Overview

overview

10

Static

static

10

sztndjprogram.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250410-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/04/2025, 09:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sztndjprogram.msi

  • Size

    2.9MB

  • MD5

    e52455d67d3d45211aae128bda4f57e9

  • SHA1

    6d1a56218a110cb0bd5539f946fa0055ac0962ae

  • SHA256

    7261e0c3d40bcaab476d265d98935c23379e2536e459503f27ecda30180db7d9

  • SHA512

    c513dee257778c82cab976c10cb64c0d79e4d1f440b14d931a0996257b04770ca36b1620ad0ae70dae93ed517a0e97e08d65f9235479fa0a34c412bfe252851b

  • SSDEEP

    49152:Z+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:Z+lUlz9FKbsodq0YaH7ZPxMb8tT

Score
10/10
ateraagentbootkitdiscoveryexecutionpersistenceprivilege_escalationratupx

Malware Config

Signatures

  • AteraAgent

    AteraAgent is a remote monitoring and management tool.

    ratateraagent
  • Ateraagent family
    ateraagent
  • Detects AteraAgent 1 IoCs
  • Blocklisted process makes network request 7 IoCs
  • Drops file in Drivers directory 6 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Downloads MZ/PE file 2 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in System32 directory 64 IoCs
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • UPX packed file 22 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Executes dropped EXE 64 IoCs
  • Launches sc.exe 5 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Loads dropped DLL 64 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 5 IoCs

    Using powershell.exe command.

    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Time Discovery 1 TTPs 20 IoCs

