed543f9e1b55c3b76a6e20d2e0aa896c18dd942

                                                                      SHA256

                                                                      8658c5581248509cdc6ec2440a810f79207b7f37d70d2c936a4142a083641142

                                                                      SHA512

                                                                      42cc49daf622679fbe4f459e673dfd26f541c91fef1f1b984cf454536146fd88eaa6c7c42e1ace28f870f9877ba0fab4f336f3fa620a1fa071f23e2b7989a75e

                                                                      Download Submit

                                                                    • C:\Config.Msi\e579aa0.rbs
                                                                      Filesize

                                                                      74KB

                                                                      MD5

                                                                      27158953f46fe26d4bfbdb3be1bd2d6f

                                                                      SHA1

                                                                      aa274b3e458530fd6a18e7ad48e9932aab236ca0

                                                                      SHA256

                                                                      fc4d58a8d05caf8abf75932495c7df7996d28e4d697158114b54517181bc26c5

                                                                      SHA512

                                                                      95b51d5e1ab7d872b7f06fbcc1dd3a7739316ea112f6ccc81766be9ed7073330f28188889207aa393e3a8a33bd061046f610bcd115f74097f40d5c2128c53ade

                                                                      Download Submit

                                                                    • C:\Config.Msi\e579aa2.rbs
                                                                      Filesize

                                                                      464B

                                                                      MD5

                                                                      6209f9b457aa983bce813565dff5364d

                                                                      SHA1

                                                                      4794c682b4d8e69ccff7d7d7322bcb48d277f07b

                                                                      SHA256

                                                                      a3711cb45d1cbfb549a6ffc5d3603c8c46a4e8848a389499613d6996cb2976a6

                                                                      SHA512

                                                                      253a88a2dd5fa01145c9a2f6175cd3828e79aaa8a149ab2f8106ec56f4bd3f852bd8484a27893aa455cef1ea2554f8898af63e4a5c2070551513f7f504c7db67

                                                                      Download Submit

                                                                    • C:\Config.Msi\e579aa8.rbs
                                                                      Filesize

                                                                      9KB

                                                                      MD5

                                                                      84e8f53d24a5fec4605619f796dee4c5

                                                                      SHA1

                                                                      61653a3bf3798cb5c2ad79dbec9ecff67dedec4d

                                                                      SHA256

                                                                      fb6edad099b641f4b09f6a559b2ae42f8abe45518516ee36d6421987f403116c

                                                                      SHA512

                                                                      b872d9fb8188f475325615911298968ce1a41ff56d73ad8900e77372f8e755b746d1888e2902f29dc8a047528f268b817fda5143aa80a8c3079ff7b12f454dd3

                                                                      Download Submit

                                                                    • C:\Config.Msi\e579ab0.rbs
                                                                      Filesize

                                                                      8KB

                                                                      MD5

                                                                      d242b81d42ca67002a8214871c358296

                                                                      SHA1

                                                                      0f246a977c754e92a5af40ede831a5649e8a2580

                                                                      SHA256

                                                                      8e97af64db912a343cdf83b8af5d8e60deff4a38c45d02e8d08307aa592f5050

                                                                      SHA512

                                                                      a47b1ff421e08b2b87db88bbc15a0f80af1bd56c75e7056297ff09355dee69f4915914c7701641903ca572ceab4bf9048d560e58484ff28b8e507b3ab856d037

                                                                      Download Submit

                                                                    • C:\Config.Msi\e579ab5.rbs
                                                                      Filesize

                                                                      48KB

                                                                      MD5

                                                                      ba91031c4648aa8845e9fcdb2d3a5b49

                                                                      SHA1

                                                                      f0d76ce05b1029b45c8d0a4548a1f365e72b658a

                                                                      SHA256

                                                                      72e10509c7afeadd11bacab65d8c60bff145d361bdcfa87cc30bf88f1ff2fdcc

                                                                      SHA512

                                                                      484a7ce441a12fd48a6693d10b9aa5c35e5038ac4350eb866affd8e0f81942d8ac8469019b2fca17036074f1a62305c9ce13319fd722dffd78c5375ea476e343

                                                                      Download Submit

                                                                    • C:\Config.Msi\e579aba.rbs
                                                                      Filesize

                                                                      9KB

                                                                      MD5

                                                                      d893eca05d450a0bb99bc3193a5d5e93

                                                                      SHA1

                                                                      a9f08288ae67ceab58d7cd88c73075d1053a353e

                                                                      SHA256

                                                                      1c85f99368fe3fc24ce2660bb3725f652839bd93171d77e62cef6d9a9e14461c

                                                                      SHA512

                                                                      564da5c47dbc075a02acd987bfbf816f175df748f3df627ddd2b49c68b11b93fc874ae9463287f92812c2bb5438907dbeab72e335a90ecc9fb62aaedfde75185

                                                                      Download Submit

                                                                    • C:\Config.Msi\e579abf.rbs
                                                                      Filesize

                                                                      11KB

                                                                      MD5

                                                                      bfd5ac476cfdb1e7d4b2434a33d76cd5

                                                                      SHA1

                                                                      4653d8280b20e86578124b944696ceb6bb75dc98

                                                                      SHA256

                                                                      05be446ee695120947d091833a5c20f4172600dfe87566d8dea337ecca522991

                                                                      SHA512

                                                                      14972c258698cc90e9d41f596bfd949c2c72720aa05afe2d9856ece94686d7b391de47088991894cc858a1dd78367d5b772375f32ecc7fcaa6a10368f815f70d

                                                                      Download Submit

                                                                    • C:\Config.Msi\e579ac4.rbs
                                                                      Filesize

                                                                      8KB

                                                                      MD5

                                                                      6558f124d64a4fdec788bc5b139fc9ef

                                                                      SHA1

                                                                      638ebbfd12e05f4657f0d2ae0220a34b5d24cb98

                                                                      SHA256

                                                                      433429c3659436ffdf02ef1777e0524d5c9ab9b2bd4fdb37165c2d679abc2bef

                                                                      SHA512

                                                                      a4d5c02e4d5c5318209bd598dac9723f1ca2e759f1df5cf56cc78e2c83714c069e7d7899c015857781b9df544c5e3e40e1dea71454ca2aa0e53a9d0f7ca667d0

                                                                      Download Submit

                                                                    • C:\Config.Msi\e579ac5.rbf
                                                                      Filesize

                                                                      143KB

                                                                      MD5

                                                                      33b4c87f18b4c49114d7a8980241657a

                                                                      SHA1

                                                                      254c67b915e45ad8584434a4af5e06ca730baa3b

                                                                      SHA256

                                                                      587296f3ff624295079471e529104385e5c30ddc46462096d343c76515e1d662

                                                                      SHA512

                                                                      42b48b4dcd76a8b2200cfafddc064c053a9d1a4b91b81dee9153322c0b2269e4d75f340c1bf7e7750351fb656445efaf1e1fe0f7e543497b247dd3f83f0c86f9

                                                                      Download Submit

                                                                    • C:\Config.Msi\e579ac6.rbf
                                                                      Filesize

                                                                      3B

                                                                      MD5

                                                                      21438ef4b9ad4fc266b6129a2f60de29

                                                                      SHA1

                                                                      5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd

                                                                      SHA256

                                                                      13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354

                                                                      SHA512

                                                                      37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                                                      Filesize

                                                                      1KB

                                                                      MD5

                                                                      3840b31c383fdf49bfd6740d945c9032

                                                                      SHA1

                                                                      a6f50164a69718bcef4664d7c47534f0d721866a

                                                                      SHA256

                                                                      1f119f4fda8028b420e70ee1637c65e2b4198b41eb3eb44d911afa6f1a0bbc64

                                                                      SHA512

                                                                      f5315421d4bc5f08fef4e1449e5799ddf311f08eda317a9eaad8c88c2e7b7c26182bd586c0221ffe5f4112e5d6e05f5d45d2d0382b0ed51ca25aa94d4d95a84d

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                      Filesize

                                                                      142KB

                                                                      MD5

                                                                      477293f80461713d51a98a24023d45e8

                                                                      SHA1

                                                                      e9aa4e6c514ee951665a7cd6f0b4a4c49146241d

                                                                      SHA256

                                                                      a96a0ba7998a6956c8073b6eff9306398cc03fb9866e4cabf0810a69bb2a43b2

                                                                      SHA512

                                                                      23f3bd44a5fb66be7fea3f7d6440742b657e4050b565c1f8f4684722502d46b68c9e54dcc2486e7de441482fcc6aa4ad54e94b1d73992eb5d070e2a17f35de2f

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config
                                                                      Filesize

                                                                      1KB

                                                                      MD5

                                                                      b3bb71f9bb4de4236c26578a8fae2dcd

                                                                      SHA1

                                                                      1ad6a034ccfdce5e3a3ced93068aa216bd0c6e0e

                                                                      SHA256

                                                                      e505b08308622ad12d98e1c7a07e5dc619a2a00bcd4a5cbe04fe8b078bcf94a2

                                                                      SHA512

                                                                      fb6a46708d048a8f964839a514315b9c76659c8e1ab2cd8c5c5d8f312aa4fb628ab3ce5d23a793c41c13a2aa6a95106a47964dad72a5ecb8d035106fc5b7ba71

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll
                                                                      Filesize

                                                                      210KB

                                                                      MD5

                                                                      c106df1b5b43af3b937ace19d92b42f3

                                                                      SHA1

                                                                      7670fc4b6369e3fb705200050618acaa5213637f

                                                                      SHA256

                                                                      2b5b7a2afbc88a4f674e1d7836119b57e65fae6863f4be6832c38e08341f2d68

                                                                      SHA512

                                                                      616e45e1f15486787418a2b2b8eca50cacac6145d353ff66bf2c13839cd3db6592953bf6feed1469db7ddf2f223416d5651cd013fb32f64dc6c72561ab2449ae

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll
                                                                      Filesize

                                                                      693KB

                                                                      MD5

                                                                      2c4d25b7fbd1adfd4471052fa482af72

                                                                      SHA1

                                                                      fd6cd773d241b581e3c856f9e6cd06cb31a01407

                                                                      SHA256

                                                                      2a7a84768cc09a15362878b270371daad9872caacbbeebe7f30c4a7ed6c03ca7

                                                                      SHA512

                                                                      f7f94ec00435466db2fb535a490162b906d60a3cfa531a36c4c552183d62d58ccc9a6bb8bbfe39815844b0c3a861d3e1f1178e29dbcb6c09fa2e6ebbb7ab943a

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                                                                      Filesize

                                                                      146KB

                                                                      MD5

                                                                      8d477b63bc5a56ae15314bda8dea7a3a

                                                                      SHA1

                                                                      3ca390584cd3e11172a014784e4c968e7cbb18f5

                                                                      SHA256

                                                                      9eec91cdd39cbb560ad5b1d063df67088f412da4b851ae41e71304fb8a444293

                                                                      SHA512

                                                                      44e3d91ad96b4cb919c06ccb91d3c3e31165b2412e1d78bfbaca0bee6f0c1a3253b3e3ddf19009cebf12c261a0392f6a0b7091cf8aba1d0cc4c1ed61c1b6dc42

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Software\Agent.Package.Software.exe
                                                                      Filesize

                                                                      145KB

                                                                      MD5

                                                                      32b43563e860a1797f9b5197b2893bec

                                                                      SHA1

                                                                      ef8125963e9382db994629865a929d9317e07b95

                                                                      SHA256

                                                                      a1b45513a6946b0d7b972429feb069ea6bb27670d3c5271db02455f26c451a69

                                                                      SHA512

                                                                      b8e299cac3b948f4af16544b558e9644f3402f9baca4f4a72a7074176b0507b5664fd92b2095e94d687323acec761f1f1899057364103199077e67216c05e6b2

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                                                                      Filesize