    Adversary may gather the system time and/or time zone settings from a local or remote system.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Kills process with taskkill 13 IoCs
    defense_evasion
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 8 IoCs
    defense_evasionspywaretrojan
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\sztndjprogram.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2372
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4712
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:3100
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 826C11433DCC52A4AF899032288D6750
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:5956
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI9D2A.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240623156 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
        3⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:532
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSIA2E8.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240624390 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
        3⤵
        • Blocklisted process makes network request
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:1440
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSIA9CF.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240626187 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
        3⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:2712
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSICCBD.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240635078 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
        3⤵
        • Blocklisted process makes network request
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:4956
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding B41FBC21C29A91052CC391AC293B13F2 E Global\MSI0000
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1720
      • C:\Windows\SysWOW64\NET.exe
        "NET" STOP AteraAgent
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1828
        • C:\Windows\SysWOW64\net1.exe
          C:\Windows\system32\net1 STOP AteraAgent
          4⤵
          • System Location Discovery: System Language Discovery
          PID:6064
      • C:\Windows\SysWOW64\TaskKill.exe
        "TaskKill.exe" /f /im AteraAgent.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:2220
    • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
      "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="[email protected]" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000S8v2hIAB" /AgentId="a5b3f594-0c61-4e51-9cb1-b9071c8d5b51"
      2⤵
      • Drops file in System32 directory
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      PID:1988
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 3899112F93522D02F790F1BE0371B076 E Global\MSI0000
      2⤵
      • Blocklisted process makes network request
      • Drops file in System32 directory
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:532
      • C:\Windows\TEMP\{997E8A61-3FFA-448C-8354-4E5735DE85B6}\_isC20.exe
        C:\Windows\TEMP\{997E8A61-3FFA-448C-8354-4E5735DE85B6}\_isC20.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6E7030EB-C5C0-4EAD-8419-CC2C91EE083A}
        3⤵
        • Executes dropped EXE
        PID:4480
      • C:\Windows\TEMP\{997E8A61-3FFA-448C-8354-4E5735DE85B6}\_isC20.exe
        C:\Windows\TEMP\{997E8A61-3FFA-448C-8354-4E5735DE85B6}\_isC20.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{56C8099C-D6A4-474A-BD75-757F2E705830}
        3⤵
        • Executes dropped EXE
        PID:5400
      • C:\Windows\TEMP\{997E8A61-3FFA-448C-8354-4E5735DE85B6}\_isC20.exe
        C:\Windows\TEMP\{997E8A61-3FFA-448C-8354-4E5735DE85B6}\_isC20.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9BF1CCD4-1AAD-446F-B653-68450D92AA51}
        3⤵
        • Executes dropped EXE
        PID:848
      • C:\Windows\TEMP\{997E8A61-3FFA-448C-8354-4E5735DE85B6}\_isC20.exe
        C:\Windows\TEMP\{997E8A61-3FFA-448C-8354-4E5735DE85B6}\_isC20.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9743A86F-CF5A-4700-A5BC-2CA366CB9C7D}
        3⤵
        • Executes dropped EXE
        PID:5944
      • C:\Windows\TEMP\{997E8A61-3FFA-448C-8354-4E5735DE85B6}\_isC20.exe
        C:\Windows\TEMP\{997E8A61-3FFA-448C-8354-4E5735DE85B6}\_isC20.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4A8188B5-E1A0-4D60-BF0F-3D0B0AA970C6}
        3⤵
        • Executes dropped EXE
        PID:2576
      • C:\Windows\TEMP\{997E8A61-3FFA-448C-8354-4E5735DE85B6}\_isC20.exe
        C:\Windows\TEMP\{997E8A61-3FFA-448C-8354-4E5735DE85B6}\_isC20.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{057E0178-07F7-4274-902A-1A2E1DE334F0}
        3⤵
        • Executes dropped EXE
        PID:896
      • C:\Windows\TEMP\{997E8A61-3FFA-448C-8354-4E5735DE85B6}\_isC20.exe
        C:\Windows\TEMP\{997E8A61-3FFA-448C-8354-4E5735DE85B6}\_isC20.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B18A74E3-34BD-43BD-9824-B39CD1BED007}
        3⤵
        • Executes dropped EXE
        PID:5936
      • C:\Windows\TEMP\{997E8A61-3FFA-448C-8354-4E5735DE85B6}\_isC20.exe
        C:\Windows\TEMP\{997E8A61-3FFA-448C-8354-4E5735DE85B6}\_isC20.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7EEBF9F8-5D17-470C-9C73-DB6CE001FC27}
        3⤵
        • Executes dropped EXE
        PID:116
      • C:\Windows\TEMP\{997E8A61-3FFA-448C-8354-4E5735DE85B6}\_isC20.exe
        C:\Windows\TEMP\{997E8A61-3FFA-448C-8354-4E5735DE85B6}\_isC20.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FAA57027-9B30-4BD8-A377-ED0CBB83EF23}
        3⤵
        • Executes dropped EXE
        PID:1396
      • C:\Windows\TEMP\{997E8A61-3FFA-448C-8354-4E5735DE85B6}\_isC20.exe
        C:\Windows\TEMP\{997E8A61-3FFA-448C-8354-4E5735DE85B6}\_isC20.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{71CE0DBC-22BE-4648-8825-797429F4F7FA}
        3⤵
        • Executes dropped EXE
        PID:224
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRServer.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:5044
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRServer.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:2624
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRApp.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:4040
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRApp.exe /T
          4⤵
          • Kills process with taskkill
          PID:3776
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAppPB.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:1048
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRAppPB.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:4052
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRFeature.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:1528
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRFeature.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:4580
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRFeatMini.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:5544
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRFeatMini.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:5404
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRManager.exe /T"
        3⤵
          PID:448
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRManager.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:4756
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAgent.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:4336
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRAgent.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:4516
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRChat.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:2716
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRChat.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:4348
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAudioChat.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:5820
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRAudioChat.exe /T
            4⤵
            • Kills process with taskkill
            PID:5516
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRVirtualDisplay.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:5400
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRVirtualDisplay.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:3524
        • C:\Windows\TEMP\{15AA7A2F-7F7C-41FE-B284-BFA91E978FE0}\_is1BC1.exe
          C:\Windows\TEMP\{15AA7A2F-7F7C-41FE-B284-BFA91E978FE0}\_is1BC1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7C37DA00-3501-4C20-9C55-D35C4993DDBA}
          3⤵
          • Executes dropped EXE
          PID:6052
        • C:\Windows\TEMP\{15AA7A2F-7F7C-41FE-B284-BFA91E978FE0}\_is1BC1.exe
          C:\Windows\TEMP\{15AA7A2F-7F7C-41FE-B284-BFA91E978FE0}\_is1BC1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5D8BB15A-052E-45C0-B2A5-E7C2512F54A1}
          3⤵
          • Executes dropped EXE
          PID:1220
        • C:\Windows\TEMP\{15AA7A2F-7F7C-41FE-B284-BFA91E978FE0}\_is1BC1.exe
          C:\Windows\TEMP\{15AA7A2F-7F7C-41FE-B284-BFA91E978FE0}\_is1BC1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{190224CE-2980-4655-8D1A-E357CD743E98}
          3⤵
          • Executes dropped EXE
          PID:3804
        • C:\Windows\TEMP\{15AA7A2F-7F7C-41FE-B284-BFA91E978FE0}\_is1BC1.exe
          C:\Windows\TEMP\{15AA7A2F-7F7C-41FE-B284-BFA91E978FE0}\_is1BC1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{21B031D0-4FAE-441C-B33A-6AA1C2894B33}
          3⤵
          • Executes dropped EXE
          PID:5196
        • C:\Windows\TEMP\{15AA7A2F-7F7C-41FE-B284-BFA91E978FE0}\_is1BC1.exe
          C:\Windows\TEMP\{15AA7A2F-7F7C-41FE-B284-BFA91E978FE0}\_is1BC1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{70E9D139-B4B4-4D14-9EB3-D96A6452DEDA}
          3⤵
          • Executes dropped EXE
          PID:4836
        • C:\Windows\TEMP\{15AA7A2F-7F7C-41FE-B284-BFA91E978FE0}\_is1BC1.exe
          C:\Windows\TEMP\{15AA7A2F-7F7C-41FE-B284-BFA91E978FE0}\_is1BC1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{911DDF8E-959B-4601-BBA0-BB13D746C885}
          3⤵
          • Executes dropped EXE
          PID:5852
        • C:\Windows\TEMP\{15AA7A2F-7F7C-41FE-B284-BFA91E978FE0}\_is1BC1.exe
          C:\Windows\TEMP\{15AA7A2F-7F7C-41FE-B284-BFA91E978FE0}\_is1BC1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E8B84B14-0E85-43EA-B110-989D93D5246D}
          3⤵
          • Executes dropped EXE
          PID:2020
        • C:\Windows\TEMP\{15AA7A2F-7F7C-41FE-B284-BFA91E978FE0}\_is1BC1.exe
          C:\Windows\TEMP\{15AA7A2F-7F7C-41FE-B284-BFA91E978FE0}\_is1BC1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{75933E9E-6D8F-4DA5-9E4F-78F94E0BCDCB}
          3⤵
          • Executes dropped EXE
          PID:1928
        • C:\Windows\TEMP\{15AA7A2F-7F7C-41FE-B284-BFA91E978FE0}\_is1BC1.exe
          C:\Windows\TEMP\{15AA7A2F-7F7C-41FE-B284-BFA91E978FE0}\_is1BC1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{128FBCFE-4A68-4D93-A716-6F68D3821E34}
          3⤵
          • Executes dropped EXE
          PID:3336
        • C:\Windows\TEMP\{15AA7A2F-7F7C-41FE-B284-BFA91E978FE0}\_is1BC1.exe
          C:\Windows\TEMP\{15AA7A2F-7F7C-41FE-B284-BFA91E978FE0}\_is1BC1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2B4E4094-8CBC-4783-A1BF-CFDFAF60D76C}
          3⤵
          • Executes dropped EXE
          PID:5376
        • C:\Windows\TEMP\{27A74608-E5E0-4E63-BAE6-6E03CBEBEA8B}\_is30E1.exe
          C:\Windows\TEMP\{27A74608-E5E0-4E63-BAE6-6E03CBEBEA8B}\_is30E1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D6466714-8061-45D5-9B9E-06B2E8BD5748}
          3⤵
          • Executes dropped EXE
          PID:1776
        • C:\Windows\TEMP\{27A74608-E5E0-4E63-BAE6-6E03CBEBEA8B}\_is30E1.exe
          C:\Windows\TEMP\{27A74608-E5E0-4E63-BAE6-6E03CBEBEA8B}\_is30E1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B4B76AA6-5393-4235-8B4D-EEAC4C462B65}
          3⤵
          • Executes dropped EXE
          PID:3244
        • C:\Windows\TEMP\{27A74608-E5E0-4E63-BAE6-6E03CBEBEA8B}\_is30E1.exe
          C:\Windows\TEMP\{27A74608-E5E0-4E63-BAE6-6E03CBEBEA8B}\_is30E1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{DD669559-F87D-4B57-8B4B-94F98ED19A65}
          3⤵
          • Executes dropped EXE
          PID:3324
        • C:\Windows\TEMP\{27A74608-E5E0-4E63-BAE6-6E03CBEBEA8B}\_is30E1.exe
          C:\Windows\TEMP\{27A74608-E5E0-4E63-BAE6-6E03CBEBEA8B}\_is30E1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D1656C3E-6753-411D-A8BA-7131042D62B8}
          3⤵
          • Executes dropped EXE
          PID:5932
        • C:\Windows\TEMP\{27A74608-E5E0-4E63-BAE6-6E03CBEBEA8B}\_is30E1.exe
          C:\Windows\TEMP\{27A74608-E5E0-4E63-BAE6-6E03CBEBEA8B}\_is30E1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{84D234E9-E8C7-4EC0-BF4C-C4C8A77352E5}
          3⤵
          • Executes dropped EXE
          PID:2072
        • C:\Windows\TEMP\{27A74608-E5E0-4E63-BAE6-6E03CBEBEA8B}\_is30E1.exe
          C:\Windows\TEMP\{27A74608-E5E0-4E63-BAE6-6E03CBEBEA8B}\_is30E1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{27FF2334-145B-474E-A04D-56B7358A8C9D}
          3⤵
          • Executes dropped EXE
          PID:5260
        • C:\Windows\TEMP\{27A74608-E5E0-4E63-BAE6-6E03CBEBEA8B}\_is30E1.exe
          C:\Windows\TEMP\{27A74608-E5E0-4E63-BAE6-6E03CBEBEA8B}\_is30E1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D130AEBF-D255-4E29-BC27-28C26B1B6FA7}
          3⤵
          • Executes dropped EXE
          PID:5368
        • C:\Windows\TEMP\{27A74608-E5E0-4E63-BAE6-6E03CBEBEA8B}\_is30E1.exe
          C:\Windows\TEMP\{27A74608-E5E0-4E63-BAE6-6E03CBEBEA8B}\_is30E1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{80122797-ADF7-464C-B13D-EC64D5613DBB}
          3⤵
          • Executes dropped EXE
          PID:5988
        • C:\Windows\TEMP\{27A74608-E5E0-4E63-BAE6-6E03CBEBEA8B}\_is30E1.exe
          C:\Windows\TEMP\{27A74608-E5E0-4E63-BAE6-6E03CBEBEA8B}\_is30E1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{217C6E48-17DE-420E-881A-6A69354BB3C0}
          3⤵
          • Executes dropped EXE
          PID:5360
        • C:\Windows\TEMP\{27A74608-E5E0-4E63-BAE6-6E03CBEBEA8B}\_is30E1.exe
          C:\Windows\TEMP\{27A74608-E5E0-4E63-BAE6-6E03CBEBEA8B}\_is30E1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{230202E4-AE3D-421F-8348-8D924DDEE5B0}
          3⤵
          • Executes dropped EXE
          PID:1716
        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
          "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P ADDUSERINFO /V "sec_opt=0,confirm_d=0,hidewindow=1"
          3⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:2740
        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
          "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P USERSESSIONID
          3⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:1600
        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
          "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P ST_EVENT
          3⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Modifies data under HKEY_USERS
          • Suspicious behavior: EnumeratesProcesses
          PID:1712
          • C:\Windows\system32\cmd.exe
            "C:\Windows\sysnative\cmd.exe" /C "C:\Windows\system32\wevtutil.exe" um "C:\ProgramData\Splashtop\Common\Event\stevt_srs_provider.man"
            4⤵
              PID:5652
            • C:\Windows\system32\cmd.exe
              "C:\Windows\sysnative\cmd.exe" /C "C:\Windows\system32\wevtutil.exe" im "C:\ProgramData\Splashtop\Common\Event\stevt_srs_provider.man"
              4⤵
                PID:3576
            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe
              "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe" -g
              3⤵
              • Executes dropped EXE
              • Suspicious behavior: EnumeratesProcesses
              PID:4316
            • C:\Windows\TEMP\{AF01DB0F-DF93-4402-8CF8-9AEBAA444F66}\_is4594.exe
              C:\Windows\TEMP\{AF01DB0F-DF93-4402-8CF8-9AEBAA444F66}\_is4594.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F1267551-CE90-4631-8A6D-12DF3C9E2B25}
              3⤵
              • Executes dropped EXE
              PID:5092
            • C:\Windows\TEMP\{AF01DB0F-DF93-4402-8CF8-9AEBAA444F66}\_is4594.exe
              C:\Windows\TEMP\{AF01DB0F-DF93-4402-8CF8-9AEBAA444F66}\_is4594.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B91E489E-2314-4FC9-BE0C-F3A802CF9E48}
              3⤵
              • Executes dropped EXE
              PID:5100
            • C:\Windows\TEMP\{AF01DB0F-DF93-4402-8CF8-9AEBAA444F66}\_is4594.exe
              C:\Windows\TEMP\{AF01DB0F-DF93-4402-8CF8-9AEBAA444F66}\_is4594.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F1E0FF48-8326-4BB8-9D3B-323D6658760E}
              3⤵
              • Executes dropped EXE
              PID:5608
            • C:\Windows\TEMP\{AF01DB0F-DF93-4402-8CF8-9AEBAA444F66}\_is4594.exe
              C:\Windows\TEMP\{AF01DB0F-DF93-4402-8CF8-9AEBAA444F66}\_is4594.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D19A5CCC-8A8E-4A61-9AC9-73C701734105}
              3⤵
              • Executes dropped EXE
              PID:5708
            • C:\Windows\TEMP\{AF01DB0F-DF93-4402-8CF8-9AEBAA444F66}\_is4594.exe
              C:\Windows\TEMP\{AF01DB0F-DF93-4402-8CF8-9AEBAA444F66}\_is4594.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{AEC7C27F-EA6A-415F-A28F-15663C29A8E1}
              3⤵
              • Executes dropped EXE
              PID:5924
            • C:\Windows\TEMP\{AF01DB0F-DF93-4402-8CF8-9AEBAA444F66}\_is4594.exe
              C:\Windows\TEMP\{AF01DB0F-DF93-4402-8CF8-9AEBAA444F66}\_is4594.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A0C89731-A96F-400D-9EC1-6D68DB0BC75A}
              3⤵
              • Executes dropped EXE
              PID:5644
            • C:\Windows\TEMP\{AF01DB0F-DF93-4402-8CF8-9AEBAA444F66}\_is4594.exe
              C:\Windows\TEMP\{AF01DB0F-DF93-4402-8CF8-9AEBAA444F66}\_is4594.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{07F684E4-30EC-47D4-BFBA-12BC197BFCE7}
              3⤵
              • Executes dropped EXE
              PID:2432
            • C:\Windows\TEMP\{AF01DB0F-DF93-4402-8CF8-9AEBAA444F66}\_is4594.exe
              C:\Windows\TEMP\{AF01DB0F-DF93-4402-8CF8-9AEBAA444F66}\_is4594.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F4A4D79B-4016-4722-ACAC-9C41917C55B4}
              3⤵
              • Executes dropped EXE
              PID:1776
            • C:\Windows\TEMP\{AF01DB0F-DF93-4402-8CF8-9AEBAA444F66}\_is4594.exe
              C:\Windows\TEMP\{AF01DB0F-DF93-4402-8CF8-9AEBAA444F66}\_is4594.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A3BD4A0C-352D-474E-B3B6-E1CEADFFA5E2}
              3⤵
              • Executes dropped EXE
              PID:3244
            • C:\Windows\TEMP\{AF01DB0F-DF93-4402-8CF8-9AEBAA444F66}\_is4594.exe
              C:\Windows\TEMP\{AF01DB0F-DF93-4402-8CF8-9AEBAA444F66}\_is4594.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FAED4D6A-81D0-487C-8544-E532A45B2CF6}
              3⤵
              • Executes dropped EXE
              PID:3324
            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
              "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" -i
              3⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Modifies registry class
              PID:2132
            • C:\Windows\TEMP\{4062AAD1-E82D-47C7-ABFC-47E817B08A65}\_is4806.exe
              C:\Windows\TEMP\{4062AAD1-E82D-47C7-ABFC-47E817B08A65}\_is4806.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5B36B83B-0E81-48DC-AAC0-5B2AED94247F}
              3⤵
              • Executes dropped EXE
              PID:4596
            • C:\Windows\TEMP\{4062AAD1-E82D-47C7-ABFC-47E817B08A65}\_is4806.exe
              C:\Windows\TEMP\{4062AAD1-E82D-47C7-ABFC-47E817B08A65}\_is4806.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4D2FFBBB-65FE-4598-AEE7-6F89EA6AE888}
              3⤵
              • Executes dropped EXE
              PID:1716
            • C:\Windows\TEMP\{4062AAD1-E82D-47C7-ABFC-47E817B08A65}\_is4806.exe
              C:\Windows\TEMP\{4062AAD1-E82D-47C7-ABFC-47E817B08A65}\_is4806.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9789DD09-C5E8-4F6C-8905-EA94CE442C6B}
              3⤵
              • Executes dropped EXE
              PID:5636
            • C:\Windows\TEMP\{4062AAD1-E82D-47C7-ABFC-47E817B08A65}\_is4806.exe
              C:\Windows\TEMP\{4062AAD1-E82D-47C7-ABFC-47E817B08A65}\_is4806.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E8AA609F-5260-43E2-B830-FD837DC43DC3}
              3⤵
              • Executes dropped EXE
              PID:1812
            • C:\Windows\TEMP\{4062AAD1-E82D-47C7-ABFC-47E817B08A65}\_is4806.exe
              C:\Windows\TEMP\{4062AAD1-E82D-47C7-ABFC-47E817B08A65}\_is4806.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A92E505A-A6B7-4637-94F9-E58AA6689792}
              3⤵
              • Executes dropped EXE
              PID:2896
            • C:\Windows\TEMP\{4062AAD1-E82D-47C7-ABFC-47E817B08A65}\_is4806.exe
              C:\Windows\TEMP\{4062AAD1-E82D-47C7-ABFC-47E817B08A65}\_is4806.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CEF63E63-E2A9-41E6-8DEA-EC10926F329C}
              3⤵
              • Executes dropped EXE
              PID:1536
            • C:\Windows\TEMP\{4062AAD1-E82D-47C7-ABFC-47E817B08A65}\_is4806.exe
              C:\Windows\TEMP\{4062AAD1-E82D-47C7-ABFC-47E817B08A65}\_is4806.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{638DF765-2612-4981-9B56-90582114083C}
              3⤵
                PID:6120
              • C:\Windows\TEMP\{4062AAD1-E82D-47C7-ABFC-47E817B08A65}\_is4806.exe
                C:\Windows\TEMP\{4062AAD1-E82D-47C7-ABFC-47E817B08A65}\_is4806.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E86731AE-3FFD-45B8-BFE4-362BA730D32A}
                3⤵
                  PID:2440
                • C:\Windows\TEMP\{4062AAD1-E82D-47C7-ABFC-47E817B08A65}\_is4806.exe
                  C:\Windows\TEMP\{4062AAD1-E82D-47C7-ABFC-47E817B08A65}\_is4806.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CB279B71-C0C0-47F1-B469-21CF28B50860}
                  3⤵
                    PID:5112
                  • C:\Windows\TEMP\{4062AAD1-E82D-47C7-ABFC-47E817B08A65}\_is4806.exe
                    C:\Windows\TEMP\{4062AAD1-E82D-47C7-ABFC-47E817B08A65}\_is4806.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{68664635-E8E4-43A0-A54A-0B6C5B4F4760}
                    3⤵
                      PID:5392
                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                      "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" -r
                      3⤵
                      • System Location Discovery: System Language Discovery
                      PID:4588
                  • C:\Windows\syswow64\MsiExec.exe
                    C:\Windows\syswow64\MsiExec.exe -Embedding 57B6A7B9844BEC6AA5C6C499F90FC6D2 E Global\MSI0000
                    2⤵
                    • System Location Discovery: System Language Discovery
                    PID:5964
                  • C:\Windows\syswow64\MsiExec.exe
                    C:\Windows\syswow64\MsiExec.exe -Embedding 6BA4E7D3DFF2C6F882EB21C54FF79FEF E Global\MSI0000
                    2⤵
                    • System Location Discovery: System Language Discovery
                    PID:5880
                  • C:\Windows\syswow64\MsiExec.exe
                    C:\Windows\syswow64\MsiExec.exe -Embedding F93DEAC1BB86C9F82667C3DBCFE6DE21 E Global\MSI0000
                    2⤵
                    • System Location Discovery: System Language Discovery
                    PID:1316
                  • C:\Windows\syswow64\MsiExec.exe
                    C:\Windows\syswow64\MsiExec.exe -Embedding 9B029AE4438D2C50FE3E1A67150589A8 E Global\MSI0000
                    2⤵
                    • System Location Discovery: System Language Discovery
                    PID:4976
                    • C:\Windows\SysWOW64\rundll32.exe
                      rundll32.exe "C:\Windows\Installer\MSICDC9.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240700906 484 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                      3⤵
                      • Drops file in System32 directory
                      • Drops file in Windows directory
                      PID:4444
                    • C:\Windows\SysWOW64\rundll32.exe
                      rundll32.exe "C:\Windows\Installer\MSICEA5.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240701062 488 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
                      3⤵
                      • Blocklisted process makes network request
                      • Drops file in Windows directory
                      • System Location Discovery: System Language Discovery
                      PID:3108
                    • C:\Windows\SysWOW64\rundll32.exe
                      rundll32.exe "C:\Windows\Installer\MSID194.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240701812 493 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
                      3⤵
                      • Drops file in Windows directory
                      • System Location Discovery: System Language Discovery
                      PID:736
                    • C:\Windows\SysWOW64\NET.exe
                      "NET" STOP AteraAgent
                      3⤵
                      • System Location Discovery: System Language Discovery
                      PID:3964
                      • C:\Windows\SysWOW64\net1.exe
                        C:\Windows\system32\net1 STOP AteraAgent
                        4⤵
                        • System Location Discovery: System Language Discovery
                        PID:6004
                    • C:\Windows\SysWOW64\TaskKill.exe
                      "TaskKill.exe" /f /im AteraAgent.exe
                      3⤵
                      • System Location Discovery: System Language Discovery
                      • Kills process with taskkill
                      PID:4024
                    • C:\Windows\syswow64\NET.exe
                      "NET" STOP AteraAgent
                      3⤵
                      • System Location Discovery: System Language Discovery
                      PID:4364
                      • C:\Windows\SysWOW64\net1.exe
                        C:\Windows\system32\net1 STOP AteraAgent
                        4⤵
                        • System Location Discovery: System Language Discovery
                        PID:4908
                    • C:\Windows\syswow64\TaskKill.exe
                      "TaskKill.exe" /f /im AteraAgent.exe
                      3⤵
                      • Kills process with taskkill
                      PID:3852
                    • C:\Windows\SysWOW64\rundll32.exe
                      rundll32.exe "C:\Windows\Installer\MSIF1A8.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240710031 531 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
                      3⤵
                      • Blocklisted process makes network request
                      • Drops file in Windows directory
                      • System Location Discovery: System Language Discovery
                      PID:5644
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /u
                    2⤵
                    • Drops file in System32 directory
                    PID:2564
                  • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe
                    "C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="" /CompanyId="" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="" /AgentId="6054fd56-f7bc-4eb5-8896-91299c42953c"
                    2⤵
                    • Modifies data under HKEY_USERS
                    PID:2312
                • C:\Windows\system32\vssvc.exe
                  C:\Windows\system32\vssvc.exe
                  1⤵
                  • Suspicious use of AdjustPrivilegeToken
                  PID:4696
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                  1⤵
                  • Drops file in System32 directory
                  • Drops file in Program Files directory
                  • Executes dropped EXE
                  • Modifies data under HKEY_USERS
                  • Modifies system certificate store
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious use of WriteProcessMemory
                  PID:4396
                  • C:\Windows\System32\sc.exe
                    "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                    2⤵
                    • Launches sc.exe
                    PID:5984
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" a5b3f594-0c61-4e51-9cb1-b9071c8d5b51 "934686af-2ed8-41e5-81bf-8dd85bf05fdc" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000S8v2hIAB
                    2⤵
                    • Executes dropped EXE
                    • Suspicious behavior: EnumeratesProcesses
                    PID:752
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" a5b3f594-0c61-4e51-9cb1-b9071c8d5b51 "facee340-427c-4580-bae7-64b8c1f64d07" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000S8v2hIAB
                    2⤵
                    • Drops file in System32 directory
                    • Executes dropped EXE
                    • Suspicious behavior: EnumeratesProcesses
                    PID:5352
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" a5b3f594-0c61-4e51-9cb1-b9071c8d5b51 "741032fa-9d0c-43fb-9d49-f7fe14c1fcdb" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q300000S8v2hIAB
                    2⤵
                    • Executes dropped EXE
                    PID:2040
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" a5b3f594-0c61-4e51-9cb1-b9071c8d5b51 "4da1b148-465c-4396-bed7-0c27761ac5e8" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000S8v2hIAB
                    2⤵
                    • Drops file in Program Files directory
                    • Executes dropped EXE
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of WriteProcessMemory
                    PID:5608
                    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                      "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                      3⤵
                      • Drops file in System32 directory
                      • Command and Scripting Interpreter: PowerShell
                      • Modifies data under HKEY_USERS
                      • Suspicious behavior: EnumeratesProcesses
                      PID:4036
                    • C:\Windows\System32\cmd.exe
                      "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                      3⤵
                      • Suspicious use of WriteProcessMemory
                      PID:2980
                      • C:\Windows\system32\cscript.exe
                        cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                        4⤵
                        • Modifies data under HKEY_USERS
                        PID:4312
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" a5b3f594-0c61-4e51-9cb1-b9071c8d5b51 "dc31d70a-e267-4465-9541-e34212fce1c0" agent-api.atera.com/Production 443 or8ixLi90Mf "install eyJSbW1Db2RlIjoiaFpDREZQaEs3NW1KIiwiUmVxdWVzdFBlcm1pc3Npb25PcHRpb24iOjMsIlJlcXVpcmVQYXNzd29yZE9wdGlvbiI6bnVsbCwiUGFzc3dvcmQiOm51bGx9" 001Q300000S8v2hIAB
                    2⤵
                    • Downloads MZ/PE file
                    • Executes dropped EXE
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of WriteProcessMemory
                    PID:6100
                    • C:\Windows\TEMP\SplashtopStreamer.exe
                      "C:\Windows\TEMP\SplashtopStreamer.exe" prevercheck /s /i sec_opt=0,confirm_d=0,hidewindow=1
                      3⤵
                      • Executes dropped EXE
                      • System Location Discovery: System Language Discovery
                      • Suspicious use of SetWindowsHookEx
                      • Suspicious use of WriteProcessMemory
                      PID:540
                      • C:\Windows\Temp\unpack\PreVerCheck.exe
                        "C:\Windows\Temp\unpack\PreVerCheck.exe" /s /i sec_opt=0,confirm_d=0,hidewindow=1
                        4⤵
                        • Executes dropped EXE
                        • System Location Discovery: System Language Discovery
                        • Suspicious use of WriteProcessMemory
                        PID:3456
                        • C:\Windows\SysWOW64\msiexec.exe
                          msiexec /norestart /i "setup.msi" /qn /l*v "C:\Windows\TEMP\PreVer.log.txt" CA_EXTPATH=1 USERINFO="sec_opt=0,confirm_d=0,hidewindow=1"
                          5⤵
                          • System Location Discovery: System Language Discovery
                          PID:3736
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" a5b3f594-0c61-4e51-9cb1-b9071c8d5b51 "a231449f-409d-44c2-96ee-5d8056b4ce03" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000S8v2hIAB
                    2⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    PID:4700
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" a5b3f594-0c61-4e51-9cb1-b9071c8d5b51 "376eeeb5-1f87-48f7-87bc-301a4dc66cb2" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000S8v2hIAB
                    2⤵
                    • Executes dropped EXE
                    • Suspicious behavior: EnumeratesProcesses
                    PID:5780
                    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                      "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                      3⤵
                      • Command and Scripting Interpreter: PowerShell
                      • Modifies data under HKEY_USERS
                      • Suspicious behavior: EnumeratesProcesses
                      PID:3532
                    • C:\Windows\System32\cmd.exe
                      "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                      3⤵
                        PID:5984
                        • C:\Windows\system32\cscript.exe
                          cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                          4⤵
                          • Modifies data under HKEY_USERS
                          PID:5004
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                    1⤵
                    • Drops file in Program Files directory
                    • Executes dropped EXE
                    • Modifies data under HKEY_USERS
                    • Suspicious use of WriteProcessMemory
                    PID:5736
                    • C:\Windows\System32\sc.exe
                      "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                      2⤵
                      • Launches sc.exe
                      PID:5644
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" a5b3f594-0c61-4e51-9cb1-b9071c8d5b51 "376eeeb5-1f87-48f7-87bc-301a4dc66cb2" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000S8v2hIAB
                      2⤵
                      • Executes dropped EXE
                      • Suspicious behavior: EnumeratesProcesses
                      PID:5312
                      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                        3⤵
                        • Drops file in System32 directory
                        • Command and Scripting Interpreter: PowerShell
                        • Modifies data under HKEY_USERS
                        • Suspicious behavior: EnumeratesProcesses
                        PID:4344
                      • C:\Windows\System32\cmd.exe
                        "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                        3⤵
                          PID:4672
                          • C:\Windows\system32\cscript.exe
                            cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                            4⤵
                            • Modifies data under HKEY_USERS
                            PID:5332
                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" a5b3f594-0c61-4e51-9cb1-b9071c8d5b51 "826515d5-f8f3-4b85-a811-5fa969763c61" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000S8v2hIAB
                        2⤵
                          PID:2424
                          • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                            "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                            3⤵
                            • Drops file in System32 directory
                            • Command and Scripting Interpreter: PowerShell
                            • Modifies data under HKEY_USERS
                            PID:5112
                          • C:\Windows\System32\cmd.exe
                            "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                            3⤵
                              PID:2332
                              • C:\Windows\system32\cscript.exe
                                cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                                4⤵
                                • Modifies data under HKEY_USERS
                                PID:2000
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" a5b3f594-0c61-4e51-9cb1-b9071c8d5b51 "ef510731-8dda-4e0a-a552-1f3a8f4005ca" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded" 001Q300000S8v2hIAB
                            2⤵
                            • Modifies data under HKEY_USERS
                            PID:808
                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                              "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe" -a "st-streamer://com.splashtop.streamer?rmm_code=hZCDFPhK75mJ&rmm_session_pwd=05aca0002dce148a91978fd1350c4044&rmm_session_pwd_ttl=86400"
                              3⤵
                              • System Location Discovery: System Language Discovery
                              PID:2648
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" a5b3f594-0c61-4e51-9cb1-b9071c8d5b51 "ca5fb88b-5af6-4859-9836-6bb0549839c6" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000S8v2hIAB
                            2⤵
                              PID:6048
                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                              "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" a5b3f594-0c61-4e51-9cb1-b9071c8d5b51 "4603e5f4-d00e-4110-95ae-a5813e37748b" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q300000S8v2hIAB
                              2⤵
                              • Drops file in Program Files directory
                              PID:5740
                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                              "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" a5b3f594-0c61-4e51-9cb1-b9071c8d5b51 "96cf7bdd-9ee8-4d7b-83ac-5006683f3976" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000S8v2hIAB
                              2⤵
                              • Drops file in System32 directory
                              PID:4756
                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                              "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe" a5b3f594-0c61-4e51-9cb1-b9071c8d5b51 "85a1dfe9-1dd0-43e2-a814-10874032c9be" agent-api.atera.com/Production 443 or8ixLi90Mf "agentprovision" 001Q300000S8v2hIAB
                              2⤵
                              • Drops file in System32 directory
                              PID:5944
                              • C:\Windows\System32\Conhost.exe
                                \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                3⤵
                                  PID:3324
                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe" a5b3f594-0c61-4e51-9cb1-b9071c8d5b51 "34aacdbd-661d-4c65-b3c0-7d1bc662ab15" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIybWFpbnRlbmFuY2VcdTAwMjIsXHUwMDIyRW5hYmxlZFx1MDAyMjpmYWxzZSxcdTAwMjJSZXBlYXRJbnRlcnZhbE1pbnV0ZXNcdTAwMjI6MTAsXHUwMDIyRGF5c0ludGVydmFsXHUwMDIyOjEsXHUwMDIyUmVwZWF0RHVyYXRpb25EYXlzXHUwMDIyOjF9In0=" 001Q300000S8v2hIAB
                                2⤵
                                  PID:5980
                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Software\Agent.Package.Software.exe
                                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Software\Agent.Package.Software.exe" a5b3f594-0c61-4e51-9cb1-b9071c8d5b51 "05bb11c9-d9f4-4eb6-87d7-feb8ee577ba8" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIyZ2V0LWluc3RhbGxlZC1zb2Z0d2FyZVx1MDAyMixcdTAwMjJDYWNoZVR0bEhvdXJzXHUwMDIyOjEyfSJ9" 001Q300000S8v2hIAB
                                  2⤵
                                    PID:4580
                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe" a5b3f594-0c61-4e51-9cb1-b9071c8d5b51 "8e9622a2-6b26-4e56-bef9-088c1687ea92" agent-api.atera.com/Production 443 or8ixLi90Mf "connect" 001Q300000S8v2hIAB
                                    2⤵
                                      PID:4076
                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" a5b3f594-0c61-4e51-9cb1-b9071c8d5b51 "8e096c86-65be-42b4-a5aa-6745659398fe" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates" 001Q300000S8v2hIAB
                                      2⤵
                                      • Drops file in System32 directory
                                      PID:2932
                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe" a5b3f594-0c61-4e51-9cb1-b9071c8d5b51 "b2a1b5ca-056f-49b6-bb38-7954da8a4ed9" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBZENvbW1hbmRUeXBlIjo1LCJJbnN0YWxsYXRpb25GaWxlVXJsIjoiaHR0cHM6Ly9wYWNrYWdlc3N0b3JlLmJsb2IuY29yZS53aW5kb3dzLm5ldC9pbnN0YWxsZXJzL0FueURlc2svV2luZG93cy9BZ2VudF9BbnlEZXNrX0N1c3RvbV9DbGllbnRfOS4wLjUubXNpIiwiRm9yY2VJbnN0YWxsIjpmYWxzZSwiVGFyZ2V0VmVyc2lvbiI6IjkuMC41In0=" 001Q300000S8v2hIAB
                                      2⤵
                                      • Drops file in System32 directory
                                      PID:5820
                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" a5b3f594-0c61-4e51-9cb1-b9071c8d5b51 "455aac8d-642a-43f2-81f1-9ac5ec6bd00a" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000S8v2hIAB
                                      2⤵
                                      • Writes to the Master Boot Record (MBR)
                                      PID:1224
                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" a5b3f594-0c61-4e51-9cb1-b9071c8d5b51 "efa4bfb9-dac7-4b8a-be0a-8cdc9983f6e5" agent-api.atera.com/Production 443 or8ixLi90Mf "probe" 001Q300000S8v2hIAB
                                      2⤵
                                      • Drops file in System32 directory
                                      PID:4860
                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe" a5b3f594-0c61-4e51-9cb1-b9071c8d5b51 "9bea13b4-db94-4a08-ba90-b1e2a7b944f4" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJDb21tYW5kTmFtZSI6Imluc3RhbGxkb3RuZXQiLCJEb3ROZXRWZXJzaW9uIjoiOC4wLjExIiwiTWFjQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzU1ZWIyYTQ5LTI1MjMtNDAyZS1iNjIzLTdhOTAxN2I4YmRlZi84Y2NkNDBhMjEzZWMyOTY0YWY0MTlmOWY3MjI2MzAyNy9kb3RuZXQtcnVudGltZS04LjAuMTEtb3N4LWFybTY0LnBrZyIsIk1hY1g2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci8zZjkyNmRkMi1kMjM0LTQzN2EtOGY2YS1lYTZkNzdjMzY4NGMvM2U4MzZhMzQ1YjEzNjA5MTcxM2E3NjliODdmMzQ5OTMvZG90bmV0LXJ1bnRpbWUtOC4wLjExLW9zeC14NjQucGtnIiwiV2luQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzljZjYyYmI3LTAyZmEtNDA3Mi1iNzY1LTVlMDRhZDA4OTc4OC8zZjM0ZGQ1NjU5Zjk5MTcyYWVhN2M0Y2M5ZGM3YTk3NS9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLWFybTY0LmV4ZSIsIldpblg2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci81M2U5ZTQxYy1iMzYyLTQ1OTgtOTk4NS00NWY5ODk1MTgwMTYvNTNjNWUxOTE5YmEyZmUyMzI3M2YyYWJhZmY2NTU5NWIvZG90bmV0LXJ1bnRpbWUtOC4wLjExLXdpbi14NjQuZXhlIiwiV2luWDg2RG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2E4ZDFhNDg5LTYwZDYtNGU2My05M2VlLWFiOWM0NGQ3OGIwZC81NTE5Zjk5ZmY1MGRlNmUwOTZiYjFkMjY2ZGQwZTY2Ny9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLXg4Ni5leGUiLCJNYWNBUk1DaGVja3N1bSI6Im1kZUhHZFVWTllIM21IcW1FMGJMaG5mNUpqNWNVaUZvdHFVSUk3bXltVEZKTXkwYzNvNWZ2YlFJSFx1MDAyQlU4bHA2QVdWZllPeS9wbXFLREpZZ3lTN3gyNEE9PSIsIk1hY1g2NENoZWNrc3VtIjoiTUdaVmR6Z0xqbjlIWmFZU21OWi9oMDZibVNRWS9ZSVJQeTdhQzNkM0kveWtLTFx1MDAyQkNubmUweUtQd1h5TW9pSHpONEtqWGZIeGdwcW0wWHJuaDlNSE04Zz09IiwiV2luQVJNQ2hlY2tzdW0iOiJWMEs0bVZwbFx1MDAyQjkxd0FYMWlZWEZyV2EyTTdORldYSjAvT29KSjMzQklWRlV1WXRzSE14TUsydWxnaTdcdTAwMkJQc1QwY1paeFBORDlhZ2t0dWZXRnZwMDl0b1E9PSIsIldpblg2NENoZWNrc3VtIjoiM05UbUVqazRubEg2Tm5ra1RmS2N1L1E5M1FNRlZHUjUxa3hlSGFQQTlESXZZS0N2VmpkYUxUNEpVY2x6VkcyL2djQW1pXHUwMDJCVXlrYXJkV2piR1hEXHUwMDJCUUh3PT0iLCJXaW5YODZDaGVja3N1bSI6InREanNWcmljT3g4RkJ1TEFzUjFVTXd4d2tQUktLOHhVdURSVVQ0L0E1b3NrdjVKdE03UzFrejBuU2FFMXRzY2JtcDROeDZ3SUNPUmZxRkJINzNlUnF3PT0iLCJXb3Jrc3BhY2VJZCI6ImJmMGNlNDlkLTc3Y2YtNDcyMS1iZjcwLTU3Njg2MzgzYzlhYiIsIkxvZ05hbWUiOiJEb3ROZXRSdW50aW1lSW5zdGFsbGF0aW9uUmVwb3J0IiwiU2hhcmVkS2V5IjoialVJUy9UOUNSVkRlS3hZZzRVcjNhQ2hoV1F1Y1k3UFZ2d2cwekh1cUpzY3JUampRMkx3SzZVamZ1N2NBMk5wckFSMHIvU1JBWEpZWWxkUEtLRnlLS1E9PSJ9" 001Q300000S8v2hIAB
                                      2⤵
                                      • Downloads MZ/PE file
                                      • Drops file in System32 directory
                                      PID:5144
                                      • C:\Windows\SYSTEM32\cmd.exe
                                        "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                                        3⤵
                                        • System Time Discovery
                                        PID:4104
                                        • C:\Windows\System32\Conhost.exe
                                          \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                          4⤵
                                            PID:5924
                                          • C:\Program Files\dotnet\dotnet.exe
                                            dotnet --list-runtimes
                                            4⤵
                                            • System Time Discovery
                                            PID:5572
                                        • C:\Program Files\dotnet\dotnet.exe
                                          "C:\Program Files\dotnet\dotnet" --list-runtimes
                                          3⤵
                                          • System Time Discovery
                                          PID:5272
                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe
                                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe" /repair /quiet /norestart
                                          3⤵
                                            PID:1392
                                            • C:\Windows\Temp\{D9855651-4AFA-4498-897C-B8D4653505AA}\.cr\8-0-11.exe
                                              "C:\Windows\Temp\{D9855651-4AFA-4498-897C-B8D4653505AA}\.cr\8-0-11.exe" -burn.clean.room="C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe" -burn.filehandle.attached=724 -burn.filehandle.self=720 /repair /quiet /norestart
                                              4⤵
                                              • System Location Discovery: System Language Discovery
                                              • System Time Discovery
                                              PID:3336
                                              • C:\Windows\Temp\{E29ACE1E-615F-44CA-A464-3755F5716188}\.be\dotnet-runtime-8.0.11-win-x64.exe
                                                "C:\Windows\Temp\{E29ACE1E-615F-44CA-A464-3755F5716188}\.be\dotnet-runtime-8.0.11-win-x64.exe" -q -burn.elevated BurnPipe.{6499C0C7-16BE-425B-9BAA-D444C754BC1F} {E6D35C7E-4303-4738-82B2-17D0E890E7AF} 3336
                                                5⤵
                                                • Adds Run key to start application
                                                • System Location Discovery: System Language Discovery
                                                • System Time Discovery
                                                • Modifies registry class
                                                PID:2380
                                          • C:\Windows\SYSTEM32\cmd.exe
                                            "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                                            3⤵
                                            • System Time Discovery
                                            PID:6120
                                            • C:\Program Files\dotnet\dotnet.exe
                                              dotnet --list-runtimes
                                              4⤵
                                              • System Time Discovery
                                              PID:2252
                                          • C:\Windows\SYSTEM32\cmd.exe
                                            "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                                            3⤵
                                            • System Time Discovery
                                            PID:2936
                                            • C:\Program Files\dotnet\dotnet.exe
                                              dotnet --list-runtimes
                                              4⤵
                                              • System Time Discovery
                                              PID:3472
                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" a5b3f594-0c61-4e51-9cb1-b9071c8d5b51 "7615f856-e987-4464-b9d4-9e9b635fb683" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000S8v2hIAB
                                          2⤵
                                          • Drops file in Program Files directory
                                          PID:2920
                                          • C:\Windows\SYSTEM32\msiexec.exe
                                            "msiexec.exe" /i C:\Windows\TEMP\ateraAgentSetup64_1_8_7_2.msi /lv* AteraSetupLog.txt /qn /norestart
                                            3⤵
                                            • Modifies data under HKEY_USERS
                                            PID:5316
                                      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                                        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe"
                                        1⤵
                                        • System Location Discovery: System Language Discovery
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:5032
                                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe
                                          "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe"
                                          2⤵
                                          • Drops file in System32 directory
                                          • Loads dropped DLL
                                          • System Location Discovery: System Language Discovery
                                          • Modifies data under HKEY_USERS
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:5284
                                          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
                                            -h -t
                                            3⤵
                                            • Loads dropped DLL
                                            • System Location Discovery: System Language Discovery
                                            • Suspicious use of SetWindowsHookEx
                                            PID:5092
                                          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe
                                            "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe"
                                            3⤵
                                            • Loads dropped DLL
                                            • System Location Discovery: System Language Discovery
                                            • Suspicious behavior: EnumeratesProcesses
                                            PID:5100
                                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe
                                              "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe" -v
                                              4⤵
                                                PID:4596
                                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe
                                              "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe"