                                                                      145KB

                                                                      MD5

                                                                      2b9beb2fdbc41afc48d68d32ef41dd08

                                                                      SHA1

                                                                      4a9ea4cf8e02e34ef2dd0ef849ffc0cd9ea6f91c

                                                                      SHA256

                                                                      977d48979e30a146417937d7e11b26334edec2abddfae1369a9c4348e34857b1

                                                                      SHA512

                                                                      3e3c3e39ff2df0d1ed769e6c5acba6f7c5d2737d3c426fb4f0e19f3cf6c604707155917584e454a3f208524ed46766b7a3d2d861fa7419f8258c3b6022238e10

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                                                                      Filesize

                                                                      51KB

                                                                      MD5

                                                                      3180c705182447f4bcc7ce8e2820b25d

                                                                      SHA1

                                                                      ad6486557819a33d3f29b18d92b43b11707aae6e

                                                                      SHA256

                                                                      5b536eda4bff1fdb5b1db4987e66da88c6c0e1d919777623344cd064d5c9ba22

                                                                      SHA512

                                                                      228149e1915d8375aa93a0aff8c5a1d3417df41b46f5a6d9a7052715dbb93e1e0a034a63f0faad98d4067bcfe86edb5eb1ddf750c341607d33931526c784eb35

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.INI
                                                                      Filesize

                                                                      12B

                                                                      MD5

                                                                      eca4e75e54ad1f7399e57c18580474ab

                                                                      SHA1

                                                                      28fbde46981fa9643dccc45f556f4b2eee0bba54

                                                                      SHA256

                                                                      8e8a22eb5f91f1f8fdcfa57e849fda18ff69dbdc3e9da179302673780f597331

                                                                      SHA512

                                                                      d9f0ce128adcc236d4f570de6d41c2c002a455f5e73ff3144ef66590e46f5867fc144465ea4050b790b697450c66b4ee595fda4cbbadba2940e6406b99835e48

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                      Filesize

                                                                      248KB

                                                                      MD5

                                                                      51ecaf32a6076ecfa733ffa645634756

                                                                      SHA1

                                                                      a5b7560e810f9482290c15eedec92731ab10bb41

                                                                      SHA256

                                                                      b2b04d4e08c152d0f43764efc14f155e76fa1fba58475188cbd3cdc92e51f457

                                                                      SHA512

                                                                      83222a1b9253364190b2733409190427a01fd05c173a7a04bede45642ddf8619fc10d1067e73fd110a4d83c9da82728ad1e83d35326bb2787d8b46c27fa797a9

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config
                                                                      Filesize

                                                                      1021B

                                                                      MD5

                                                                      51a41966b950af62998eee5043f543b0

                                                                      SHA1

                                                                      d4ce80134834a1f10d50a6cac3ca3a3e80ff1dc2

                                                                      SHA256

                                                                      f1461b023e02fac832979ebf9bfa59ee7043885c90fc8ee6f8077f07a1cb7097

                                                                      SHA512

                                                                      9c4ba08451116f92036ce24075a641eb5973b740bb876cb8ec7229dae10308364404f175b8abd1f0d6eefa73b9123fa857bf2c3b39577d767831444f99435936

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll
                                                                      Filesize

                                                                      109KB

                                                                      MD5

                                                                      308b8f226c9731513b42fb975a39dfdb

                                                                      SHA1

                                                                      95aad91d1c3e97b3f9af8d955f1ee761f3714a89

                                                                      SHA256

                                                                      fbbd3028ed6e373ffd489f441871b3bb336280d9dbef7adf4bb358c6b195fcda

                                                                      SHA512

                                                                      7abd7675d5f85b2eb6321e9e18c6ee4388898c77e88086bae183d348763a1ee2efda322dfe05a478c29b9cdbada4667455f0e5e70e9bae932268b1cab811278c

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll
                                                                      Filesize

                                                                      693KB

                                                                      MD5

                                                                      8e004ca7e38e44a7ff12d0b519a6b1c2

                                                                      SHA1

                                                                      aba81436ea4b88c4f662029e8e105e3fa1dde139

                                                                      SHA256

                                                                      623918f6cb0d86fed4499655308916db984a5ff69afb90975cdb40611cf6e0c0

                                                                      SHA512

                                                                      b7b6621ac35fc89f50167036552bc729140d474c7e776b9757c0cfacd4203f118540d382a571055c1e8ef83ff4f4a988fd850acbce902919e87f3de0c1db4018

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                                                      Filesize

                                                                      27KB

                                                                      MD5

                                                                      797c9554ec56fd72ebb3f6f6bef67fb5

                                                                      SHA1

                                                                      40af8f7e72222ba9ec2ea2dd1e42ff51dc2eb1bb

                                                                      SHA256

                                                                      7138b6beda7a3f640871e232d93b4307065ab3cd9cfac1bd7964a6bec9e60f49

                                                                      SHA512

                                                                      4f461a8a25da59f47ced0c0dbf59318ddb30c21758037e22bbaa3b03d08ff769bfd1bfc7f43f0e020df8ae4668355ab4b9e42950dca25435c2dd3e9a341c4a08

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                                                      Filesize

                                                                      214KB

                                                                      MD5

                                                                      01807774f043028ec29982a62fa75941

                                                                      SHA1

                                                                      afc25cf6a7a90f908c0a77f2519744f75b3140d4

                                                                      SHA256

                                                                      9d4727352bf6d1cca9cba16953ebd1be360b9df570fd7ba022172780179c251e

                                                                      SHA512

                                                                      33bd2b21db275dc8411da6a1c78effa6f43b34afd2f57959e2931aa966edea46c78d7b11729955879889cbe8b81a8e3fb9d3f7e4988e3b7f309cbd1037e0dc02

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                                                                      Filesize

                                                                      37KB

                                                                      MD5

                                                                      efb4712c8713cb05eb7fe7d87a83a55a

                                                                      SHA1

                                                                      c94d106bba77aecf88540807da89349b50ea5ae7

                                                                      SHA256

                                                                      30271d8a49c2547ab63a80bc170f42e9f240cf359a844b10bc91340444678e75

                                                                      SHA512

                                                                      3594955ad79a07f75c697229b0de30c60c2c7372b5a94186a705159a25d2e233e398b9e2dc846b8b47e295dcddd1765a8287b13456c0a3b3c4e296409a428ef8

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring.zip
                                                                      Filesize

                                                                      3.5MB

                                                                      MD5

                                                                      723a7f489fb1861821fee5f5de0acba0

                                                                      SHA1

                                                                      ad76a8ec8cd52346c575894e08c458e1adf620b7

                                                                      SHA256

                                                                      0b1afe081f2e2aefdcf40cada67e79e287536999e99145748aeeb4f0010730f5

                                                                      SHA512

                                                                      b3ea87dd52d79b73b443154b71ea44da1ce86032bb4646d2a2813218e55113b3c1b854dc638229ecda370fa49863228dea1e86b6d455457095a9de865e25b0e1

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                                      Filesize

                                                                      396KB

                                                                      MD5

                                                                      b5929e2ca0e402a373b633bb78d0414a

                                                                      SHA1

                                                                      38146d4f3ddca1b1e854bf638b7722356e5e2195

                                                                      SHA256

                                                                      d7b43a4807e1841b94353656fcfd45b69f7550adf137c56aefb85104883fb821

                                                                      SHA512

                                                                      65e02019656d61238b8fc784496eb6ccf238a5f6eff9b101893641cb45d9c63058cf67abb2bc75007e9e2726458115eb8e9ad9a4cf34a86435ea637dc78c3ea6

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                                      Filesize

                                                                      48KB

                                                                      MD5

                                                                      9e00fbf48a37fb8e6bd2fa749d37c3b8

                                                                      SHA1

                                                                      1f749942ccc686b9251a09e5cc2c737c4b3ae67e

                                                                      SHA256

                                                                      0ca5d64da3556a1af864af8734964fbd82e67b1294c645dee30fce73a1c73d2b

                                                                      SHA512

                                                                      74d98a577cdb6015f14c168136e0f201d0bd0977071a4d8634af18ea8aae1a4cb8769beae39aa0217a4eee0a6ba365173c2640f1c17e3106d83ff4ceea4e621b

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                                                      Filesize

                                                                      303KB

                                                                      MD5

                                                                      3599654fec6a32f214fcd3169886703b

                                                                      SHA1

                                                                      523dece93e47234d1a1d4030e0f2504c3d16158b

                                                                      SHA256

                                                                      06cabbb9f17822cfa44ac78e33ef2d6381b12cb013e7a462586450ea7c6f26ee

                                                                      SHA512

                                                                      88de39813a91bbcc50ab7c0602585a943a6dbdca2c5418bf758c3f21791c0c1307c9dffda5b508d00dbb4cf76090fd5166311d26ada798f40a60cf3f3cf31fa8

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                                                                      Filesize

                                                                      53KB

                                                                      MD5

                                                                      8c105c1fdaac154d727df0ed34bca083

                                                                      SHA1

                                                                      3525fc304f7464876ec0bac3305d604e8a2340c9

                                                                      SHA256

                                                                      dd4b31b650621c6ee76bc65ef7d4a56901fc4d6629816e64c3fbe2539ea6d4e2

                                                                      SHA512

                                                                      47793671c67625a5595c09f87bcb592e403f9103a410a62d1e8d37b5d38ced47fb8efecb9fb7d55e5b41834923907af91aa8fbe884aecd73a888cfa7170fc9f4

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote.zip
                                                                      Filesize

                                                                      333KB

                                                                      MD5

                                                                      745714d838c4d4f88c6e0db6a434f444

                                                                      SHA1

                                                                      90689ce709bf2464b678c7afa7b1e18f080d52bb

                                                                      SHA256

                                                                      e35302995dad1d5e4b7147d8763f7262500271cf01eac8edfa896b392ac7139f

                                                                      SHA512

                                                                      08cbfac0b604530108978c757ad8481c69ed62deac5520777bacee9751f3f260d2c3158609fd723819d8d6626c46b302fe7da7005efc09ab571871ac9d58a0ed

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                                      Filesize

                                                                      70KB

                                                                      MD5

                                                                      e9b3a59f67febdd7f8fbe68d71c5d0ab

                                                                      SHA1

                                                                      22bd3ec3f8e0be2f317ade9d553acdb3ea11f52e

                                                                      SHA256

                                                                      bff4de54dacec104e1e63659857ca99d3e9658dcc09d6e1cbf54dc7b22629cbf

                                                                      SHA512

                                                                      00e95ea600777025a30e23c755522b869320ca445ac5bd74f123306457d0793efa338220cba9d064e5d25cc3dcf19d66e4e48d3a1c72d196eeb77fb61e4b0688

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                                                                      Filesize

                                                                      50KB

                                                                      MD5

                                                                      5bb0687e2384644ea48f688d7e75377b

                                                                      SHA1

                                                                      44e4651a52517570894cfec764ec790263b88c4a

                                                                      SHA256

                                                                      963a4c7863beae55b1058f10f38b5f0d026496c28c78246230d992fd7b19b70a

                                                                      SHA512

                                                                      260b661f52287af95c5033b0a03ac2e182211d165cadb7c4a19e5a8ca765e76fc84b0daf298c3eccb4904504a204194a9bf2547fc91039c3ec2d41f9977ff650

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                                      Filesize

                                                                      32KB

                                                                      MD5

                                                                      0308f32676d9211746048594a5bcb7c3

                                                                      SHA1

                                                                      5caf000789ba28a18de93a6ce536a352414fd871

                                                                      SHA256

                                                                      0c64ec6ff34865a8d2fc0e267ead43c8f70a6dc36ab476af6748797995f4bc43

                                                                      SHA512

                                                                      980248cf713fd9721f2a41aed19a227ad76c2bcbac928df70129b4e4441c62a00b5df5cda0a583cffd365424ea6a7625ded6132f89ed70aa61c851b90b2487d2