                                              3⤵
                                              • System Location Discovery: System Language Discovery
                                              • Suspicious behavior: EnumeratesProcesses
                                              • Suspicious use of SetWindowsHookEx
                                              PID:4140
                                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
                                              "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe"
                                              3⤵
                                              • Drops file in Program Files directory
                                              • System Location Discovery: System Language Discovery
                                              PID:3568
                                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                                                SRUtility.exe -r
                                                4⤵
                                                • System Location Discovery: System Language Discovery
                                                PID:4956
                                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVirtualDisplay.exe
                                              "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVirtualDisplay.exe"
                                              3⤵
                                              • System Location Discovery: System Language Discovery
                                              • Suspicious use of SetWindowsHookEx
                                              PID:1540
                                              • C:\Windows\System32\cmd.exe
                                                "C:\Windows\System32\cmd.exe" /c "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\install_driver64.bat" nosetkey
                                                4⤵
                                                  PID:4860
                                                  • C:\Windows\system32\cmd.exe
                                                    C:\Windows\system32\cmd.exe /c ver
                                                    5⤵
                                                      PID:3524
                                                    • C:\Windows\system32\sc.exe
                                                      sc query ddmgr
                                                      5⤵
                                                      • Launches sc.exe
                                                      PID:5884
                                                    • C:\Windows\system32\sc.exe
                                                      sc query lci_proxykmd
                                                      5⤵
                                                      • Launches sc.exe
                                                      PID:5328
                                                    • C:\Windows\system32\rundll32.exe
                                                      rundll32 x64\my_setup.dll do_install_lci_proxywddm
                                                      5⤵
                                                      • Drops file in System32 directory
                                                      • Checks SCSI registry key(s)
                                                      • Modifies data under HKEY_USERS
                                                      PID:2516
                                            • C:\Windows\system32\cmd.exe
                                              C:\Windows\system32\cmd.exe /c "C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" /burn.runonce
                                              1⤵
                                              • System Time Discovery
                                              PID:1628
                                              • C:\Windows\System32\Conhost.exe
                                                \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                2⤵
                                                  PID:2332
                                                • C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe
                                                  "C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" /burn.runonce
                                                  2⤵
                                                  • System Location Discovery: System Language Discovery
                                                  • System Time Discovery
                                                  PID:3464
                                                  • C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe
                                                    "C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" /quiet /norestart /burn.log.append "C:\Windows\TEMP\Microsoft_.NET_Runtime_-_8.0.11_(x64)_20250414092033.log"
                                                    3⤵
                                                    • System Location Discovery: System Language Discovery
                                                    • System Time Discovery
                                                    PID:5400
                                                    • C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe
                                                      "C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" -burn.filehandle.attached=520 -burn.filehandle.self=540 /quiet /norestart /burn.log.append "C:\Windows\TEMP\Microsoft_.NET_Runtime_-_8.0.11_(x64)_20250414092033.log"
                                                      4⤵
                                                      • Checks computer location settings
                                                      • System Location Discovery: System Language Discovery
                                                      • System Time Discovery
                                                      PID:3560
                                                      • C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe
                                                        "C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" -q -burn.elevated BurnPipe.{EAED42A0-3A10-4A0E-BFC7-7D60CDF4D510} {CFD61BC1-3A57-4964-BF8F-DEC21846B1A9} 3560
                                                        5⤵
                                                        • Adds Run key to start application
                                                        • System Location Discovery: System Language Discovery
                                                        • System Time Discovery
                                                        PID:5720
                                              • C:\Windows\system32\cmd.exe
                                                C:\Windows\system32\cmd.exe /c "C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" /burn.runonce
                                                1⤵
                                                • System Time Discovery
                                                PID:3544
                                                • C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe
                                                  "C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" /burn.runonce
                                                  2⤵
                                                  • System Location Discovery: System Language Discovery
                                                  • System Time Discovery
                                                  PID:2848
                                                  • C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe
                                                    "C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe"
                                                    3⤵
                                                    • System Location Discovery: System Language Discovery
                                                    • System Time Discovery
                                                    PID:636
                                                    • C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe
                                                      "C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" -burn.filehandle.attached=532 -burn.filehandle.self=540
                                                      4⤵
                                                      • System Location Discovery: System Language Discovery
                                                      • System Time Discovery
                                                      PID:4664
                                              • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe
                                                "C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe"
                                                1⤵
                                                • Drops file in Program Files directory
                                                • Modifies data under HKEY_USERS
                                                PID:4452
                                                • C:\Windows\System32\sc.exe
                                                  "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                                                  2⤵
                                                  • Launches sc.exe
                                                  PID:5792
                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Software\Agent.Package.Software.exe
                                                  "C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Software\Agent.Package.Software.exe" a5b3f594-0c61-4e51-9cb1-b9071c8d5b51 "7c828b8f-d94c-4c79-bc41-7aa91fafd362" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIyZ2V0LWluc3RhbGxlZC1zb2Z0d2FyZVx1MDAyMixcdTAwMjJDYWNoZVR0bEhvdXJzXHUwMDIyOjEyfSJ9" 001Q300000S8v2hIAB
                                                  2⤵
                                                    PID:1560
                                                  • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                                                    "C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe" a5b3f594-0c61-4e51-9cb1-b9071c8d5b51 "1408c0f1-c930-4ac4-840b-d8d8ac603c1e" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIybWFpbnRlbmFuY2VcdTAwMjIsXHUwMDIyRW5hYmxlZFx1MDAyMjpmYWxzZSxcdTAwMjJSZXBlYXRJbnRlcnZhbE1pbnV0ZXNcdTAwMjI6MTAsXHUwMDIyRGF5c0ludGVydmFsXHUwMDIyOjEsXHUwMDIyUmVwZWF0RHVyYXRpb25EYXlzXHUwMDIyOjF9In0=" 001Q300000S8v2hIAB
                                                    2⤵
                                                      PID:6016
                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                                                      "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe" a5b3f594-0c61-4e51-9cb1-b9071c8d5b51 "a1b6bca1-aded-4c7e-a9e3-26acd73f672f" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBZENvbW1hbmRUeXBlIjo1LCJJbnN0YWxsYXRpb25GaWxlVXJsIjoiaHR0cHM6Ly9wYWNrYWdlc3N0b3JlLmJsb2IuY29yZS53aW5kb3dzLm5ldC9pbnN0YWxsZXJzL0FueURlc2svV2luZG93cy9BZ2VudF9BbnlEZXNrX0N1c3RvbV9DbGllbnRfOS4wLjUubXNpIiwiRm9yY2VJbnN0YWxsIjpmYWxzZSwiVGFyZ2V0VmVyc2lvbiI6IjkuMC41In0=" 001Q300000S8v2hIAB
                                                      2⤵
                                                        PID:1728
                                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                        "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" a5b3f594-0c61-4e51-9cb1-b9071c8d5b51 "552b833c-3656-40ac-8119-e810191fc8c7" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000S8v2hIAB
                                                        2⤵
                                                          PID:3468
                                                          • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                            "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                                                            3⤵
                                                            • Command and Scripting Interpreter: PowerShell
                                                            • Modifies data under HKEY_USERS
                                                            PID:2260
                                                          • C:\Windows\System32\cmd.exe
                                                            "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                                                            3⤵
                                                              PID:3676
                                                              • C:\Windows\system32\cscript.exe
                                                                cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                                                                4⤵
                                                                • Modifies data under HKEY_USERS
                                                                PID:1860
                                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                                                            "C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe" a5b3f594-0c61-4e51-9cb1-b9071c8d5b51 "804713f8-b369-47d0-b32b-45469bd182cb" agent-api.atera.com/Production 443 or8ixLi90Mf "connect" 001Q300000S8v2hIAB
                                                            2⤵
                                                              PID:5972
                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                                              "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" a5b3f594-0c61-4e51-9cb1-b9071c8d5b51 "6ef483f3-297e-4c7c-ba61-83e6cd54d03a" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000S8v2hIAB
                                                              2⤵
                                                                PID:5332
                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                                                                "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe" a5b3f594-0c61-4e51-9cb1-b9071c8d5b51 "46e83934-3ac0-449f-b580-8da513708de6" agent-api.atera.com/Production 443 or8ixLi90Mf "agentprovision" 001Q300000S8v2hIAB
                                                                2⤵
                                                                  PID:2520
                                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                                                  "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" a5b3f594-0c61-4e51-9cb1-b9071c8d5b51 "fc2ab887-039c-4908-8183-60201017e4c8" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q300000S8v2hIAB
                                                                  2⤵
                                                                    PID:5400
                                                                  • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                                    "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" a5b3f594-0c61-4e51-9cb1-b9071c8d5b51 "85217d55-8708-45fb-860d-b55516a72b96" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded" 001Q300000S8v2hIAB
                                                                    2⤵
                                                                      PID:5624
                                                                      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                                                                        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe" -a "st-streamer://com.splashtop.streamer?rmm_code=hZCDFPhK75mJ&rmm_session_pwd=05aca0002dce148a91978fd1350c4044&rmm_session_pwd_ttl=86400"
                                                                        3⤵
                                                                          PID:4908
                                                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                                        "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" a5b3f594-0c61-4e51-9cb1-b9071c8d5b51 "f5708a15-b314-4f26-9cd5-9d7ca9b73821" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000S8v2hIAB
                                                                        2⤵
                                                                        • Writes to the Master Boot Record (MBR)
                                                                        • Modifies data under HKEY_USERS
                                                                        PID:5460
                                                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                                                        "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" a5b3f594-0c61-4e51-9cb1-b9071c8d5b51 "60fd837f-9a90-4e91-8f11-c6b03d9fe24b" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates" 001Q300000S8v2hIAB
                                                                        2⤵
                                                                        • Modifies data under HKEY_USERS
                                                                        PID:4644
                                                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                                                                        "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe" a5b3f594-0c61-4e51-9cb1-b9071c8d5b51 "72f01e7f-158d-4590-99eb-220ef06063f2" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJDb21tYW5kTmFtZSI6Imluc3RhbGxkb3RuZXQiLCJEb3ROZXRWZXJzaW9uIjoiOC4wLjExIiwiTWFjQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzU1ZWIyYTQ5LTI1MjMtNDAyZS1iNjIzLTdhOTAxN2I4YmRlZi84Y2NkNDBhMjEzZWMyOTY0YWY0MTlmOWY3MjI2MzAyNy9kb3RuZXQtcnVudGltZS04LjAuMTEtb3N4LWFybTY0LnBrZyIsIk1hY1g2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci8zZjkyNmRkMi1kMjM0LTQzN2EtOGY2YS1lYTZkNzdjMzY4NGMvM2U4MzZhMzQ1YjEzNjA5MTcxM2E3NjliODdmMzQ5OTMvZG90bmV0LXJ1bnRpbWUtOC4wLjExLW9zeC14NjQucGtnIiwiV2luQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzljZjYyYmI3LTAyZmEtNDA3Mi1iNzY1LTVlMDRhZDA4OTc4OC8zZjM0ZGQ1NjU5Zjk5MTcyYWVhN2M0Y2M5ZGM3YTk3NS9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLWFybTY0LmV4ZSIsIldpblg2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci81M2U5ZTQxYy1iMzYyLTQ1OTgtOTk4NS00NWY5ODk1MTgwMTYvNTNjNWUxOTE5YmEyZmUyMzI3M2YyYWJhZmY2NTU5NWIvZG90bmV0LXJ1bnRpbWUtOC4wLjExLXdpbi14NjQuZXhlIiwiV2luWDg2RG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2E4ZDFhNDg5LTYwZDYtNGU2My05M2VlLWFiOWM0NGQ3OGIwZC81NTE5Zjk5ZmY1MGRlNmUwOTZiYjFkMjY2ZGQwZTY2Ny9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLXg4Ni5leGUiLCJNYWNBUk1DaGVja3N1bSI6Im1kZUhHZFVWTllIM21IcW1FMGJMaG5mNUpqNWNVaUZvdHFVSUk3bXltVEZKTXkwYzNvNWZ2YlFJSFx1MDAyQlU4bHA2QVdWZllPeS9wbXFLREpZZ3lTN3gyNEE9PSIsIk1hY1g2NENoZWNrc3VtIjoiTUdaVmR6Z0xqbjlIWmFZU21OWi9oMDZibVNRWS9ZSVJQeTdhQzNkM0kveWtLTFx1MDAyQkNubmUweUtQd1h5TW9pSHpONEtqWGZIeGdwcW0wWHJuaDlNSE04Zz09IiwiV2luQVJNQ2hlY2tzdW0iOiJWMEs0bVZwbFx1MDAyQjkxd0FYMWlZWEZyV2EyTTdORldYSjAvT29KSjMzQklWRlV1WXRzSE14TUsydWxnaTdcdTAwMkJQc1QwY1paeFBORDlhZ2t0dWZXRnZwMDl0b1E9PSIsIldpblg2NENoZWNrc3VtIjoiM05UbUVqazRubEg2Tm5ra1RmS2N1L1E5M1FNRlZHUjUxa3hlSGFQQTlESXZZS0N2VmpkYUxUNEpVY2x6VkcyL2djQW1pXHUwMDJCVXlrYXJkV2piR1hEXHUwMDJCUUh3PT0iLCJXaW5YODZDaGVja3N1bSI6InREanNWcmljT3g4RkJ1TEFzUjFVTXd4d2tQUktLOHhVdURSVVQ0L0E1b3NrdjVKdE03UzFrejBuU2FFMXRzY2JtcDROeDZ3SUNPUmZxRkJINzNlUnF3PT0iLCJXb3Jrc3BhY2VJZCI6ImJmMGNlNDlkLTc3Y2YtNDcyMS1iZjcwLTU3Njg2MzgzYzlhYiIsIkxvZ05hbWUiOiJEb3ROZXRSdW50aW1lSW5zdGFsbGF0aW9uUmVwb3J0IiwiU2hhcmVkS2V5IjoialVJUy9UOUNSVkRlS3hZZzRVcjNhQ2hoV1F1Y1k3UFZ2d2cwekh1cUpzY3JUampRMkx3SzZVamZ1N2NBMk5wckFSMHIvU1JBWEpZWWxkUEtLRnlLS1E9PSJ9" 001Q300000S8v2hIAB
                                                                        2⤵
                                                                          PID:5884
                                                                          • C:\Windows\SYSTEM32\cmd.exe
                                                                            "cmd.exe" /K "cd /d C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                                                                            3⤵
                                                                            • System Time Discovery
                                                                            PID:4892
                                                                            • C:\Program Files\dotnet\dotnet.exe
                                                                              dotnet --list-runtimes
                                                                              4⤵
                                                                              • System Time Discovery
                                                                              PID:5620
                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                                                                          "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" a5b3f594-0c61-4e51-9cb1-b9071c8d5b51 "71cd8769-1eb1-4aa8-b4d5-4a60b4e004d3" agent-api.atera.com/Production 443 or8ixLi90Mf "probe" 001Q300000S8v2hIAB
                                                                          2⤵
                                                                            PID:3284
                                                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                                            "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" a5b3f594-0c61-4e51-9cb1-b9071c8d5b51 "25d6932e-7fd7-49ca-935d-d9dd0ca6e7f3" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000S8v2hIAB
                                                                            2⤵
                                                                            • Modifies data under HKEY_USERS
                                                                            • Modifies registry class
                                                                            PID:2384
                                                                        • C:\Windows\system32\svchost.exe
                                                                          C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
                                                                          1⤵
                                                                          • Checks SCSI registry key(s)
                                                                          PID:2876
                                                                          • C:\Windows\system32\DrvInst.exe
                                                                            DrvInst.exe "4" "1" "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\lci_iddcx.inf" "9" "4804066df" "000000000000014C" "WinSta0\Default" "000000000000015C" "208" "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10"
                                                                            2⤵
                                                                            • Drops file in System32 directory
                                                                            • Drops file in Windows directory
                                                                            • Checks SCSI registry key(s)
                                                                            • Modifies data under HKEY_USERS
                                                                            PID:3284
                                                                          • C:\Windows\system32\DrvInst.exe
                                                                            DrvInst.exe "4" "1" "c:\program files (x86)\splashtop\splashtop remote\server\driver\lcidisplay\win10\lci_proxywddm.inf" "9" "4a8a251e7" "0000000000000170" "WinSta0\Default" "0000000000000174" "208" "c:\program files (x86)\splashtop\splashtop remote\server\driver\lcidisplay\win10"
                                                                            2⤵
                                                                            • Drops file in System32 directory
                                                                            • Checks SCSI registry key(s)
                                                                            • Modifies data under HKEY_USERS
                                                                            PID:3468
                                                                          • C:\Windows\system32\DrvInst.exe
                                                                            DrvInst.exe "2" "211" "ROOT\SYSTEM\0001" "C:\Windows\INF\oem4.inf" "oem4.inf:c276d4b8d1e66062:lci_proxywddm.Install:1.0.2018.1204:root\lci_proxywddm," "4a8a251e7" "0000000000000170"
                                                                            2⤵
                                                                            • Drops file in Drivers directory
                                                                            • Drops file in System32 directory
                                                                            • Checks SCSI registry key(s)
                                                                            PID:4444
                                                                          • C:\Windows\system32\DrvInst.exe
                                                                            DrvInst.exe "1" "0" "LCI\IDDCX\1&79f5d87&0&WHO_CARE" "" "" "48ef22a9f" "0000000000000000"
                                                                            2⤵
                                                                            • Drops file in Drivers directory
                                                                            • Checks SCSI registry key(s)
                                                                            PID:6104

                                                                        Network

                                                                        MITRE ATT&CK Enterprise v16

                                                                        Reconnaissance

                                                                        Resource Development

                                                                        Initial Access

                                                                        Execution

                                                                        Command and Scripting Interpreter

                                                                        1
                                                                        T1059

                                                                        PowerShell

                                                                        1
                                                                        T1059.001

                                                                        Persistence

                                                                        Boot or Logon Autostart Execution

                                                                        1
                                                                        T1547

                                                                        Registry Run Keys / Startup Folder

                                                                        1
                                                                        T1547.001

                                                                        Event Triggered Execution

                                                                        2
                                                                        T1546

                                                                        Component Object Model Hijacking

                                                                        1
                                                                        T1546.015

                                                                        Installer Packages

                                                                        1
                                                                        T1546.016

                                                                        Pre-OS Boot

                                                                        1
                                                                        T1542

                                                                        Bootkit

                                                                        1
                                                                        T1542.003

                                                                        Privilege Escalation

                                                                        Boot or Logon Autostart Execution

                                                                        1
                                                                        T1547

                                                                        Registry Run Keys / Startup Folder

                                                                        1
                                                                        T1547.001

                                                                        Event Triggered Execution

                                                                        2
                                                                        T1546

                                                                        Component Object Model Hijacking

                                                                        1
                                                                        T1546.015

                                                                        Installer Packages

                                                                        1
                                                                        T1546.016

                                                                        Defense Evasion

                                                                        Modify Registry

                                                                        2
                                                                        T1112

                                                                        Pre-OS Boot

                                                                        1
                                                                        T1542

                                                                        Bootkit

                                                                        1
                                                                        T1542.003

                                                                        Subvert Trust Controls

                                                                        1
                                                                        T1553

                                                                        Install Root Certificate

                                                                        1
                                                                        T1553.004

                                                                        System Binary Proxy Execution

                                                                        1
                                                                        T1218

                                                                        Msiexec

                                                                        1
                                                                        T1218.007

                                                                        Credential Access

                                                                        Discovery

                                                                        Peripheral Device Discovery

                                                                        2
                                                                        T1120

                                                                        Query Registry

                                                                        5
                                                                        T1012

                                                                        System Information Discovery

                                                                        4
                                                                        T1082

                                                                        System Location Discovery

                                                                        1
                                                                        T1614

                                                                        System Language Discovery

                                                                        1
                                                                        T1614.001

                                                                        System Time Discovery

                                                                        1
                                                                        T1124

                                                                        Lateral Movement

                                                                        Collection

                                                                        Command and Control

                                                                        Exfiltration

                                                                        Impact

                                                                        Replay Monitor

                                                                        Loading Replay Monitor...

                                                                        Downloads

                                                                        • C:\Config.Msi\e579c8f.rbs
                                                                          Filesize

                                                                          8KB

                                                                          MD5

                                                                          8583e2f2cc6a2119c26b8d25f4b9cfd7

                                                                          SHA1

                                                                          d3c5da233b3b1297c6da94742353a34e99c20833

                                                                          SHA256

                                                                          62cc2c48c03ded48e7cc87a941b15e99e55d097700924db0228f4d63c812fad9

                                                                          SHA512

                                                                          040ef95cc70cb4c1dd20e297b892124ee92e4aa3fc34dba106b9ad327c0dabb1a1d92fed76aa61fd01c5ac666c7aca5c5cbdd0718c2d1358be7f143abfb024b4

                                                                          Download Submit

                                                                        • C:\Config.Msi\e579c94.rbs
                                                                          Filesize

                                                                          74KB

                                                                          MD5

                                                                          8e7d5111eabefdfbfcec4378802ce19c

                                                                          SHA1

                                                                          f3230b2e4c401b81018e858fb316c803c5a2cebe

                                                                          SHA256

                                                                          9b2c3a4836839f44bd3e6a72e712d4a3705f8656583eed8192250655b178ba9c

                                                                          SHA512

                                                                          624cea204307841f6a58f22f643afcbd9a58e3e0a648bb80f12d91b7e139c3568b5c054289508a1a1235131aed975648e131552c4509f1eabf7389fa69af81a0

                                                                          Download Submit

                                                                        • C:\Config.Msi\e579c96.rbs
                                                                          Filesize

                                                                          464B

                                                                          MD5

                                                                          6f62b6ee9c1ce2f80f6b0f87357ad10e

                                                                          SHA1

                                                                          a654acde355f1f97cdb653ec34b987e8c2c5c421

                                                                          SHA256

                                                                          ddf22b0c780dfbe643211297f4c87073a4343edca97fb40a1512590ecdb4c7e5

                                                                          SHA512

                                                                          9e8334e94d36eaf9bb8e7249c679644ebc8c6330f149a0bc80fb474acc8cdce788566f7177ce9b8d3b9e8258f74da27255e0e6d37a5e2ad78e12abebb7b3559f

                                                                          Download Submit

                                                                        • C:\Config.Msi\e579c9a.rbs
                                                                          Filesize