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                      Filesize

                                                                      60KB

                                                                      MD5

                                                                      99c72ae773f0e16818bc628e6c30272a

                                                                      SHA1

                                                                      901b18faa2eeb35946746bcf80a3ed7a67f6daab

                                                                      SHA256

                                                                      9159d0f626aebaca406d0ff9abfe19d6153f3d6eefbc1f831a48c17f4aea7a81

                                                                      SHA512

                                                                      f05b5884ab3f8b2c0960c2ccbb982555948d293fd37bd29df1157d40c138f1eed6fc94ac5a7d7a4fd098755e9d242d4da992d073ddffcc8f0c543e538b322633

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll
                                                                      Filesize

                                                                      588KB

                                                                      MD5

                                                                      17d74c03b6bcbcd88b46fcc58fc79a0d

                                                                      SHA1

                                                                      bc0316e11c119806907c058d62513eb8ce32288c

                                                                      SHA256

                                                                      13774cc16c1254752ea801538bfb9a9d1328f8b4dd3ff41760ac492a245fbb15

                                                                      SHA512

                                                                      f1457a8596a4d4f9b98a7dcb79f79885fa28bd7fc09a606ad3cd6f37d732ec7e334a64458e51e65d839ddfcdf20b8b5676267aa8ced0080e8cf81a1b2291f030

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt
                                                                      Filesize

                                                                      219B

                                                                      MD5

                                                                      c22b80ffd7f09d3627e52a29bcb93ee7

                                                                      SHA1

                                                                      42e045e1dd6bc962bc7b3e7ca5bc0a459fc356bb

                                                                      SHA256

                                                                      36605732fc4c3ef6e435e6359fc0fb3ee4b4a8f1096abfdcf7280e3b16201460

                                                                      SHA512

                                                                      5f2489b57a68cf4656ad90e585f2c6af2d6b53b7fa87409e7525e06d2010e5c4de118dc71f7c4eff5d42202ca64d4da669af7592e1cf5a8057dc4e695e074c9c

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd.exe
                                                                      Filesize

                                                                      9KB

                                                                      MD5

                                                                      1ef7574bc4d8b6034935d99ad884f15b

                                                                      SHA1

                                                                      110709ab33f893737f4b0567f9495ac60c37667c

                                                                      SHA256

                                                                      0814aad232c96a4661081e570cf1d9c5f09a8572cfd8e9b5d3ead0fa0f5ca271

                                                                      SHA512

                                                                      947c306a3a1eec7fce29eaa9b8d4b5e00fd0918fe9d7a25e262d621fb3ee829d5f4829949e766a660e990d1ac14f87e13e5dbd5f7c8252ae9b2dc82e2762fb73

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd64.exe
                                                                      Filesize

                                                                      10KB

                                                                      MD5

                                                                      f512536173e386121b3ebd22aac41a4e

                                                                      SHA1

                                                                      74ae133215345beaebb7a95f969f34a40dda922a

                                                                      SHA256

                                                                      a993872ad05f33cb49543c00dfca036b32957d2bd09aaa9dafe33b934b7a3e4a

                                                                      SHA512

                                                                      1efa432ef2d61a6f7e7fc3606c5c982f1b95eabc4912ea622d533d540ddca1a340f8a5f4652af62a9efc112ca82d4334e74decf6ddbc88b0bd191060c08a63b9

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon.exe
                                                                      Filesize

                                                                      76KB

                                                                      MD5

                                                                      b40fe65431b18a52e6452279b88954af

                                                                      SHA1

                                                                      c25de80f00014e129ff290bf84ddf25a23fdfc30

                                                                      SHA256

                                                                      800e396be60133b5ab7881872a73936e24cbebd7a7953cee1479f077ffcf745e

                                                                      SHA512

                                                                      e58cf187fd71e6f1f5cf7eac347a2682e77bc9a88a64e79a59e1a480cac20b46ad8d0f947dd2cb2840a2e0bb6d3c754f8f26fcf2d55b550eea4f5d7e57a4d91d

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon64.exe
                                                                      Filesize

                                                                      80KB

                                                                      MD5

                                                                      3904d0698962e09da946046020cbcb17

                                                                      SHA1

                                                                      edae098e7e8452ca6c125cf6362dda3f4d78f0ae

                                                                      SHA256

                                                                      a51e25acc489948b31b1384e1dc29518d19b421d6bc0ced90587128899275289

                                                                      SHA512

                                                                      c24ab680981d8d6db042b52b7b5c5e92078df83650cad798874fc09ce8c8a25462e1b69340083f4bcad20d67068668abcfa8097e549cfa5ad4f1ee6a235d6eea

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\db\SRAgent.sqlite3
                                                                      Filesize

                                                                      96KB

                                                                      MD5

                                                                      fbdb799977eca6984b1b2e22795a2946

                                                                      SHA1

                                                                      6d49fc33388af94d503f90aaf837a2452abe5e15

                                                                      SHA256

                                                                      fbce3a436d10350a937e56230cc8f3cd85c57595e4c2b84cb6c66622b2da85d6

                                                                      SHA512

                                                                      20a75b3490236ec7a7f87f6d1292383f2b2bfadb3569df18c8b4c608e26d52a6b7e0fa35bf2ef1e560fef6359e20d6bcaecad44e4bb8ec5ba543c3f9267ba91b

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                                                      Filesize

                                                                      433B

                                                                      MD5

                                                                      cf5f69533151675ab4f248fbc8cdedeb

                                                                      SHA1

                                                                      eb736e17118ac79e341b49eb29ea04433e65e66f

                                                                      SHA256

                                                                      e774620005d8e57306dcad1f2b427044f0be3da21897de56258fed1f8c565486

                                                                      SHA512

                                                                      e9954bab77bc76a3b85bcd988f05356c8dfa1f109c5fd58e5f2d214ed266ddbc520159a416fbfb0a4e24133b143e873ee3d9e88d62db4c486403215d76394f84

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                                                      Filesize

                                                                      717B

                                                                      MD5

                                                                      ef0a07aec4367a64c16c581da2657aa9

                                                                      SHA1

                                                                      13011a5abcbadb3424fb6ecee560665556bb1d24

                                                                      SHA256

                                                                      f8c02541eba2fde1b29b3ce428cbb0f1913110d4bba9b52f7252f728e9fce987

                                                                      SHA512

                                                                      35cfaedb4e5f754dde69f4cef508bbd6127408c405baa5ee2e20104f9aaa1ff2a228f0bfa42d51dcd1006e026ce238bd7042906e449ca78ef91e4d00b08c5c46

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallState
                                                                      Filesize

                                                                      7KB

                                                                      MD5

                                                                      362ce475f5d1e84641bad999c16727a0

                                                                      SHA1

                                                                      6b613c73acb58d259c6379bd820cca6f785cc812

                                                                      SHA256

                                                                      1f78f1056761c6ebd8965ed2c06295bafa704b253aff56c492b93151ab642899

                                                                      SHA512

                                                                      7630e1629cf4abecd9d3ddea58227b232d5c775cb480967762a6a6466be872e1d57123b08a6179fe1cfbc09403117d0f81bc13724f259a1d25c1325f1eac645b

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability.zip
                                                                      Filesize

                                                                      1.3MB

                                                                      MD5

                                                                      40df7f2a02cdfa70ae76d70d21473428

                                                                      SHA1

                                                                      4baddbc082fdb197c77bc1c232be2881a82a7ec8

                                                                      SHA256

                                                                      f037309cf6b0174ba282106da31c141e3912486c69c438a53afe7ff589743dc2

                                                                      SHA512

                                                                      2522483e9d1b9fc20f14ffab3dcb2a9e5735a260e08e7196a05319076ad9b4d7a9fe94b28c52559022f003d2fe55ec5e4abcecb1b11f4000e804dae5b1c0126f

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Software.zip
                                                                      Filesize

                                                                      1.6MB

                                                                      MD5

                                                                      0e716ebf03f2937d544ecd16508a2606

                                                                      SHA1

                                                                      13ea3144117ed76c3347d9e29cb4398c329c79d4

                                                                      SHA256

                                                                      57603d1a9b47fb699a5ec6747eaad408fff65f35bee665bdccff9d09334bd608

                                                                      SHA512

                                                                      4680687f19fa46d089b5c80c6b83d6822eb70a27ec9586a9d602ac14afda6a918b02adbc3567205378c0fea59715119acb5a32ea16366ebf48382553496ba763

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog.zip
                                                                      Filesize

                                                                      1.8MB

                                                                      MD5

                                                                      5ed9543e9f5826ead203316ef0a8863d

                                                                      SHA1

                                                                      8235c0e7568ec42d6851c198adc76f006883eb4b

                                                                      SHA256

                                                                      33583a8e2dcf039382e80bfa855944407bcba71976ec41c52810cb8358f42043

                                                                      SHA512

                                                                      5b4318ddc6953f31531ee8163463259da5546f1018c0fe671280337751f1c57398a5fd28583afba85e93d70167494b8997c23fee121e67bf2f6fb4ca076e9d9f

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.runtimeconfig.json
                                                                      Filesize

                                                                      375B

                                                                      MD5

                                                                      e8d9109bd15637b1fbf349f9c7ff776f

                                                                      SHA1

                                                                      19762daa20afc8085ba6417a7215f1fe2d619f60

                                                                      SHA256

                                                                      c4a84cdd787cb31aaa46e8282f7d288f0641fdaa4252ac78979340131c8b9110

                                                                      SHA512

                                                                      5cc792c0cdf32c4c893eebc6651aabed7428d2f467b58d3b58ad21dfce9dd4ee0924257b4699297f6d41069f27829ce8b8a711642f3208981761b48382d68b74

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote.zip
                                                                      Filesize

                                                                      1.1MB

                                                                      MD5

                                                                      9a9b1fd85b5f1dcd568a521399a0d057

                                                                      SHA1

                                                                      34ed149b290a3a94260d889ba50cb286f1795fa6

                                                                      SHA256

                                                                      88d5a5a4a1b56963d509989b9be1a914afe3e9ee25c2d786328df85da4a7820d

                                                                      SHA512

                                                                      7c1259dddff406fdaadb236bf4c7dfb734c9da34fd7bad9994839772e298ebf3f19f02eb0655e773ba82702aa9175337ba4416c561dc2cb604d08e271cc74776

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation.zip
                                                                      Filesize

                                                                      673KB

                                                                      MD5

                                                                      4273b6b6cf5856ffbed8ccbb31328892

                                                                      SHA1

                                                                      cbd8196a984b7da22ec10f4c1b3c835a384a395e

                                                                      SHA256

                                                                      f8853371616211c2eb21b999dbd4907c005183b34f67f06f3b4acfbf75093df6

                                                                      SHA512

                                                                      ae11669a9c28d820a7779713fb071a7c07fdbc2199312ea7ad6d61bc3b37e11be8fca720796d982a5eccc1b273a53fd37b9590e118d6101a71f01f3eada358d5

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat.zip
                                                                      Filesize

                                                                      321KB

                                                                      MD5

                                                                      d3901e62166e9c42864fe3062cb4d8d5

                                                                      SHA1

                                                                      c9c19eec0fa04514f2f8b20f075d8f31b78bae70

                                                                      SHA256

                                                                      dbc0e52e6de93a0567a61c7b1e86daa51fbef725a4a31eef4c9bbff86f43671c

                                                                      SHA512

                                                                      ae33e57759e573773b9bb79944b09251f0dc4e07cdb8f373ec06963abfc1e6a6326df7f3b5fecf90bd2b060e3cb5a48b913b745cc853ac32d2558a8651c76111

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller.zip
                                                                      Filesize

                                                                      814KB

                                                                      MD5

                                                                      9b1f97a41bfb95f148868b49460d9d04

                                                                      SHA1

                                                                      768031d5e877e347a249dfdeab7c725df941324b

                                                                      SHA256

                                                                      09491858d849212847e4718d6cc8f2b1bc3caa671ceb165cf522290b960262e4

                                                                      SHA512

                                                                      9c8929a78cb459f519ace48db494d710efd588a19a7dbea84f46d02563cc9615db8aa78a020f08eca6fa2b99473d15c8192a513b4df8073aef595040d8962ae4

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace.zip
                                                                      Filesize

                                                                      1.2MB

                                                                      MD5

                                                                      e74d2a16da1ddb7f9c54f72b8a25897c

                                                                      SHA1

                                                                      32379af2dc1c1cb998dc81270b7d6be054f7c1a0

                                                                      SHA256

                                                                      a0c2f9479b5e3da9d7a213ebc59f1dd983881f4fc47a646ffc0a191e07966f46

                                                                      SHA512

                                                                      52b8de90dc9ca41388edc9ae637d5b4ce5c872538c87cc3e7d45edcf8eff78b0f5743ab4927490abda1cff38f2a19983b7ccc0fe3f854b0eacca9c9ce28eda75

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.ini
                                                                      Filesize

                                                                      12B

                                                                      MD5

                                                                      b2d5d511002960697118598e9233b21d

                                                                      SHA1

                                                                      9f0c9252594d590e47027d9fb6afc34abbd3d6f1

                                                                      SHA256

                                                                      a7a70e5be36672e698230c01904255958bf3e5d81bb5655ffc8dc9221b6134be

                                                                      SHA512

                                                                      d773d1c77c59c51270ec4f1357ae227e81ca599a98798001ad2c587f1b54877501128a9895ebdc47a5d0a0372a2804ecdc9fb9b47f1ea53607c54eb74a4a7dd7

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                                      Filesize

                                                                      48KB

                                                                      MD5

                                                                      b4a865268d5aca5f93bab91d7d83c800

                                                                      SHA1

                                                                      95ac9334096f5a38ca1c92df31b1e73ae4586930

                                                                      SHA256

                                                                      5cbf60b0873660b151cf8cd62e326fe8006d1d0cbde2fad697e7f8ad3f284203

                                                                      SHA512

                                                                      c46ee29861f7e2a1e350cf32602b4369991510804b4b87985465090dd7af64cf6d8dbfa2300f73b2f90f6af95fc0cb5fd1e444b5ddb41dbc89746f04dca6137b

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                                      Filesize

                                                                      48KB

                                                                      MD5

                                                                      d4b4c7e9db5bbd9df9982d8eada0164e

                                                                      SHA1

                                                                      69d2e821a763a61f468aa31863d92e583bda596e

                                                                      SHA256

                                                                      81354f56ea1e92c30209274e2b5b90321d4801e2225a306255f08b836f2523f4

                                                                      SHA512

                                                                      e4e5dfcf34959bfad84e73d60f0e1d92b0ed43f0cedfea64347df79103615040d0472886e854556c61592b5b7fb93f29c538eb32813a1ed1fbb143752a1b3bfa

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                                      Filesize

                                                                      48KB

                                                                      MD5

                                                                      b40ef7bca97f936506d369f44cd78a9e

                                                                      SHA1

                                                                      db0cd26245a4d9aa25e7da4762e0638da99a0805

                                                                      SHA256

                                                                      bf1491a7f28138583d28512b34c8bea6aa11d91094c9457eb5fecb31d6885bf1

                                                                      SHA512

                                                                      f6952ee5d394a6d233eaa6d41e049a6fee41ec633f38ccb61113b19022484729842a0890acb320f5c370c4dc068b1613229512c19c2f5456c3a0b6be7a81990f

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates.zip
                                                                      Filesize

                                                                      2.8MB

                                                                      MD5

                                                                      a5b275a4daa8669700b6e9ce1e2c41d8

                                                                      SHA1

                                                                      85a982c682d19623010e9d595dbde72fba738161

                                                                      SHA256

                                                                      cf789fc90c44cb5064de670816131a12cd855c65a735da0f0210e2ca62697e4c

                                                                      SHA512

                                                                      e18d194855e459a7f7c06a0d2d2f205084f4f5d410b2b8c09db194198a959519b22c892fd712ed2ee3437c4a90f4e76a5c3c48e8f775c612c48981e8c0cdf1e8

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller.zip
                                                                      Filesize

                                                                      1.1MB

                                                                      MD5

                                                                      bccad70b35abf4bdd51d2cabe9e2a114

                                                                      SHA1

                                                                      2d255cb7170b6b592b4849fb9f00b0add0a99c48

                                                                      SHA256

                                                                      6d25105508b5e94af634d97f1751b9926adcbc5ad86f3bc2d79d26c4712d1c06

                                                                      SHA512

                                                                      394de4ffe8a9fcf9e4ca6038b3579dc04a6f1c15e8cb3428b10540726aaf563073a893efb14dba1d109af15994a0bf1370a0cd53de5a8c759ee123ed362e0b29

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe.config
                                                                      Filesize

                                                                      541B

                                                                      MD5

                                                                      d0efb0a6d260dbe5d8c91d94b77d7acd

                                                                      SHA1

                                                                      e33a8c642d2a4b3af77e0c79671eab5200a45613

                                                                      SHA256

                                                                      7d38534766a52326a04972a47caca9c05e95169725d59ab4a995f8a498678102

                                                                      SHA512

                                                                      a3f1cff570201b8944780cf475b58969332c6af9bea0a6231e59443b05fc96df06a005ff05f78954dbe2fec42da207f6d26025aa558d0a30a36f0df23a44a35c

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.ini
                                                                      Filesize

                                                                      12B

                                                                      MD5

                                                                      880d31390a25de6a9cd34463b46c75e6

                                                                      SHA1

                                                                      837af65938c9606b5de3c6f2195fc3e855554cd7

                                                                      SHA256

                                                                      425adf50cf113d68bd6aa8dc1015db43422bbc1c977933d5f8c1ecaabf18eb2e

                                                                      SHA512

                                                                      8e9dd066ff73625a5a55d1ece5ba1e4fb248ab14a32880a3d4d86266176cb4f1c61f8301e1ff49839c283affe877b9fbcd3bc2b9763c08b0b63ba56023c2282b

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools.zip
                                                                      Filesize

                                                                      670KB

                                                                      MD5

                                                                      96e50bbca30d75af7b8b40acf8dda817

                                                                      SHA1

                                                                      4b1255280dff8de8b7be47def58f83f6ec39ded6

                                                                      SHA256

                                                                      a3ad00ccb61bc87d58eb7977f68130b78a0b95e74d61e6a4624ac114ccde5736

                                                                      SHA512

                                                                      0034c08cb878b703f272e3fd2734bb928ff1bdba85cf79a151519b019c83bd4d199c80af0aa30db28ef82f7ee68a9d59dcaede92f83bfe8787f6a5d4d5e9817c

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing.zip
                                                                      Filesize

                                                                      3.1MB

                                                                      MD5

                                                                      9c8eb5e114c1446f78f1312256ab61e4

                                                                      SHA1

                                                                      6b820d9158359687e52878d72b6121b295ad6ffd

                                                                      SHA256

                                                                      3f5eef6b6777c84ebd4d957bf7c0ab096614554453339327286f7535dcc480f5

                                                                      SHA512

                                                                      2f8c831a7e75ce92fdbe005cd5bd7213850a4f8937ded0712210c69b8e1748732a6222ba5ec26ce9c2ee73b2a3b6e391551bf09b3db2914be5c7096ae7565c9c

                                                                      Download Submit

                                                                    • C:\Program Files\dotnet\dotnet.exe
                                                                      Filesize

                                                                      143KB

                                                                      MD5

                                                                      71026b098f8fb39c88b003df746d9fa0

                                                                      SHA1

                                                                      013ca259f551ad6f33db53fff0e121e74408e20e

                                                                      SHA256

                                                                      11058e8c2cd05f30dcf1775644bf19d2913c9a6d674c12f91d1896d95d9cc5c2

                                                                      SHA512

                                                                      9830be3444225a4b2f9fa4aedbc8af4f45fdb2548f0b6a2eba2a2a407ea3c7d8fd78c0e37fac66cafbdfad781ae78b076d225fd5c836a451f57a54053ccef9ad

                                                                      Download Submit

                                                                    • C:\ProgramData\Splashtop\Splashtop Remote Server\Credential\2b4ca70874a9e65d2e80c175203473c7
                                                                      Filesize

                                                                      16KB

                                                                      MD5

                                                                      b2e89027a140a89b6e3eb4e504e93d96

                                                                      SHA1

                                                                      f3b1b34874b73ae3032decb97ef96a53a654228f

                                                                      SHA256

                                                                      5f97b3a9d3702d41e15c0c472c43bea25f825401adbc6e0e1425717e75174982

                                                                      SHA512

                                                                      93fc993af1c83f78fd991cc3d145a81ee6229a89f2c70e038c723032bf5ad12d9962309005d94cdbe0ef1ab11dc5205f57bcf1bc638ee0099fedf88977b99a19

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                                      Filesize

                                                                      471B

                                                                      MD5

                                                                      290e260863726e0dfc70429f7c748fe3

                                                                      SHA1

                                                                      764a481bae3b550f170dea84c8ac979eeffe3c63

                                                                      SHA256

                                                                      c60adc10c629afa7a22a8d9b98f1224cbb3cc7b8f9cc4399b7e98b693b3a1060

                                                                      SHA512

                                                                      8f5727ac9659fdc615f7e7a5fd5f64758a77c34c35b2e783a68b13a06c7871b9d744cb33649d183375e969359b35c3472c93f6c86eb2f1572cc7a0577ae621bf

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_93E8F0A6DF0B1F1414474691911362FC
                                                                      Filesize

                                                                      727B

                                                                      MD5

                                                                      dc51fefcb17d7403d7bb44041b3dc713

                                                                      SHA1

                                                                      f79d84c234d0582bde296c0a0f44248e5fab22ae

                                                                      SHA256

                                                                      286ed5eea2c9d736b117a5d2a13c77d9b9f62e39d1b062e43587347a71ad6bf3

                                                                      SHA512

                                                                      0df68035bfbcc8225480574cdd6fa8b551fedb5a9e8312e903c224f3f313b41b1f5110b56371aefc5aa073f4be7177f6ff1204a95ca833cea316ec4212cce136

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                                      Filesize

                                                                      727B

                                                                      MD5

                                                                      e272717afaaca7a366e4a7188798038c

                                                                      SHA1

                                                                      777a11c8db0d2babe0995bc69b088912f02074d9

                                                                      SHA256

                                                                      c49731b00ec0ec46dfbe8d646820951c1ed2ca974c6ecf2fe2493c152d55a973

                                                                      SHA512

                                                                      cc9d1820d7b1262231c8b988917be19ef96b9972003c1c8a6a7a915386270b2d508db06ac86a1dfe25f6ca90c82463672ad302222c0589ec1a1865b7cc6e7aa2

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                                      Filesize

                                                                      400B

                                                                      MD5

                                                                      8a924c1cb9a527799a4b0799f886b36d

                                                                      SHA1

                                                                      8826c2fc5d521405232e5172f4e53106fcfb592b

                                                                      SHA256

                                                                      a17afcea2dfbca875a60a8652a4be7d4696dddbef596b8f30aeaf7c084504ac8

                                                                      SHA512

                                                                      9bceae101bfd3968684f65f9adf43322087c01a66ad6cb0e33db4df2c17260d4940d2b3de4f1856c4fadd9d962f174b2dcee894f6ac40d2e636cc0a70aa14c0f

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_93E8F0A6DF0B1F1414474691911362FC
                                                                      Filesize