                                                                          48KB

                                                                          MD5

                                                                          0d7561196b125bda0b6c7b3b19464204

                                                                          SHA1

                                                                          b7c25677115f31cf5c0c8ba3448407670172df68

                                                                          SHA256

                                                                          24861921bb8145ad053e9c59a31776be5d8d24662d311aa3f373e9783fce3893

                                                                          SHA512

                                                                          d4e8859509dbfe67fa1f9caaae20510a893a41ec0005621ca5538d9f32bada6ccac32b7daaa870bfdf3accd9a5c53ab79b5e43e61e399bef196651dc6925a250

                                                                          Download Submit

                                                                        • C:\Config.Msi\e579c9f.rbs
                                                                          Filesize

                                                                          9KB

                                                                          MD5

                                                                          7595d349f43d27aa96252e3adb6b7021

                                                                          SHA1

                                                                          fa8e8d2136d07993adfa46d62d8eda32c852862a

                                                                          SHA256

                                                                          7502a5d848ee142008223f5beb4145fe4def56bafb21754505524f8a5dba8b70

                                                                          SHA512

                                                                          423378d718ef36ae4548757aa31c0cd1b6dac9e42888368c3a3d3a8f58b37e8df9940cacf84aaa2036b814ab3c28eca4365c18d9e2b635b5a55bb3175c432543

                                                                          Download Submit

                                                                        • C:\Config.Msi\e579ca4.rbs
                                                                          Filesize

                                                                          11KB

                                                                          MD5

                                                                          6c13913d88bea44996e97616924d6051

                                                                          SHA1

                                                                          571dc55a8f38a8a0e3f2b19ca8f2860ffc5497df

                                                                          SHA256

                                                                          8148e3366d3aa4d8ccdeeda5925fec6a63b09d92ad74b4dae62485d87143b8c2

                                                                          SHA512

                                                                          3fcece0c09605e71bed0ec95d5f076c57f50c99350c3e0b958e0de97601722485b5dfe7e5baa2bb004a1bdfe29ff554557c7121caa0d5825ed8b460ddf414cb7

                                                                          Download Submit

                                                                        • C:\Config.Msi\e579ca9.rbs
                                                                          Filesize

                                                                          8KB

                                                                          MD5

                                                                          c06dce7d86c83d2496efc122a9c178fb

                                                                          SHA1

                                                                          8c472b75821ba98fa56906602c1a93f278014dbb

                                                                          SHA256

                                                                          412dce16a42fe7e6f2de50fb9d475fd00d2433a7de46aae4cc5d21270f46e443

                                                                          SHA512

                                                                          970bf2ab1a136aac67adef18bbbdbeee4a232ed6e281bd2597faf96d4602c8ec7ac5f1c06c87aca04cf235c32e7937fd5c346ebec39609451933880eca5f60bf

                                                                          Download Submit

                                                                        • C:\Config.Msi\e579caa.rbf
                                                                          Filesize

                                                                          143KB

                                                                          MD5

                                                                          33b4c87f18b4c49114d7a8980241657a

                                                                          SHA1

                                                                          254c67b915e45ad8584434a4af5e06ca730baa3b

                                                                          SHA256

                                                                          587296f3ff624295079471e529104385e5c30ddc46462096d343c76515e1d662

                                                                          SHA512

                                                                          42b48b4dcd76a8b2200cfafddc064c053a9d1a4b91b81dee9153322c0b2269e4d75f340c1bf7e7750351fb656445efaf1e1fe0f7e543497b247dd3f83f0c86f9

                                                                          Download Submit

                                                                        • C:\Config.Msi\e579cab.rbf
                                                                          Filesize

                                                                          3B

                                                                          MD5

                                                                          21438ef4b9ad4fc266b6129a2f60de29

                                                                          SHA1

                                                                          5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd

                                                                          SHA256

                                                                          13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354

                                                                          SHA512

                                                                          37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237

                                                                          Download Submit

                                                                        • C:\Config.Msi\e579cb1.rbs
                                                                          Filesize

                                                                          9KB

                                                                          MD5

                                                                          f00bff772be664b8d00d8c6698aaa6bb

                                                                          SHA1

                                                                          ccb4a8d19480b772497b3169dd1261dc2ba914da

                                                                          SHA256

                                                                          92635830105c94bfda2438b43df635aef577817e97718f6ec6aa36b07f74e48c

                                                                          SHA512

                                                                          008687cdc02a3f9a8bfd5f10e6cab762f4baac509142b12bb41b462dfc3af49b4fa0e74c69ab4d1243b55e388a8d20091fd969dd9b94c05f3820c81eb5ab4716

                                                                          Download Submit

                                                                        • C:\Config.Msi\e579cb9.rbs
                                                                          Filesize

                                                                          8KB

                                                                          MD5

                                                                          1ba0c2fb8abafec0d25d5f96de032bae

                                                                          SHA1

                                                                          c5580de0f27eb6d6c3c465e8c0da240c1245a6ae

                                                                          SHA256

                                                                          0362d323e588ff3eda4e96f87b5ebc1065ee4f4f78212f6d6c9dd2dd08783256

                                                                          SHA512

                                                                          f848ec825c0e54479e631bb1288c9366d53e6166eaffe056c2f86c77a317f66985b53a7d20e032cc80887e95877047ae5831eda9bb59d9ad977ffdad6d3c2bc3

                                                                          Download Submit

                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                                                          Filesize

                                                                          1KB

                                                                          MD5

                                                                          337079222a6f6c6edf58f3f981ff20ae

                                                                          SHA1

                                                                          1f705fc0faa84c69e1fe936b34783b301323e255

                                                                          SHA256

                                                                          ae56a6c4f6622b5485c46d9fde5d3db468c1bfb573b34c9f199007b5eedcbda5

                                                                          SHA512

                                                                          ae9cd225f7327da6eeea63c661b9e159d6608dff4897fb6b9651a1756d69282e8051b058a2473d9153fc87c0b54aa59b9a1a865871df693adcb267f8b0157b61

                                                                          Download Submit

                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                          Filesize

                                                                          142KB

                                                                          MD5

                                                                          477293f80461713d51a98a24023d45e8

                                                                          SHA1

                                                                          e9aa4e6c514ee951665a7cd6f0b4a4c49146241d

                                                                          SHA256

                                                                          a96a0ba7998a6956c8073b6eff9306398cc03fb9866e4cabf0810a69bb2a43b2

                                                                          SHA512

                                                                          23f3bd44a5fb66be7fea3f7d6440742b657e4050b565c1f8f4684722502d46b68c9e54dcc2486e7de441482fcc6aa4ad54e94b1d73992eb5d070e2a17f35de2f

                                                                          Download Submit

                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config
                                                                          Filesize

                                                                          1KB

                                                                          MD5

                                                                          b3bb71f9bb4de4236c26578a8fae2dcd

                                                                          SHA1

                                                                          1ad6a034ccfdce5e3a3ced93068aa216bd0c6e0e

                                                                          SHA256

                                                                          e505b08308622ad12d98e1c7a07e5dc619a2a00bcd4a5cbe04fe8b078bcf94a2

                                                                          SHA512

                                                                          fb6a46708d048a8f964839a514315b9c76659c8e1ab2cd8c5c5d8f312aa4fb628ab3ce5d23a793c41c13a2aa6a95106a47964dad72a5ecb8d035106fc5b7ba71

                                                                          Download Submit

                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll
                                                                          Filesize

                                                                          210KB

                                                                          MD5

                                                                          c106df1b5b43af3b937ace19d92b42f3

                                                                          SHA1

                                                                          7670fc4b6369e3fb705200050618acaa5213637f

                                                                          SHA256

                                                                          2b5b7a2afbc88a4f674e1d7836119b57e65fae6863f4be6832c38e08341f2d68

                                                                          SHA512

                                                                          616e45e1f15486787418a2b2b8eca50cacac6145d353ff66bf2c13839cd3db6592953bf6feed1469db7ddf2f223416d5651cd013fb32f64dc6c72561ab2449ae

                                                                          Download Submit

                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll
                                                                          Filesize

                                                                          693KB

                                                                          MD5

                                                                          2c4d25b7fbd1adfd4471052fa482af72

                                                                          SHA1

                                                                          fd6cd773d241b581e3c856f9e6cd06cb31a01407

                                                                          SHA256

                                                                          2a7a84768cc09a15362878b270371daad9872caacbbeebe7f30c4a7ed6c03ca7

                                                                          SHA512

                                                                          f7f94ec00435466db2fb535a490162b906d60a3cfa531a36c4c552183d62d58ccc9a6bb8bbfe39815844b0c3a861d3e1f1178e29dbcb6c09fa2e6ebbb7ab943a

                                                                          Download Submit

                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                                                                          Filesize

                                                                          146KB

                                                                          MD5

                                                                          8d477b63bc5a56ae15314bda8dea7a3a

                                                                          SHA1

                                                                          3ca390584cd3e11172a014784e4c968e7cbb18f5

                                                                          SHA256

                                                                          9eec91cdd39cbb560ad5b1d063df67088f412da4b851ae41e71304fb8a444293

                                                                          SHA512

                                                                          44e3d91ad96b4cb919c06ccb91d3c3e31165b2412e1d78bfbaca0bee6f0c1a3253b3e3ddf19009cebf12c261a0392f6a0b7091cf8aba1d0cc4c1ed61c1b6dc42

                                                                          Download Submit

                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Software\Agent.Package.Software.exe
                                                                          Filesize

                                                                          145KB

                                                                          MD5

                                                                          32b43563e860a1797f9b5197b2893bec

                                                                          SHA1

                                                                          ef8125963e9382db994629865a929d9317e07b95

                                                                          SHA256

                                                                          a1b45513a6946b0d7b972429feb069ea6bb27670d3c5271db02455f26c451a69

                                                                          SHA512

                                                                          b8e299cac3b948f4af16544b558e9644f3402f9baca4f4a72a7074176b0507b5664fd92b2095e94d687323acec761f1f1899057364103199077e67216c05e6b2

                                                                          Download Submit

                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                                                                          Filesize

                                                                          145KB

                                                                          MD5

                                                                          2b9beb2fdbc41afc48d68d32ef41dd08

                                                                          SHA1

                                                                          4a9ea4cf8e02e34ef2dd0ef849ffc0cd9ea6f91c

                                                                          SHA256

                                                                          977d48979e30a146417937d7e11b26334edec2abddfae1369a9c4348e34857b1

                                                                          SHA512

                                                                          3e3c3e39ff2df0d1ed769e6c5acba6f7c5d2737d3c426fb4f0e19f3cf6c604707155917584e454a3f208524ed46766b7a3d2d861fa7419f8258c3b6022238e10

                                                                          Download Submit

                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                                                                          Filesize

                                                                          51KB

                                                                          MD5

                                                                          3180c705182447f4bcc7ce8e2820b25d

                                                                          SHA1

                                                                          ad6486557819a33d3f29b18d92b43b11707aae6e

                                                                          SHA256

                                                                          5b536eda4bff1fdb5b1db4987e66da88c6c0e1d919777623344cd064d5c9ba22

                                                                          SHA512

                                                                          228149e1915d8375aa93a0aff8c5a1d3417df41b46f5a6d9a7052715dbb93e1e0a034a63f0faad98d4067bcfe86edb5eb1ddf750c341607d33931526c784eb35

                                                                          Download Submit

                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.INI
                                                                          Filesize

                                                                          12B

                                                                          MD5

                                                                          eca4e75e54ad1f7399e57c18580474ab

                                                                          SHA1

                                                                          28fbde46981fa9643dccc45f556f4b2eee0bba54

                                                                          SHA256

                                                                          8e8a22eb5f91f1f8fdcfa57e849fda18ff69dbdc3e9da179302673780f597331

                                                                          SHA512

                                                                          d9f0ce128adcc236d4f570de6d41c2c002a455f5e73ff3144ef66590e46f5867fc144465ea4050b790b697450c66b4ee595fda4cbbadba2940e6406b99835e48

                                                                          Download Submit

                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                          Filesize

                                                                          248KB

                                                                          MD5

                                                                          51ecaf32a6076ecfa733ffa645634756

                                                                          SHA1

                                                                          a5b7560e810f9482290c15eedec92731ab10bb41

                                                                          SHA256

                                                                          b2b04d4e08c152d0f43764efc14f155e76fa1fba58475188cbd3cdc92e51f457

                                                                          SHA512

                                                                          83222a1b9253364190b2733409190427a01fd05c173a7a04bede45642ddf8619fc10d1067e73fd110a4d83c9da82728ad1e83d35326bb2787d8b46c27fa797a9

                                                                          Download Submit

                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config
                                                                          Filesize

                                                                          1021B

                                                                          MD5

                                                                          51a41966b950af62998eee5043f543b0

                                                                          SHA1

                                                                          d4ce80134834a1f10d50a6cac3ca3a3e80ff1dc2

                                                                          SHA256

                                                                          f1461b023e02fac832979ebf9bfa59ee7043885c90fc8ee6f8077f07a1cb7097

                                                                          SHA512

                                                                          9c4ba08451116f92036ce24075a641eb5973b740bb876cb8ec7229dae10308364404f175b8abd1f0d6eefa73b9123fa857bf2c3b39577d767831444f99435936

                                                                          Download Submit

                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll
                                                                          Filesize

                                                                          109KB

                                                                          MD5

                                                                          308b8f226c9731513b42fb975a39dfdb

                                                                          SHA1

                                                                          95aad91d1c3e97b3f9af8d955f1ee761f3714a89

                                                                          SHA256

                                                                          fbbd3028ed6e373ffd489f441871b3bb336280d9dbef7adf4bb358c6b195fcda

                                                                          SHA512

                                                                          7abd7675d5f85b2eb6321e9e18c6ee4388898c77e88086bae183d348763a1ee2efda322dfe05a478c29b9cdbada4667455f0e5e70e9bae932268b1cab811278c

                                                                          Download Submit

                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll
                                                                          Filesize