                                                                      412B

                                                                      MD5

                                                                      47375f8340feb4447cbe265d588d50e4

                                                                      SHA1

                                                                      69d47b027ccf565b70fad5e1f3fe88ce1e7853c3

                                                                      SHA256

                                                                      47a88155d13e9b1c7580b858cf8216f5fb789d1c0354e7998a52ff4003f45405

                                                                      SHA512

                                                                      49e34863419a8ab6f7c2a9c329c9f44043abc852ec1c200092f517e42a7246d7cc16609bd09f5ece9a00f332ee33d6a7180200faec60be36a1c261685a97c2ba

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                                      Filesize

                                                                      412B

                                                                      MD5

                                                                      ff0d9caaf5aaa332a640d49d339b1966

                                                                      SHA1

                                                                      f27c51c8963c1b6679728737fa0452ed8a00d627

                                                                      SHA256

                                                                      a450090ee794ee4a9cb913045988e32ad522f404770706c8f536cd1637cc7875

                                                                      SHA512

                                                                      37f407408e8d95e34f9ebc3b6f6ad1a377ebf055f221a101964cbdfe88761ab59c6d701bcaf8eb2da8d70eb5fef3e0bddaf3c60c846fd98706d8b0e3a56631ad

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log
                                                                      Filesize

                                                                      651B

                                                                      MD5

                                                                      9bbfe11735bac43a2ed1be18d0655fe2

                                                                      SHA1

                                                                      61141928bb248fd6e9cd5084a9db05a9b980fb3a

                                                                      SHA256

                                                                      549953bd4fc8acc868a9374ec684ebd9e7b23939adf551016f3433b642697b74

                                                                      SHA512

                                                                      a78c52b2ddc057dabf260eeb744b9f55eab3374ad96e1938a291d2b17f204a0d6e1aa02802de75f0b2cd6d156540d2ddee15e889b89d5e619207054df4c1d483

                                                                      Download Submit

                                                                    • C:\Windows\Installer\MSI2F37.tmp
                                                                      Filesize

                                                                      4.5MB

                                                                      MD5

                                                                      08211c29e0d617a579ffa2c41bde1317

                                                                      SHA1

                                                                      4991dae22d8cdc6ca172ad1846010e3d9e35c301

                                                                      SHA256

                                                                      3334a7025ff6cd58d38155a8f9b9867f1a2d872964c72776c9bf4c50f51f9621

                                                                      SHA512

                                                                      d6ae36a09745fdd6d0d508b18eb9f3499a06a7eeafa0834bb47a7004f4b7d54f15fec0d0a45b7e6347a85c8091ca52fe4c679f6f23c3668efe75a660a8ce917f

                                                                      Download Submit

                                                                    • C:\Windows\Installer\MSI8952.tmp-\System.Management.dll
                                                                      Filesize

                                                                      60KB

                                                                      MD5

                                                                      878e361c41c05c0519bfc72c7d6e141c

                                                                      SHA1

                                                                      432ef61862d3c7a95ab42df36a7caf27d08dc98f

                                                                      SHA256

                                                                      24de61b5cab2e3495fe8d817fb6e80094662846f976cf38997987270f8bbae40

                                                                      SHA512

                                                                      59a7cbb9224ee28a0f3d88e5f0c518b248768ff0013189c954a3012463e5c0ba63a7297497131c9c0306332646af935dd3a1acf0d3e4e449351c28ec9f1be1fa

                                                                      Download Submit

                                                                    • C:\Windows\Installer\MSI9B17.tmp
                                                                      Filesize

                                                                      509KB

                                                                      MD5

                                                                      88d29734f37bdcffd202eafcdd082f9d

                                                                      SHA1

                                                                      823b40d05a1cab06b857ed87451bf683fdd56a5e

                                                                      SHA256

                                                                      87c97269e2b68898be87b884cd6a21880e6f15336b1194713e12a2db45f1dccf

                                                                      SHA512

                                                                      1343ed80dccf0fa4e7ae837b68926619d734bc52785b586a4f4102d205497d2715f951d9acacc8c3e5434a94837820493173040dc90fb7339a34b6f3ef0288d0

                                                                      Download Submit

                                                                    • C:\Windows\Installer\MSI9B17.tmp-\AlphaControlAgentInstallation.dll
                                                                      Filesize

                                                                      25KB

                                                                      MD5

                                                                      aa1b9c5c685173fad2dabebeb3171f01

                                                                      SHA1

                                                                      ed756b1760e563ce888276ff248c734b7dd851fb

                                                                      SHA256

                                                                      e44a6582cd3f84f4255d3c230e0a2c284e0cffa0ca5e62e4d749e089555494c7

                                                                      SHA512

                                                                      d3bfb4bd7e7fdb7159fbfc14056067c813ce52cdd91e885bdaac36820b5385fb70077bf58ec434d31a5a48245eb62b6794794618c73fe7953f79a4fc26592334

                                                                      Download Submit

                                                                    • C:\Windows\Installer\MSI9B17.tmp-\Microsoft.Deployment.WindowsInstaller.dll
                                                                      Filesize

                                                                      179KB

                                                                      MD5

                                                                      1a5caea6734fdd07caa514c3f3fb75da

                                                                      SHA1

                                                                      f070ac0d91bd337d7952abd1ddf19a737b94510c

                                                                      SHA256

                                                                      cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

                                                                      SHA512

                                                                      a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

                                                                      Download Submit

                                                                    • C:\Windows\Installer\MSI9EE1.tmp-\CustomAction.config
                                                                      Filesize

                                                                      1KB

                                                                      MD5

                                                                      bc17e956cde8dd5425f2b2a68ed919f8

                                                                      SHA1

                                                                      5e3736331e9e2f6bf851e3355f31006ccd8caa99

                                                                      SHA256

                                                                      e4ff538599c2d8e898d7f90ccf74081192d5afa8040e6b6c180f3aa0f46ad2c5

                                                                      SHA512

                                                                      02090daf1d5226b33edaae80263431a7a5b35a2ece97f74f494cc138002211e71498d42c260395ed40aee8e4a40474b395690b8b24e4aee19f0231da7377a940

                                                                      Download Submit

                                                                    • C:\Windows\Installer\MSI9EE1.tmp-\Newtonsoft.Json.dll
                                                                      Filesize

                                                                      695KB

                                                                      MD5

                                                                      715a1fbee4665e99e859eda667fe8034

                                                                      SHA1

                                                                      e13c6e4210043c4976dcdc447ea2b32854f70cc6

                                                                      SHA256

                                                                      c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

                                                                      SHA512

                                                                      bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

                                                                      Download Submit

                                                                    • C:\Windows\Installer\MSIA4C0.tmp
                                                                      Filesize

                                                                      211KB

                                                                      MD5

                                                                      a3ae5d86ecf38db9427359ea37a5f646

                                                                      SHA1

                                                                      eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

                                                                      SHA256

                                                                      c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

                                                                      SHA512

                                                                      96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

                                                                      Download Submit

                                                                    • C:\Windows\Installer\MSIC706.tmp
                                                                      Filesize

                                                                      219KB

                                                                      MD5

                                                                      928f4b0fc68501395f93ad524a36148c

                                                                      SHA1

                                                                      084590b18957ca45b4a0d4576d1cc72966c3ea10

                                                                      SHA256

                                                                      2bf33a9b9980e44d21d48f04cc6ac4eed4c68f207bd5990b7d3254a310b944ae

                                                                      SHA512

                                                                      7f2163f651693f9b73a67e90b5c820af060a23502667a5c32c3beb2d6b043f5459f22d61072a744089d622c05502d80f7485e0f86eb6d565ff711d5680512372

                                                                      Download Submit

                                                                    • C:\Windows\Installer\e579a9a.msi
                                                                      Filesize

                                                                      2.9MB

                                                                      MD5

                                                                      e52455d67d3d45211aae128bda4f57e9

                                                                      SHA1

                                                                      6d1a56218a110cb0bd5539f946fa0055ac0962ae

                                                                      SHA256

                                                                      7261e0c3d40bcaab476d265d98935c23379e2536e459503f27ecda30180db7d9

                                                                      SHA512

                                                                      c513dee257778c82cab976c10cb64c0d79e4d1f440b14d931a0996257b04770ca36b1620ad0ae70dae93ed517a0e97e08d65f9235479fa0a34c412bfe252851b

                                                                      Download Submit

                                                                    • C:\Windows\Installer\e579ab6.msi
                                                                      Filesize

                                                                      26.3MB

                                                                      MD5

                                                                      b9c6d23462adef092b8a5b7880531b03

                                                                      SHA1

                                                                      9e8c4f7f48d38fb54a93789a583852869c074f2d

                                                                      SHA256

                                                                      2e23da54aa1ff64de09021ab089c1be6d4a323bdf0d8f46f78b5c6a33df83109

                                                                      SHA512

                                                                      18623991c5690e516541eaf867f22b3a1a02317392178943143bedc7f7eda5e02e69665c3c4a5fa50ade516a191bbbf16fd71e60f3225f660fb10ebc25cd01a5

                                                                      Download Submit

                                                                    • C:\Windows\Installer\e579ab7.msi
                                                                      Filesize

                                                                      772KB

                                                                      MD5

                                                                      d73de5788ab129f16afdd990d8e6bfa9

                                                                      SHA1

                                                                      88cb87af50ea4999e2079d9269ce64c8eb1a584e

                                                                      SHA256

                                                                      4f9ac5a094e9b1b4f0285e6e69c2e914e42dcc184dfe6fe93894f8e03ca6c193

                                                                      SHA512

                                                                      bfc32f9a20e30045f5207446c6ab6e8ef49a3fd7a5a41491c2242e10fee8efd2f82f81c3ff3bf7681e5e660fde065a315a89d87e9f488c863421fe1d6381ba3b

                                                                      Download Submit

                                                                    • C:\Windows\System32\DriverStore\Temp\{91047e65-3a1d-5d40-8e83-de1cfdd95eec}\lci_proxywddm.cat
                                                                      Filesize

                                                                      12KB

                                                                      MD5

                                                                      8e16d54f986dbe98812fd5ec04d434e8

                                                                      SHA1

                                                                      8bf49fa8e12f801559cc2869365f0b184d7f93fe

                                                                      SHA256

                                                                      7c772fb24326e90d6e9c60a08495f32f7d5def1c52037d78cbd0436ad70549cd

                                                                      SHA512

                                                                      e1da797044663ad6362641189fa78116cc4b8e611f9d33c89d6c562f981d5913920acb12a4f7ef6c1871490563470e583910045378bda5c7a13db25f987e9029

                                                                      Download Submit

                                                                    • C:\Windows\System32\DriverStore\Temp\{91047e65-3a1d-5d40-8e83-de1cfdd95eec}\lci_proxywddm.inf
                                                                      Filesize

                                                                      2KB

                                                                      MD5

                                                                      0315a579f5afe989154cb7c6a6376b05

                                                                      SHA1

                                                                      e352ff670358cf71e0194918dfe47981e9ccbb88

                                                                      SHA256

                                                                      d10fa136d6ae9a15216202e4dd9f787b3a148213569e438da3bf82b618d8001d

                                                                      SHA512

                                                                      c7ce8278bc5ee8f8b4738ef8bb2c0a96398b40dc65eea1c28688e772ae0f873624311146f4f4ec8971c91df57983d2d8cdbec1fe98eaa7f9d15a2c159d80e0af

                                                                      Download Submit

                                                                    • C:\Windows\System32\DriverStore\Temp\{91047e65-3a1d-5d40-8e83-de1cfdd95eec}\x64\lci_proxyumd.dll
                                                                      Filesize

                                                                      179KB

                                                                      MD5

                                                                      4dc11547a5fc28ca8f6965fa21573481

                                                                      SHA1

                                                                      d531b0d8d2f8d49d81a4c17fbaf3bc294845362c

                                                                      SHA256

                                                                      e9db5cd21c8d709a47fc0cfb2c6ca3bb76a3ed8218bed5dc37948b3f9c7bd99d

                                                                      SHA512

                                                                      bd0f0a3bbc598480a9b678aa1b35728b2380bf57b195b0249936d0eaaa014f219031a563f486871099bf1c78ccc758f6b25b97cfc5296a73fc60b6caff9877f6