                                                                          693KB

                                                                          MD5

                                                                          8e004ca7e38e44a7ff12d0b519a6b1c2

                                                                          SHA1

                                                                          aba81436ea4b88c4f662029e8e105e3fa1dde139

                                                                          SHA256

                                                                          623918f6cb0d86fed4499655308916db984a5ff69afb90975cdb40611cf6e0c0

                                                                          SHA512

                                                                          b7b6621ac35fc89f50167036552bc729140d474c7e776b9757c0cfacd4203f118540d382a571055c1e8ef83ff4f4a988fd850acbce902919e87f3de0c1db4018

                                                                          Download Submit

                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                                                          Filesize

                                                                          27KB

                                                                          MD5

                                                                          797c9554ec56fd72ebb3f6f6bef67fb5

                                                                          SHA1

                                                                          40af8f7e72222ba9ec2ea2dd1e42ff51dc2eb1bb

                                                                          SHA256

                                                                          7138b6beda7a3f640871e232d93b4307065ab3cd9cfac1bd7964a6bec9e60f49

                                                                          SHA512

                                                                          4f461a8a25da59f47ced0c0dbf59318ddb30c21758037e22bbaa3b03d08ff769bfd1bfc7f43f0e020df8ae4668355ab4b9e42950dca25435c2dd3e9a341c4a08

                                                                          Download Submit

                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                                                          Filesize

                                                                          214KB

                                                                          MD5

                                                                          01807774f043028ec29982a62fa75941

                                                                          SHA1

                                                                          afc25cf6a7a90f908c0a77f2519744f75b3140d4

                                                                          SHA256

                                                                          9d4727352bf6d1cca9cba16953ebd1be360b9df570fd7ba022172780179c251e

                                                                          SHA512

                                                                          33bd2b21db275dc8411da6a1c78effa6f43b34afd2f57959e2931aa966edea46c78d7b11729955879889cbe8b81a8e3fb9d3f7e4988e3b7f309cbd1037e0dc02

                                                                          Download Submit

                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                                                                          Filesize

                                                                          37KB

                                                                          MD5

                                                                          efb4712c8713cb05eb7fe7d87a83a55a

                                                                          SHA1

                                                                          c94d106bba77aecf88540807da89349b50ea5ae7

                                                                          SHA256

                                                                          30271d8a49c2547ab63a80bc170f42e9f240cf359a844b10bc91340444678e75

                                                                          SHA512

                                                                          3594955ad79a07f75c697229b0de30c60c2c7372b5a94186a705159a25d2e233e398b9e2dc846b8b47e295dcddd1765a8287b13456c0a3b3c4e296409a428ef8

                                                                          Download Submit

                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring.zip
                                                                          Filesize

                                                                          3.5MB

                                                                          MD5

                                                                          723a7f489fb1861821fee5f5de0acba0

                                                                          SHA1

                                                                          ad76a8ec8cd52346c575894e08c458e1adf620b7

                                                                          SHA256

                                                                          0b1afe081f2e2aefdcf40cada67e79e287536999e99145748aeeb4f0010730f5

                                                                          SHA512

                                                                          b3ea87dd52d79b73b443154b71ea44da1ce86032bb4646d2a2813218e55113b3c1b854dc638229ecda370fa49863228dea1e86b6d455457095a9de865e25b0e1

                                                                          Download Submit

                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                                          Filesize

                                                                          396KB

                                                                          MD5

                                                                          b5929e2ca0e402a373b633bb78d0414a

                                                                          SHA1

                                                                          38146d4f3ddca1b1e854bf638b7722356e5e2195

                                                                          SHA256

                                                                          d7b43a4807e1841b94353656fcfd45b69f7550adf137c56aefb85104883fb821

                                                                          SHA512

                                                                          65e02019656d61238b8fc784496eb6ccf238a5f6eff9b101893641cb45d9c63058cf67abb2bc75007e9e2726458115eb8e9ad9a4cf34a86435ea637dc78c3ea6

                                                                          Download Submit

                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                                          Filesize

                                                                          48KB

                                                                          MD5

                                                                          448900064c39b3aef33a6ac6609d9ed4

                                                                          SHA1

                                                                          b83eba36166837b181c6121d1c085c2e04ff05ed

                                                                          SHA256

                                                                          570d236e497352cbea84940b91d0dc048170f557faa74d4486a2bead4518f3ad

                                                                          SHA512

                                                                          9285013f09d1d5200ef5372d432720e149d348b1e12b65c5ed402f5bb8b3f629f79940300f9124de4b08c53f6dab869255a35981c022bc7e31d75ad7ebdf2345

                                                                          Download Submit

                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                                                          Filesize

                                                                          303KB

                                                                          MD5

                                                                          3599654fec6a32f214fcd3169886703b

                                                                          SHA1

                                                                          523dece93e47234d1a1d4030e0f2504c3d16158b

                                                                          SHA256

                                                                          06cabbb9f17822cfa44ac78e33ef2d6381b12cb013e7a462586450ea7c6f26ee

                                                                          SHA512

                                                                          88de39813a91bbcc50ab7c0602585a943a6dbdca2c5418bf758c3f21791c0c1307c9dffda5b508d00dbb4cf76090fd5166311d26ada798f40a60cf3f3cf31fa8

                                                                          Download Submit

                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                                                                          Filesize

                                                                          53KB

                                                                          MD5

                                                                          8c105c1fdaac154d727df0ed34bca083

                                                                          SHA1

                                                                          3525fc304f7464876ec0bac3305d604e8a2340c9

                                                                          SHA256

                                                                          dd4b31b650621c6ee76bc65ef7d4a56901fc4d6629816e64c3fbe2539ea6d4e2

                                                                          SHA512

                                                                          47793671c67625a5595c09f87bcb592e403f9103a410a62d1e8d37b5d38ced47fb8efecb9fb7d55e5b41834923907af91aa8fbe884aecd73a888cfa7170fc9f4

                                                                          Download Submit

                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote.zip
                                                                          Filesize

                                                                          333KB

                                                                          MD5

                                                                          745714d838c4d4f88c6e0db6a434f444

                                                                          SHA1

                                                                          90689ce709bf2464b678c7afa7b1e18f080d52bb

                                                                          SHA256

                                                                          e35302995dad1d5e4b7147d8763f7262500271cf01eac8edfa896b392ac7139f

                                                                          SHA512

                                                                          08cbfac0b604530108978c757ad8481c69ed62deac5520777bacee9751f3f260d2c3158609fd723819d8d6626c46b302fe7da7005efc09ab571871ac9d58a0ed

                                                                          Download Submit

                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                                          Filesize

                                                                          70KB

                                                                          MD5

                                                                          e9b3a59f67febdd7f8fbe68d71c5d0ab

                                                                          SHA1

                                                                          22bd3ec3f8e0be2f317ade9d553acdb3ea11f52e

                                                                          SHA256

                                                                          bff4de54dacec104e1e63659857ca99d3e9658dcc09d6e1cbf54dc7b22629cbf

                                                                          SHA512

                                                                          00e95ea600777025a30e23c755522b869320ca445ac5bd74f123306457d0793efa338220cba9d064e5d25cc3dcf19d66e4e48d3a1c72d196eeb77fb61e4b0688

                                                                          Download Submit

                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                                                                          Filesize

                                                                          50KB

                                                                          MD5

                                                                          5bb0687e2384644ea48f688d7e75377b

                                                                          SHA1

                                                                          44e4651a52517570894cfec764ec790263b88c4a

                                                                          SHA256

                                                                          963a4c7863beae55b1058f10f38b5f0d026496c28c78246230d992fd7b19b70a

                                                                          SHA512

                                                                          260b661f52287af95c5033b0a03ac2e182211d165cadb7c4a19e5a8ca765e76fc84b0daf298c3eccb4904504a204194a9bf2547fc91039c3ec2d41f9977ff650

                                                                          Download Submit

                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                                          Filesize

                                                                          32KB

                                                                          MD5

                                                                          0308f32676d9211746048594a5bcb7c3

                                                                          SHA1

                                                                          5caf000789ba28a18de93a6ce536a352414fd871

                                                                          SHA256

                                                                          0c64ec6ff34865a8d2fc0e267ead43c8f70a6dc36ab476af6748797995f4bc43

                                                                          SHA512

                                                                          980248cf713fd9721f2a41aed19a227ad76c2bcbac928df70129b4e4441c62a00b5df5cda0a583cffd365424ea6a7625ded6132f89ed70aa61c851b90b2487d2

                                                                          Download Submit

                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                          Filesize

                                                                          60KB

                                                                          MD5

                                                                          99c72ae773f0e16818bc628e6c30272a

                                                                          SHA1

                                                                          901b18faa2eeb35946746bcf80a3ed7a67f6daab

                                                                          SHA256

                                                                          9159d0f626aebaca406d0ff9abfe19d6153f3d6eefbc1f831a48c17f4aea7a81

                                                                          SHA512

                                                                          f05b5884ab3f8b2c0960c2ccbb982555948d293fd37bd29df1157d40c138f1eed6fc94ac5a7d7a4fd098755e9d242d4da992d073ddffcc8f0c543e538b322633

                                                                          Download Submit

                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll
                                                                          Filesize

                                                                          588KB

                                                                          MD5

                                                                          17d74c03b6bcbcd88b46fcc58fc79a0d

                                                                          SHA1

                                                                          bc0316e11c119806907c058d62513eb8ce32288c

                                                                          SHA256

                                                                          13774cc16c1254752ea801538bfb9a9d1328f8b4dd3ff41760ac492a245fbb15

                                                                          SHA512

                                                                          f1457a8596a4d4f9b98a7dcb79f79885fa28bd7fc09a606ad3cd6f37d732ec7e334a64458e51e65d839ddfcdf20b8b5676267aa8ced0080e8cf81a1b2291f030

                                                                          Download Submit

                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\AteraAgent.InstallLog
                                                                          Filesize

                                                                          753B

                                                                          MD5

                                                                          8298451e4dee214334dd2e22b8996bdc

                                                                          SHA1

                                                                          bc429029cc6b42c59c417773ea5df8ae54dbb971

                                                                          SHA256

                                                                          6fbf5845a6738e2dc2aa67dd5f78da2c8f8cb41d866bbba10e5336787c731b25

                                                                          SHA512

                                                                          cda4ffd7d6c6dff90521c6a67a3dba27bf172cc87cee2986ae46dccd02f771d7e784dcad8aea0ad10decf46a1c8ae1041c184206ec2796e54756e49b9217d7ba

                                                                          Download Submit

                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt
                                                                          Filesize

                                                                          219B

                                                                          MD5

                                                                          7d5d46e06d148a712ac5390ce9bb85d9

                                                                          SHA1

                                                                          d8312f193378ee49f0e5ae5d1696f1f90a42ff37

                                                                          SHA256

                                                                          c4f3e722d37cf585544cc95266d3c4019e8f6fa748fe110a577233a97a969779

                                                                          SHA512

                                                                          fbf6660f30ac36c0a3fd056bd6cccee61a64d6f7f57af8ceca0cd5c1d21b8317cc69c836360dcfc50d5ac712b5be33e4b71e9266016bb8f3aea0bc14495aee1b

                                                                          Download Submit

                                                                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd.exe
                                                                          Filesize

                                                                          9KB

                                                                          MD5

                                                                          1ef7574bc4d8b6034935d99ad884f15b

                                                                          SHA1

                                                                          110709ab33f893737f4b0567f9495ac60c37667c

                                                                          SHA256

                                                                          0814aad232c96a4661081e570cf1d9c5f09a8572cfd8e9b5d3ead0fa0f5ca271

                                                                          SHA512

                                                                          947c306a3a1eec7fce29eaa9b8d4b5e00fd0918fe9d7a25e262d621fb3ee829d5f4829949e766a660e990d1ac14f87e13e5dbd5f7c8252ae9b2dc82e2762fb73

                                                                          Download Submit

                                                                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd64.exe
                                                                          Filesize

                                                                          10KB

                                                                          MD5

                                                                          f512536173e386121b3ebd22aac41a4e

                                                                          SHA1

                                                                          74ae133215345beaebb7a95f969f34a40dda922a

                                                                          SHA256

                                                                          a993872ad05f33cb49543c00dfca036b32957d2bd09aaa9dafe33b934b7a3e4a

                                                                          SHA512

                                                                          1efa432ef2d61a6f7e7fc3606c5c982f1b95eabc4912ea622d533d540ddca1a340f8a5f4652af62a9efc112ca82d4334e74decf6ddbc88b0bd191060c08a63b9

                                                                          Download Submit

                                                                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon.exe
                                                                          Filesize

                                                                          76KB

                                                                          MD5

                                                                          b40fe65431b18a52e6452279b88954af

                                                                          SHA1

                                                                          c25de80f00014e129ff290bf84ddf25a23fdfc30

                                                                          SHA256

                                                                          800e396be60133b5ab7881872a73936e24cbebd7a7953cee1479f077ffcf745e

                                                                          SHA512

                                                                          e58cf187fd71e6f1f5cf7eac347a2682e77bc9a88a64e79a59e1a480cac20b46ad8d0f947dd2cb2840a2e0bb6d3c754f8f26fcf2d55b550eea4f5d7e57a4d91d

                                                                          Download Submit

                                                                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon64.exe
                                                                          Filesize

                                                                          80KB

                                                                          MD5

                                                                          3904d0698962e09da946046020cbcb17

                                                                          SHA1

                                                                          edae098e7e8452ca6c125cf6362dda3f4d78f0ae

                                                                          SHA256

                                                                          a51e25acc489948b31b1384e1dc29518d19b421d6bc0ced90587128899275289

                                                                          SHA512

                                                                          c24ab680981d8d6db042b52b7b5c5e92078df83650cad798874fc09ce8c8a25462e1b69340083f4bcad20d67068668abcfa8097e549cfa5ad4f1ee6a235d6eea

                                                                          Download Submit

                                                                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\db\SRAgent.sqlite3
                                                                          Filesize

                                                                          96KB

                                                                          MD5

                                                                          992dedc529e7c72f32901b82a43bc5d1

                                                                          SHA1

                                                                          7e8850b7cd8e870c3e5394bda98b2c48b3a8a012

                                                                          SHA256

                                                                          742c68571fadbaa5ec673bfe70d0ab0b29ee7da3be6ce36180fe996023df8319

                                                                          SHA512

                                                                          bb7adff268bfbf5a12666d695506b02e7b44a5fdbbbf14845a3828c33cb4eea03d5244134b0145c4cbfd47a7f4b09d4c68fa8b248b34239b88d8e4fe9319d4c3