                                                                      Download Submit

                                                                    • C:\Windows\System32\DriverStore\Temp\{91047e65-3a1d-5d40-8e83-de1cfdd95eec}\x64\lci_proxyumd32.dll
                                                                      Filesize

                                                                      135KB

                                                                      MD5

                                                                      67ae7b2c36c9c70086b9d41b4515b0a8

                                                                      SHA1

                                                                      ba735d6a338c8fdfa61c98f328b97bf3e8e48b8b

                                                                      SHA256

                                                                      79876f242b79269fe0fe3516f2bdb0a1922c86d820ce1dd98500b385511dac69

                                                                      SHA512

                                                                      4d8320440f3472ee0e9bd489da749a738370970de07b0920b535642723c92de848f4b3d7f898689c817145ce7b08f65128abe91d816827aeb7e5e193d7027078

                                                                      Download Submit

                                                                    • C:\Windows\System32\DriverStore\Temp\{91047e65-3a1d-5d40-8e83-de1cfdd95eec}\x64\lci_proxywddm.sys
                                                                      Filesize

                                                                      119KB

                                                                      MD5

                                                                      b9b0e9b4d93b18b99ece31a819d71d00

                                                                      SHA1

                                                                      2be1ad570f3ccb2e6f2e2b16d1e0002ca4ec8d9e

                                                                      SHA256

                                                                      0f1c64c0fa08fe45beac15dc675d3b956525b8f198e92e0ccac21d2a70ce42cf

                                                                      SHA512

                                                                      465e389806f3b87a544ab8b0b7b49864feeba2eeef4fb51628d40175573ed1ba00b26d6a2abebc74c31369194206ed31d32c68471dddcf817fdd2d26e3da7a53

                                                                      Download Submit

                                                                    • C:\Windows\System32\DriverStore\Temp\{cf63ade5-c16c-4542-b8d7-101ffc89c05e}\lci_iddcx.cat
                                                                      Filesize

                                                                      10KB

                                                                      MD5

                                                                      62458e58313475c9a3642a392363e359

                                                                      SHA1

                                                                      e63a3866f20e8c057933ba75d940e5fd2bf62bc6

                                                                      SHA256

                                                                      85620d87874f27d1aaf1743c0ca47e210c51d9afd0c9381fc0cd8acca3854562

                                                                      SHA512

                                                                      49fb8ca58aecf97a6ab6b97de7d367accb7c5be76fbcd324af4ce75efe96642e8c488f273c0363250f7a5bcea7f7055242d28fd4b1f130b68a1a5d9a078e7fad

                                                                      Download Submit

                                                                    • C:\Windows\System32\DriverStore\Temp\{cf63ade5-c16c-4542-b8d7-101ffc89c05e}\lci_iddcx.inf
                                                                      Filesize

                                                                      4KB

                                                                      MD5

                                                                      1cec22ca85e1b5a8615774fca59a420b

                                                                      SHA1

                                                                      049a651751ef38321a1088af6a47c4380f9293fc

                                                                      SHA256

                                                                      60a018f46d17b7640fc34587667cd852a16fa8e82f957a69522637f22e5fe5cf

                                                                      SHA512

                                                                      0f24fe3914aef080a0d109df6cfac548a880947fb85e7490f0d8fa174a606730b29dc8d2ae10525dba4d1ca05ac9b190e4704629b86ac96867188df4ca3168bb

                                                                      Download Submit

                                                                    • C:\Windows\System32\DriverStore\Temp\{cf63ade5-c16c-4542-b8d7-101ffc89c05e}\x64\lci_iddcx.dll
                                                                      Filesize

                                                                      52KB

                                                                      MD5

                                                                      01e8bc64139d6b74467330b11331858d

                                                                      SHA1

                                                                      b6421a1d92a791b4d4548ab84f7140f4fc4eb829

                                                                      SHA256

                                                                      148359a84c637d05c20a58f5038d8b2c5390f99a5a229be8eccbb5f85e969438

                                                                      SHA512

                                                                      4099e8038d65d95d3f00fd32eba012f55ae16d0da3828e5d689ef32e20352fdfcc278cd6f78536dc7f28fb97d07185e654fe6eee610822ea8d9e9d5af696dff5

                                                                      Download Submit

                                                                    • C:\Windows\Temp\B7C5EA94-B96A-41F5-BE95-25D78B486678-09-11-06.dat
                                                                      Filesize

                                                                      602B

                                                                      MD5

                                                                      9ad479f390b5ce5670402ca638dfc8b8

                                                                      SHA1

                                                                      4d8612ce62dbe6f3492f3dca04e21aa01dd03c81

                                                                      SHA256

                                                                      be4901c16e61b9ff2561a54051c2befc50e6c810bacf86408b26466d34bd11ce

                                                                      SHA512

                                                                      bd9809a6a0bd3f428c96b3522af238851e6665d934a536427bcaade0cd3559b2f5eaad9e98d48bcbfb9b170b43dff057f3cb2bd40e2e4b3d247c94b1d6b62480

                                                                      Download Submit

                                                                    • C:\Windows\Temp\InstallUtil.log
                                                                      Filesize

                                                                      4KB

                                                                      MD5

                                                                      7adf92bb86b0d39b143889f650b786dc

                                                                      SHA1

                                                                      31594ce976697601ea22bff95cf75caef5c67365

                                                                      SHA256

                                                                      5520c90ec12e9f0d08a1e34326a50b0920c50b981f14bd0ffbc90c62a7cd9c28

                                                                      SHA512

                                                                      8425e474092952f3f54611c638d607db360b0842c3da19d78383dcfef8170274c83f28c942cfa83afd4bae8e156d3c7c14127d0ecc6e16816afde01a27ecf9fa

                                                                      Download Submit

                                                                    • C:\Windows\Temp\InstallUtil.log
                                                                      Filesize

                                                                      708B

                                                                      MD5

                                                                      9a9366e37ceb72d3dd83ab41627fd9d1

                                                                      SHA1

                                                                      5a37d67d53c600be4ee2c4abb800dc9f370560eb

                                                                      SHA256

                                                                      38a1827825f53daf54f4308a67943bc138638a0dee6c0274963d331731e91a2a

                                                                      SHA512

                                                                      320b11aec365d13d522527cd678834c2f071f9e266592b54527c1801894dd2eeb9b4380f5e4c45dac014fb33942d222499cbe1830e2001ceed8dc84224273ed4

                                                                      Download Submit

                                                                    • C:\Windows\Temp\__PSScriptPolicyTest_v5nmq0ly.bk5.ps1
                                                                      Filesize

                                                                      60B

                                                                      MD5

                                                                      d17fe0a3f47be24a6453e9ef58c94641

                                                                      SHA1

                                                                      6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                      SHA256

                                                                      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                      SHA512

                                                                      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                      Download Submit

                                                                    • C:\Windows\Temp\unpack\PreVerCheck.exe
                                                                      Filesize

                                                                      3.2MB

                                                                      MD5

                                                                      2c18826adf72365827f780b2a1d5ea75

                                                                      SHA1

                                                                      a85b5eae6eba4af001d03996f48d97f7791e36eb

                                                                      SHA256

                                                                      ae06a5a23b6c61d250e8c28534ed0ffa8cc0c69b891c670ffaf54a43a9bf43be

                                                                      SHA512

                                                                      474fce1ec243b9f63ea3d427eb1117ad2ebc5a122f64853c5015193e6727ffc8083c5938117b66e572da3739fd0a86cd5bc118f374c690fa7a5fe9f0c071c167

                                                                      Download Submit

                                                                    • C:\Windows\Temp\{055FFD3F-2D64-4C57-8356-AB3BB395CF8C}\.ba\BootstrapperApplicationData.xml
                                                                      Filesize

                                                                      6KB

                                                                      MD5

                                                                      4487aea1acc637f079c0b95cc52556ce

                                                                      SHA1

                                                                      dc4dcc5bd9824e212ab4439632f8d79e5bfcb34f

                                                                      SHA256

                                                                      062c872144b676d3557be20f17acaf98eb0015b135576f3b30a966bc9e0df4ff

                                                                      SHA512

                                                                      8f8915bbc50e14df1969b3e20df22dc968847e0a15aa6a85b7f1d6dbb2f3fbc87c1018d0605292d64d4d3405d74ea6e904bcea04ec060f3589443005ec997311

                                                                      Download Submit

                                                                    • C:\Windows\Temp\{055FFD3F-2D64-4C57-8356-AB3BB395CF8C}\.ba\thm.xml
                                                                      Filesize

                                                                      11KB

                                                                      MD5

                                                                      03cf60952e7b59460fd22807e8cb28e1

                                                                      SHA1

                                                                      5f4454019c5f33059ae53522ffb534eef815a5f5

                                                                      SHA256

                                                                      af7c42ac777b45751763bceaf8604fa5b842b096da4d1370158a1c3422713555

                                                                      SHA512

                                                                      bfb3c642759522cd4fd8c784909e97c38e6c44cced11d70167d0e243d8da12555a94aa2cd9978745849fa5233a1915485d3e1cb011d985c92a115e44a11b7140

                                                                      Download Submit

                                                                    • C:\Windows\Temp\{82BAFB0D-6FCE-494E-A2FC-29B88AB631B9}\.ba\bg.png
                                                                      Filesize

                                                                      4KB

                                                                      MD5

                                                                      9eb0320dfbf2bd541e6a55c01ddc9f20

                                                                      SHA1

                                                                      eb282a66d29594346531b1ff886d455e1dcd6d99

                                                                      SHA256

                                                                      9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79

                                                                      SHA512

                                                                      9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

                                                                      Download Submit

                                                                    • C:\Windows\Temp\{82BAFB0D-6FCE-494E-A2FC-29B88AB631B9}\.be\dotnet-runtime-8.0.11-win-x64.exe
                                                                      Filesize

                                                                      607KB

                                                                      MD5

                                                                      669de3ab32955e69decfe13a3c89891e

                                                                      SHA1

                                                                      ab2e90613c8b9261f022348ca11952a29f9b2c73

                                                                      SHA256

                                                                      2240e6318171b3cddcee6a801488f59145c1f54ca123068c2a73564535954677

                                                                      SHA512

                                                                      be5d737a7d25cc779736b60b1ea59982593f0598e207340219a13fd9572d140cfbcd112e3cf93e3be6085fe284a54d4458563e6f6e4e1cfe7c919685c9ee5442

                                                                      Download Submit

                                                                    • C:\Windows\Temp\{92C8163D-184A-44E6-AD49-EE9F933F06AD}\.ba\1033\thm.wxl
                                                                      Filesize

                                                                      5KB

                                                                      MD5

                                                                      34d0c531eed48550be3d877290ad2553

                                                                      SHA1

                                                                      7983955032f9e7d2ee72cabc644a14c892a92289

                                                                      SHA256

                                                                      0d2abde2e4974cc8b7231f017975180d67592ee6d3418cd6dc52e2bc4bf03e50

                                                                      SHA512

                                                                      0c9d916ac420c6a27e723d8bab2db80372cc6303c79a6e1c3b2bd462711b711f2cc45fae43ceb2ce603708c884b0ec6bb7217981ef2a03e0fc3e6c6916716e7a

                                                                      Download Submit

                                                                    • C:\Windows\Temp\{92C8163D-184A-44E6-AD49-EE9F933F06AD}\.ba\wixstdba.dll
                                                                      Filesize

                                                                      190KB

                                                                      MD5

                                                                      f1919c6bd85d7a78a70c228a5b227fbe

                                                                      SHA1

                                                                      71647ebf4e7bed3bc1663d520419ac550fe630ff

                                                                      SHA256

                                                                      dcea15f3710822ffc262e62ec04cc7bbbf0f33f5d1a853609fbfb65cb6a45640

                                                                      SHA512

                                                                      c7ff9b19c9bf320454a240c6abbc382950176a6befce05ea73150eeb0085d0b6ed5b65b2dcb4b04621ef9cca1d5c4e59c6682b9c85d1d5845e5ce3e5eedfd2eb

                                                                      Download Submit

                                                                    • C:\Windows\Temp\{AEC0BE90-488D-452A-A2C6-15B2B18558F5}\ISRT.dll
                                                                      Filesize

                                                                      427KB

                                                                      MD5

                                                                      85315ad538fa5af8162f1cd2fce1c99d

                                                                      SHA1

                                                                      31c177c28a05fa3de5e1f934b96b9d01a8969bba

                                                                      SHA256

                                                                      70735b13f629f247d6af2be567f2da8112039fbced5fbb37961e53a2a3ec1ec7

                                                                      SHA512

                                                                      877eb3238517eeb87c2a5d42839167e6c58f9ca7228847db3d20a19fb13b176a6280c37decda676fa99a6ccf7469569ddc0974eccf4ad67514fdedf9e9358556

                                                                      Download Submit

                                                                    • C:\Windows\Temp\{AEC0BE90-488D-452A-A2C6-15B2B18558F5}\_isres_0x0409.dll
                                                                      Filesize

                                                                      1.8MB

                                                                      MD5

                                                                      befe2ef369d12f83c72c5f2f7069dd87

                                                                      SHA1

                                                                      b89c7f6da1241ed98015dc347e70322832bcbe50

                                                                      SHA256

                                                                      9652ffae3f5c57d1095c6317ab6d75a9c835bb296e7c8b353a4d55d55c49a131

                                                                      SHA512

                                                                      760631b05ef79c308570b12d0c91c1d2a527427d51e4e568630e410b022e4ba24c924d6d85be6462ba7f71b2f0ba05587d3ec4b8f98fcdb8bb4f57949a41743b

                                                                      Download Submit

                                                                    • C:\Windows\Temp\{ED3F14AE-6246-45D1-993D-A2FB55FB5535}\IsConfig.ini
                                                                      Filesize

                                                                      571B

                                                                      MD5

                                                                      d239b8964e37974225ad69d78a0a8275

                                                                      SHA1

                                                                      cf208e98a6f11d1807cd84ca61504ad783471679

                                                                      SHA256

                                                                      0ce4b4c69344a2d099dd6ca99e44801542fa2011b5505dd9760f023570049b73

                                                                      SHA512

                                                                      88eb06ae80070203cb7303a790ba0e8a63c503740ca6e7d70002a1071c89b640f9b43f376ddc3c9d6ee29bae0881f736fa71e677591416980b0a526b27ee41e8

                                                                      Download Submit

                                                                    • C:\Windows\Temp\{ED3F14AE-6246-45D1-993D-A2FB55FB5535}\String1033.txt
                                                                      Filesize

                                                                      182KB

                                                                      MD5

                                                                      99bbffd900115fe8672c73fb1a48a604

                                                                      SHA1

                                                                      8f587395fa6b954affef337c70781ce00913950e

                                                                      SHA256

                                                                      57ceff2d980d9224c53a910a6f9e06475dc170f42a0070ae4934868ccd13d2dc

                                                                      SHA512

                                                                      d578b1931a8daa1ef0f0238639a0c1509255480b5dbd464c639b4031832e2e7537f003c646d7bd65b75e721a7ad584254b4dfa7efc41cf6c8fbd6b72d679eeff

                                                                      Download Submit

                                                                    • C:\Windows\Temp\{ED3F14AE-6246-45D1-993D-A2FB55FB5535}\_is23FF.exe
                                                                      Filesize

                                                                      179KB

                                                                      MD5

                                                                      7a1c100df8065815dc34c05abc0c13de

                                                                      SHA1

                                                                      3c23414ae545d2087e5462a8994d2b87d3e6d9e2

                                                                      SHA256

                                                                      e46c768950aad809d04c91fb4234cb4b2e7d0b195f318719a71e967609e3bbed

                                                                      SHA512

                                                                      bbec114913bc2f92e8de7a4dd9513bff31f6b0ef4872171b9b6b63fef7faa363cf47e63e2d710dd32e9fc84c61f828e0fae3d48d06b76da023241bee9d4a6327

                                                                      Download Submit

                                                                    • C:\Windows\Temp\{ED3F14AE-6246-45D1-993D-A2FB55FB5535}\setup.inx
                                                                      Filesize

                                                                      345KB

                                                                      MD5

                                                                      0376dd5b7e37985ea50e693dc212094c

                                                                      SHA1

                                                                      02859394164c33924907b85ab0aaddc628c31bf1

                                                                      SHA256

                                                                      c9e6af6fb0bdbeb532e297436a80eb92a2ff7675f9c777c109208ee227f73415

                                                                      SHA512

                                                                      69d79d44908f6305eee5d8e6f815a0fee0c6d913f4f40f0c2c9f2f2e50f24bf7859ebe12c85138d971e5db95047f159f077ae687989b8588f76517cab7d3e0d5

                                                                      Download Submit

                                                                    • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                                      Filesize

                                                                      412B

                                                                      MD5

                                                                      90a19d44466368e2e9993aa662b90613

                                                                      SHA1

                                                                      311476733136a3dd97265ff3911c69a5e421aba6

                                                                      SHA256

                                                                      bbd74e4d2bbabd7c55f4acdca325d8b54308180d57b48f246cacef7fafe69374

                                                                      SHA512

                                                                      d8d411794d1f9da5c7a3544fa9123f64f29be119161c111aef0855874dd5de527d739c41fddac27d6e8f19bb02e39fddc4e50e8868a7172f8c0f8158440e6863

                                                                      Download Submit

                                                                    • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
                                                                      Filesize

                                                                      24.1MB

                                                                      MD5

                                                                      60e69aa73ff88c2339c2eaead49d2b34

                                                                      SHA1

                                                                      33dd4c2924d8ce7e35d2283eae4f35c6f4ff060e

                                                                      SHA256

                                                                      7a7eae70f184adec0fc8b9e8edb128d2d5a6709cec458f113e846bf8f8f1dd03

                                                                      SHA512

                                                                      6af891d41eaa318ef8e3c4ccd3159e80c973ba522f72d595c33da0d02794e5ce475d5436d642228d5f4016833b2cd161b7ccb435c7502cf25665cbb9af6a22d2

                                                                      Download Submit

                                                                    • \??\Volume{2c8433d4-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{13f0f909-5945-40e2-b499-7600e3ef44bd}_OnDiskSnapshotProp
                                                                      Filesize

                                                                      6KB

                                                                      MD5

                                                                      532e7d160fc0c01dccea0d692b7cf036

                                                                      SHA1

                                                                      37005c4e3414d59acb9b71c9bf7c9553c2994106

                                                                      SHA256

                                                                      5cb12620a1cba932d034428759ea44e7e1f1944454647a55b16f1a230b053415

                                                                      SHA512

                                                                      f8747c471cb725921a2c8d71cd045ad9b631f4259f8c0fb5b70d4332f82535bb4d8215bfe07b586e946ad058a3e1e453d8654277cc901c0f479155d4d3b75667

                                                                      Download Submit

                                                                    • memory/228-1990-0x000001DB64D40000-0x000001DB64DF2000-memory.dmp

                                                                      Filesize

                                                                      712KB

                                                                      Download

                                                                    • memory/228-1996-0x000001DB65700000-0x000001DB65748000-memory.dmp

                                                                      Filesize

                                                                      288KB

                                                                      Download

                                                                    • memory/228-1991-0x000001DB4C4D0000-0x000001DB4C4EC000-memory.dmp

                                                                      Filesize

                                                                      112KB

                                                                      Download

                                                                    • memory/228-1896-0x000001DB4BAD0000-0x000001DB4BB0A000-memory.dmp

                                                                      Filesize

                                                                      232KB

                                                                      Download

                                                                    • memory/1052-380-0x000001809CA30000-0x000001809CA6A000-memory.dmp

                                                                      Filesize

                                                                      232KB

                                                                      Download

                                                                    • memory/1052-373-0x000001809C7E0000-0x000001809C8BC000-memory.dmp

                                                                      Filesize

                                                                      880KB

                                                                      Download

                                                                    • memory/1052-379-0x000001809C740000-0x000001809C76A000-memory.dmp

                                                                      Filesize

                                                                      168KB

                                                                      Download

                                                                    • memory/1052-370-0x000001809C540000-0x000001809C588000-memory.dmp

                                                                      Filesize

                                                                      288KB

                                                                      Download

                                                                    • memory/1052-369-0x000001809C4F0000-0x000001809C53C000-memory.dmp

                                                                      Filesize

                                                                      304KB

                                                                      Download

                                                                    • memory/1052-366-0x0000018083C30000-0x0000018083C4C000-memory.dmp

                                                                      Filesize

                                                                      112KB

                                                                      Download

                                                                    • memory/1052-364-0x0000018083DC0000-0x0000018083E0A000-memory.dmp

                                                                      Filesize

                                                                      296KB

                                                                      Download

                                                                    • memory/1052-363-0x0000018083390000-0x00000180833F6000-memory.dmp

                                                                      Filesize

                                                                      408KB

                                                                      Download

                                                                    • memory/1052-377-0x000001809C700000-0x000001809C708000-memory.dmp

                                                                      Filesize

                                                                      32KB

                                                                      Download

                                                                    • memory/1052-372-0x0000018083C50000-0x0000018083C5A000-memory.dmp

                                                                      Filesize

                                                                      40KB

                                                                      Download

                                                                    • memory/1052-371-0x00000180837B0000-0x00000180837B8000-memory.dmp

                                                                      Filesize

                                                                      32KB

                                                                      Download

                                                                    • memory/1052-376-0x000001809C590000-0x000001809C598000-memory.dmp

                                                                      Filesize

                                                                      32KB

                                                                      Download

                                                                    • memory/1052-381-0x000001809C7B0000-0x000001809C7D6000-memory.dmp

                                                                      Filesize

                                                                      152KB

                                                                      Download

                                                                    • memory/1052-375-0x0000018083E10000-0x0000018083E18000-memory.dmp

                                                                      Filesize

                                                                      32KB

                                                                      Download

                                                                    • memory/1052-374-0x000001809C8C0000-0x000001809C972000-memory.dmp

                                                                      Filesize

                                                                      712KB

                                                                      Download

                                                                    • memory/1052-378-0x000001809C980000-0x000001809C9E8000-memory.dmp

                                                                      Filesize

                                                                      416KB

                                                                      Download

                                                                    • memory/1120-43-0x00000000049E0000-0x00000000049EC000-memory.dmp

                                                                      Filesize

                                                                      48KB

                                                                      Download

                                                                    • memory/1120-39-0x00000000049F0000-0x0000000004A1E000-memory.dmp

                                                                      Filesize

                                                                      184KB

                                                                      Download

                                                                    • memory/1404-924-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/1404-927-0x0000000003BA0000-0x0000000003D67000-memory.dmp

                                                                      Filesize

                                                                      1.8MB

                                                                      Download

                                                                    • memory/1404-1031-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/1404-536-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/1404-505-0x0000000003B60000-0x0000000003D27000-memory.dmp

                                                                      Filesize

                                                                      1.8MB

                                                                      Download

                                                                    • memory/1404-502-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/1404-1067-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/1508-1987-0x0000022ADF010000-0x0000022ADF0EC000-memory.dmp

                                                                      Filesize

                                                                      880KB

                                                                      Download

                                                                    • memory/1508-1968-0x0000022AC6160000-0x0000022AC61AA000-memory.dmp

                                                                      Filesize

                                                                      296KB

                                                                      Download

                                                                    • memory/1508-1967-0x0000022AC5BD0000-0x0000022AC5BE0000-memory.dmp

                                                                      Filesize

                                                                      64KB

                                                                      Download

                                                                    • memory/1508-1969-0x0000022AC5F80000-0x0000022AC5F9C000-memory.dmp

                                                                      Filesize

                                                                      112KB

                                                                      Download

                                                                    • memory/1508-1998-0x0000022AC6570000-0x0000022AC6622000-memory.dmp

                                                                      Filesize

                                                                      712KB

                                                                      Download

                                                                    • memory/1576-1156-0x00000000731C0000-0x00000000732DC000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/1576-1157-0x0000000072DF0000-0x00000000731BD000-memory.dmp

                                                                      Filesize

                                                                      3.8MB

                                                                      Download

                                                                    • memory/1576-1241-0x00000000731C0000-0x00000000732DC000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/1576-1242-0x0000000072DF0000-0x00000000731BD000-memory.dmp

                                                                      Filesize

                                                                      3.8MB

                                                                      Download

                                                                    • memory/1576-1482-0x0000000072DF0000-0x00000000731BD000-memory.dmp

                                                                      Filesize

                                                                      3.8MB

                                                                      Download

                                                                    • memory/1576-1481-0x00000000731C0000-0x00000000732DC000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/2068-1986-0x00000000731C0000-0x00000000732DC000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/2068-1942-0x0000000072DF0000-0x00000000731BD000-memory.dmp

                                                                      Filesize

                                                                      3.8MB

                                                                      Download

                                                                    • memory/2068-1988-0x0000000072DF0000-0x00000000731BD000-memory.dmp

                                                                      Filesize

                                                                      3.8MB

                                                                      Download

                                                                    • memory/2068-1941-0x00000000731C0000-0x00000000732DC000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/2828-1369-0x000001B3E0590000-0x000001B3E059C000-memory.dmp

                                                                      Filesize

                                                                      48KB

                                                                      Download

                                                                    • memory/2828-1402-0x000001B3E0A40000-0x000001B3E0A58000-memory.dmp

                                                                      Filesize

                                                                      96KB

                                                                      Download

                                                                    • memory/2828-1403-0x000001B3F9750000-0x000001B3F9802000-memory.dmp

                                                                      Filesize

                                                                      712KB

                                                                      Download

                                                                    • memory/2828-1407-0x000001B3E0C10000-0x000001B3E0C30000-memory.dmp

                                                                      Filesize

                                                                      128KB

                                                                      Download

                                                                    • memory/2852-1901-0x0000019DAFF70000-0x0000019DAFFBA000-memory.dmp

                                                                      Filesize

                                                                      296KB

                                                                      Download

                                                                    • memory/2852-1842-0x0000019DAF6C0000-0x0000019DAF6CC000-memory.dmp

                                                                      Filesize

                                                                      48KB

                                                                      Download

                                                                    • memory/2852-1957-0x0000019DAFEF0000-0x0000019DAFF0C000-memory.dmp

                                                                      Filesize

                                                                      112KB

                                                                      Download

                                                                    • memory/2852-2002-0x0000019DC8A10000-0x0000019DC8AC0000-memory.dmp

                                                                      Filesize

                                                                      704KB

                                                                      Download

                                                                    • memory/2972-284-0x000002104ECD0000-0x000002104ED82000-memory.dmp

                                                                      Filesize

                                                                      712KB

                                                                      Download

                                                                    • memory/2972-286-0x0000021036050000-0x0000021036070000-memory.dmp

                                                                      Filesize

                                                                      128KB

                                                                      Download

                                                                    • memory/2972-281-0x0000021035B50000-0x0000021035B92000-memory.dmp

                                                                      Filesize

                                                                      264KB

                                                                      Download

                                                                    • memory/3232-165-0x0000027958D00000-0x0000027958D3C000-memory.dmp

                                                                      Filesize

                                                                      240KB

                                                                      Download

                                                                    • memory/3232-164-0x00000279403A0000-0x00000279403B2000-memory.dmp

                                                                      Filesize

                                                                      72KB

                                                                      Download

                                                                    • memory/3232-160-0x0000027958DA0000-0x0000027958E38000-memory.dmp

                                                                      Filesize

                                                                      608KB

                                                                      Download

                                                                    • memory/3232-148-0x000002793E7D0000-0x000002793E7F8000-memory.dmp

                                                                      Filesize

                                                                      160KB

                                                                      Download

                                                                    • memory/3392-80-0x0000000004E10000-0x0000000005164000-memory.dmp

                                                                      Filesize

                                                                      3.3MB

                                                                      Download

                                                                    • memory/3392-79-0x0000000004CE0000-0x0000000004D02000-memory.dmp

                                                                      Filesize

                                                                      136KB

                                                                      Download

                                                                    • memory/3392-76-0x0000000004D50000-0x0000000004E02000-memory.dmp

                                                                      Filesize

                                                                      712KB

                                                                      Download

                                                                    • memory/3616-1999-0x0000027DE0280000-0x0000027DE035C000-memory.dmp

                                                                      Filesize

                                                                      880KB

                                                                      Download

                                                                    • memory/3616-1961-0x0000027DC7710000-0x0000027DC7728000-memory.dmp

                                                                      Filesize

                                                                      96KB

                                                                      Download

                                                                    • memory/3616-2003-0x0000027DE0360000-0x0000027DE0412000-memory.dmp

                                                                      Filesize

                                                                      712KB

                                                                      Download

                                                                    • memory/3616-1958-0x0000027DC7320000-0x0000027DC733C000-memory.dmp

                                                                      Filesize

                                                                      112KB

                                                                      Download

                                                                    • memory/3616-1935-0x0000027DC6E60000-0x0000027DC6EB0000-memory.dmp

                                                                      Filesize

                                                                      320KB

                                                                      Download

                                                                    • memory/3616-1940-0x0000027DDFF90000-0x0000027DDFFDA000-memory.dmp

                                                                      Filesize

                                                                      296KB

                                                                      Download

                                                                    • memory/3616-1963-0x0000027DC7350000-0x0000027DC735C000-memory.dmp

                                                                      Filesize

                                                                      48KB

                                                                      Download

                                                                    • memory/3616-1964-0x0000027DE0030000-0x0000027DE007A000-memory.dmp

                                                                      Filesize

                                                                      296KB

                                                                      Download

                                                                    • memory/3712-110-0x0000000004E10000-0x0000000004E76000-memory.dmp

                                                                      Filesize

                                                                      408KB

                                                                      Download

                                                                    • memory/3872-321-0x000001C0C4930000-0x000001C0C4946000-memory.dmp

                                                                      Filesize

                                                                      88KB

                                                                      Download

                                                                    • memory/3872-322-0x000001C0DDB00000-0x000001C0DDBB2000-memory.dmp

                                                                      Filesize

                                                                      712KB

                                                                      Download

                                                                    • memory/3872-323-0x000001C0C4D10000-0x000001C0C4D2C000-memory.dmp

                                                                      Filesize

                                                                      112KB

                                                                      Download

                                                                    • memory/3964-1843-0x00000244129C0000-0x00000244129CA000-memory.dmp

                                                                      Filesize

                                                                      40KB

                                                                      Download

                                                                    • memory/3964-1899-0x00000244131F0000-0x000002441320A000-memory.dmp

                                                                      Filesize

                                                                      104KB

                                                                      Download

                                                                    • memory/3964-1997-0x000002442C280000-0x000002442C7A8000-memory.dmp

                                                                      Filesize

                                                                      5.2MB

                                                                      Download

                                                                    • memory/3964-1932-0x000002442BB30000-0x000002442BBE2000-memory.dmp

                                                                      Filesize

                                                                      712KB

                                                                      Download

                                                                    • memory/4208-2578-0x0000000072DF0000-0x00000000731BD000-memory.dmp

                                                                      Filesize

                                                                      3.8MB

                                                                      Download

                                                                    • memory/4208-1707-0x00000000731C0000-0x00000000732DC000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/4208-3756-0x0000000072DF0000-0x00000000731BD000-memory.dmp

                                                                      Filesize

                                                                      3.8MB

                                                                      Download

                                                                    • memory/4208-1171-0x0000000072DF0000-0x00000000731BD000-memory.dmp

                                                                      Filesize

                                                                      3.8MB

                                                                      Download

                                                                    • memory/4208-1172-0x00000000731C0000-0x00000000732DC000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/4208-2577-0x00000000731C0000-0x00000000732DC000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/4208-3755-0x00000000731C0000-0x00000000732DC000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/4208-1484-0x0000000072DF0000-0x00000000731BD000-memory.dmp

                                                                      Filesize

                                                                      3.8MB

                                                                      Download

                                                                    • memory/4632-1992-0x000001EF788D0000-0x000001EF78936000-memory.dmp

                                                                      Filesize

                                                                      408KB

                                                                      Download

                                                                    • memory/4632-1981-0x000001EF77F30000-0x000001EF77F50000-memory.dmp

                                                                      Filesize

                                                                      128KB

                                                                      Download

                                                                    • memory/4632-1989-0x000001EF78810000-0x000001EF788C2000-memory.dmp

                                                                      Filesize

                                                                      712KB

                                                                      Download

                                                                    • memory/4632-1970-0x000001EF776F0000-0x000001EF77700000-memory.dmp

                                                                      Filesize

                                                                      64KB

                                                                      Download

                                                                    • memory/4632-1993-0x000001EF78750000-0x000001EF78764000-memory.dmp

                                                                      Filesize

                                                                      80KB

                                                                      Download

                                                                    • memory/5224-1966-0x000001EB666D0000-0x000001EB666EC000-memory.dmp

                                                                      Filesize

                                                                      112KB

                                                                      Download

                                                                    • memory/5224-1965-0x000001EB65D80000-0x000001EB65D92000-memory.dmp

                                                                      Filesize

                                                                      72KB

                                                                      Download

                                                                    • memory/5224-1980-0x000001EB66820000-0x000001EB668D2000-memory.dmp

                                                                      Filesize

                                                                      712KB

                                                                      Download

                                                                    • memory/5280-205-0x0000017F33DE0000-0x0000017F33E02000-memory.dmp

                                                                      Filesize

                                                                      136KB

                                                                      Download

                                                                    • memory/5280-200-0x0000017F33F80000-0x0000017F34032000-memory.dmp

                                                                      Filesize

                                                                      712KB

                                                                      Download

                                                                    • memory/5280-243-0x0000017F344C0000-0x0000017F344F8000-memory.dmp

                                                                      Filesize

                                                                      224KB

                                                                      Download

                                                                    • memory/5296-1170-0x0000000072DF0000-0x00000000731BD000-memory.dmp

                                                                      Filesize

                                                                      3.8MB

                                                                      Download

                                                                    • memory/5296-1320-0x0000000072DF0000-0x00000000731BD000-memory.dmp

                                                                      Filesize

                                                                      3.8MB

                                                                      Download

                                                                    • memory/5296-1483-0x00000000731C0000-0x00000000732DC000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/5712-1959-0x000001FBA3440000-0x000001FBA3452000-memory.dmp

                                                                      Filesize

                                                                      72KB

                                                                      Download

                                                                    • memory/5712-2000-0x000001FBBC830000-0x000001FBBC8E2000-memory.dmp

                                                                      Filesize

                                                                      712KB

                                                                      Download

                                                                    • memory/5712-1962-0x000001FBA38F0000-0x000001FBA390C000-memory.dmp

                                                                      Filesize

                                                                      112KB

                                                                      Download

                                                                    • memory/5712-2001-0x000001FBBC9D0000-0x000001FBBCAAC000-memory.dmp

                                                                      Filesize

                                                                      880KB

                                                                      Download

                                                                    • memory/5712-1960-0x000001FBA3D00000-0x000001FBA3D4A000-memory.dmp

                                                                      Filesize

                                                                      296KB

                                                                      Download