                                                                          Download Submit

                                                                        • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                                                          Filesize

                                                                          287B

                                                                          MD5

                                                                          fcad4da5d24f95ebf38031673ddbcdb8

                                                                          SHA1

                                                                          3f68c81b47e6b4aebd08100c97de739c98f57deb

                                                                          SHA256

                                                                          7e1def23e5ab80fea0688c3f9dbe81c0ab4ec9e7bdbcc0a4f9cd413832755e63

                                                                          SHA512

                                                                          1694957720b7a2137f5c96874b1eb814725bdba1f60b0106073fa921da00038a532764ec9a5501b6ffb9904ee485ce42ff2a61c41f88b5ff9b0afde93d6f7f3d

                                                                          Download Submit

                                                                        • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallState
                                                                          Filesize

                                                                          7KB

                                                                          MD5

                                                                          362ce475f5d1e84641bad999c16727a0

                                                                          SHA1

                                                                          6b613c73acb58d259c6379bd820cca6f785cc812

                                                                          SHA256

                                                                          1f78f1056761c6ebd8965ed2c06295bafa704b253aff56c492b93151ab642899

                                                                          SHA512

                                                                          7630e1629cf4abecd9d3ddea58227b232d5c775cb480967762a6a6466be872e1d57123b08a6179fe1cfbc09403117d0f81bc13724f259a1d25c1325f1eac645b

                                                                          Download Submit

                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability.zip
                                                                          Filesize

                                                                          1.3MB

                                                                          MD5

                                                                          40df7f2a02cdfa70ae76d70d21473428

                                                                          SHA1

                                                                          4baddbc082fdb197c77bc1c232be2881a82a7ec8

                                                                          SHA256

                                                                          f037309cf6b0174ba282106da31c141e3912486c69c438a53afe7ff589743dc2

                                                                          SHA512

                                                                          2522483e9d1b9fc20f14ffab3dcb2a9e5735a260e08e7196a05319076ad9b4d7a9fe94b28c52559022f003d2fe55ec5e4abcecb1b11f4000e804dae5b1c0126f

                                                                          Download Submit

                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Software.zip
                                                                          Filesize

                                                                          1.6MB

                                                                          MD5

                                                                          0e716ebf03f2937d544ecd16508a2606

                                                                          SHA1

                                                                          13ea3144117ed76c3347d9e29cb4398c329c79d4

                                                                          SHA256

                                                                          57603d1a9b47fb699a5ec6747eaad408fff65f35bee665bdccff9d09334bd608

                                                                          SHA512

                                                                          4680687f19fa46d089b5c80c6b83d6822eb70a27ec9586a9d602ac14afda6a918b02adbc3567205378c0fea59715119acb5a32ea16366ebf48382553496ba763

                                                                          Download Submit

                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Software\Agent.Package.Software.runtimeconfig.json
                                                                          Filesize

                                                                          375B

                                                                          MD5

                                                                          e8d9109bd15637b1fbf349f9c7ff776f

                                                                          SHA1

                                                                          19762daa20afc8085ba6417a7215f1fe2d619f60

                                                                          SHA256

                                                                          c4a84cdd787cb31aaa46e8282f7d288f0641fdaa4252ac78979340131c8b9110

                                                                          SHA512

                                                                          5cc792c0cdf32c4c893eebc6651aabed7428d2f467b58d3b58ad21dfce9dd4ee0924257b4699297f6d41069f27829ce8b8a711642f3208981761b48382d68b74

                                                                          Download Submit

                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog.zip
                                                                          Filesize

                                                                          1.8MB

                                                                          MD5

                                                                          5ed9543e9f5826ead203316ef0a8863d

                                                                          SHA1

                                                                          8235c0e7568ec42d6851c198adc76f006883eb4b

                                                                          SHA256

                                                                          33583a8e2dcf039382e80bfa855944407bcba71976ec41c52810cb8358f42043

                                                                          SHA512

                                                                          5b4318ddc6953f31531ee8163463259da5546f1018c0fe671280337751f1c57398a5fd28583afba85e93d70167494b8997c23fee121e67bf2f6fb4ca076e9d9f

                                                                          Download Submit

                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote.zip
                                                                          Filesize

                                                                          1.1MB

                                                                          MD5

                                                                          9a9b1fd85b5f1dcd568a521399a0d057

                                                                          SHA1

                                                                          34ed149b290a3a94260d889ba50cb286f1795fa6

                                                                          SHA256

                                                                          88d5a5a4a1b56963d509989b9be1a914afe3e9ee25c2d786328df85da4a7820d

                                                                          SHA512

                                                                          7c1259dddff406fdaadb236bf4c7dfb734c9da34fd7bad9994839772e298ebf3f19f02eb0655e773ba82702aa9175337ba4416c561dc2cb604d08e271cc74776

                                                                          Download Submit

                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation.zip
                                                                          Filesize

                                                                          673KB

                                                                          MD5

                                                                          4273b6b6cf5856ffbed8ccbb31328892

                                                                          SHA1

                                                                          cbd8196a984b7da22ec10f4c1b3c835a384a395e

                                                                          SHA256

                                                                          f8853371616211c2eb21b999dbd4907c005183b34f67f06f3b4acfbf75093df6

                                                                          SHA512

                                                                          ae11669a9c28d820a7779713fb071a7c07fdbc2199312ea7ad6d61bc3b37e11be8fca720796d982a5eccc1b273a53fd37b9590e118d6101a71f01f3eada358d5

                                                                          Download Submit

                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat.zip
                                                                          Filesize

                                                                          321KB

                                                                          MD5

                                                                          d3901e62166e9c42864fe3062cb4d8d5

                                                                          SHA1

                                                                          c9c19eec0fa04514f2f8b20f075d8f31b78bae70

                                                                          SHA256

                                                                          dbc0e52e6de93a0567a61c7b1e86daa51fbef725a4a31eef4c9bbff86f43671c

                                                                          SHA512

                                                                          ae33e57759e573773b9bb79944b09251f0dc4e07cdb8f373ec06963abfc1e6a6326df7f3b5fecf90bd2b060e3cb5a48b913b745cc853ac32d2558a8651c76111

                                                                          Download Submit

                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller.zip
                                                                          Filesize

                                                                          814KB

                                                                          MD5

                                                                          9b1f97a41bfb95f148868b49460d9d04

                                                                          SHA1

                                                                          768031d5e877e347a249dfdeab7c725df941324b

                                                                          SHA256

                                                                          09491858d849212847e4718d6cc8f2b1bc3caa671ceb165cf522290b960262e4

                                                                          SHA512

                                                                          9c8929a78cb459f519ace48db494d710efd588a19a7dbea84f46d02563cc9615db8aa78a020f08eca6fa2b99473d15c8192a513b4df8073aef595040d8962ae4

                                                                          Download Submit

                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace.zip
                                                                          Filesize

                                                                          1.2MB

                                                                          MD5

                                                                          e74d2a16da1ddb7f9c54f72b8a25897c

                                                                          SHA1

                                                                          32379af2dc1c1cb998dc81270b7d6be054f7c1a0

                                                                          SHA256

                                                                          a0c2f9479b5e3da9d7a213ebc59f1dd983881f4fc47a646ffc0a191e07966f46

                                                                          SHA512

                                                                          52b8de90dc9ca41388edc9ae637d5b4ce5c872538c87cc3e7d45edcf8eff78b0f5743ab4927490abda1cff38f2a19983b7ccc0fe3f854b0eacca9c9ce28eda75

                                                                          Download Submit

                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.ini
                                                                          Filesize

                                                                          12B

                                                                          MD5

                                                                          b2d5d511002960697118598e9233b21d

                                                                          SHA1

                                                                          9f0c9252594d590e47027d9fb6afc34abbd3d6f1

                                                                          SHA256

                                                                          a7a70e5be36672e698230c01904255958bf3e5d81bb5655ffc8dc9221b6134be

                                                                          SHA512

                                                                          d773d1c77c59c51270ec4f1357ae227e81ca599a98798001ad2c587f1b54877501128a9895ebdc47a5d0a0372a2804ecdc9fb9b47f1ea53607c54eb74a4a7dd7

                                                                          Download Submit

                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                                          Filesize

                                                                          48KB

                                                                          MD5

                                                                          b4a865268d5aca5f93bab91d7d83c800

                                                                          SHA1

                                                                          95ac9334096f5a38ca1c92df31b1e73ae4586930

                                                                          SHA256

                                                                          5cbf60b0873660b151cf8cd62e326fe8006d1d0cbde2fad697e7f8ad3f284203

                                                                          SHA512

                                                                          c46ee29861f7e2a1e350cf32602b4369991510804b4b87985465090dd7af64cf6d8dbfa2300f73b2f90f6af95fc0cb5fd1e444b5ddb41dbc89746f04dca6137b

                                                                          Download Submit

                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                                          Filesize

                                                                          48KB

                                                                          MD5

                                                                          e03fd53d0693acffb3ebcf097d338b6c

                                                                          SHA1

                                                                          15fd7114c53b95185c649640d55dfdce7ea46094

                                                                          SHA256

                                                                          c09746bc1656f0400419c90041c3ea8a8928cb594f61ca114435293adefd7642

                                                                          SHA512

                                                                          6ab758b05dac9cfa38c999adaf2bde99e1e2f3a84201fcc83c2e78f31eafd6bfe1e6122dd250d47668ed0a67eee708de0528e8e882adf905e888d032c97c57bc

                                                                          Download Submit

                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                                          Filesize

                                                                          48KB

                                                                          MD5

                                                                          aedb13eca187227959192b2d3960d2e6

                                                                          SHA1

                                                                          00184465f03feccf4ec467494af1161207856a52

                                                                          SHA256

                                                                          d88fcc5c652288d2e9e85b68c28d94f494e00e06aab32628677982c1b51ab6cf

                                                                          SHA512

                                                                          c75d352cf2d531885c9efce40240fef49285e3cedd752e83b646c6cbef7119a8fcf91c8d04a41dcd77d8ae3c8283daede13663e68d392007fa4391876cd6480f

                                                                          Download Submit

                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates.zip
                                                                          Filesize

                                                                          2.8MB

                                                                          MD5

                                                                          a5b275a4daa8669700b6e9ce1e2c41d8

                                                                          SHA1

                                                                          85a982c682d19623010e9d595dbde72fba738161

                                                                          SHA256

                                                                          cf789fc90c44cb5064de670816131a12cd855c65a735da0f0210e2ca62697e4c

                                                                          SHA512

                                                                          e18d194855e459a7f7c06a0d2d2f205084f4f5d410b2b8c09db194198a959519b22c892fd712ed2ee3437c4a90f4e76a5c3c48e8f775c612c48981e8c0cdf1e8

                                                                          Download Submit

                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller.zip
                                                                          Filesize

                                                                          1.1MB

                                                                          MD5

                                                                          bccad70b35abf4bdd51d2cabe9e2a114

                                                                          SHA1

                                                                          2d255cb7170b6b592b4849fb9f00b0add0a99c48

                                                                          SHA256

                                                                          6d25105508b5e94af634d97f1751b9926adcbc5ad86f3bc2d79d26c4712d1c06

                                                                          SHA512

                                                                          394de4ffe8a9fcf9e4ca6038b3579dc04a6f1c15e8cb3428b10540726aaf563073a893efb14dba1d109af15994a0bf1370a0cd53de5a8c759ee123ed362e0b29

                                                                          Download Submit

                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe.config
                                                                          Filesize

                                                                          541B

                                                                          MD5

                                                                          d0efb0a6d260dbe5d8c91d94b77d7acd

                                                                          SHA1

                                                                          e33a8c642d2a4b3af77e0c79671eab5200a45613

                                                                          SHA256

                                                                          7d38534766a52326a04972a47caca9c05e95169725d59ab4a995f8a498678102

                                                                          SHA512

                                                                          a3f1cff570201b8944780cf475b58969332c6af9bea0a6231e59443b05fc96df06a005ff05f78954dbe2fec42da207f6d26025aa558d0a30a36f0df23a44a35c

                                                                          Download Submit

                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.ini
                                                                          Filesize

                                                                          12B

                                                                          MD5

                                                                          880d31390a25de6a9cd34463b46c75e6

                                                                          SHA1

                                                                          837af65938c9606b5de3c6f2195fc3e855554cd7

                                                                          SHA256

                                                                          425adf50cf113d68bd6aa8dc1015db43422bbc1c977933d5f8c1ecaabf18eb2e

                                                                          SHA512

                                                                          8e9dd066ff73625a5a55d1ece5ba1e4fb248ab14a32880a3d4d86266176cb4f1c61f8301e1ff49839c283affe877b9fbcd3bc2b9763c08b0b63ba56023c2282b

                                                                          Download Submit

                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools.zip
                                                                          Filesize

                                                                          670KB

                                                                          MD5

                                                                          96e50bbca30d75af7b8b40acf8dda817

                                                                          SHA1

                                                                          4b1255280dff8de8b7be47def58f83f6ec39ded6

                                                                          SHA256

                                                                          a3ad00ccb61bc87d58eb7977f68130b78a0b95e74d61e6a4624ac114ccde5736

                                                                          SHA512

                                                                          0034c08cb878b703f272e3fd2734bb928ff1bdba85cf79a151519b019c83bd4d199c80af0aa30db28ef82f7ee68a9d59dcaede92f83bfe8787f6a5d4d5e9817c

                                                                          Download Submit

                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing.zip
                                                                          Filesize

                                                                          3.1MB

                                                                          MD5

                                                                          9c8eb5e114c1446f78f1312256ab61e4

                                                                          SHA1

                                                                          6b820d9158359687e52878d72b6121b295ad6ffd

                                                                          SHA256

                                                                          3f5eef6b6777c84ebd4d957bf7c0ab096614554453339327286f7535dcc480f5

                                                                          SHA512

                                                                          2f8c831a7e75ce92fdbe005cd5bd7213850a4f8937ded0712210c69b8e1748732a6222ba5ec26ce9c2ee73b2a3b6e391551bf09b3db2914be5c7096ae7565c9c

                                                                          Download Submit

                                                                        • C:\Program Files\dotnet\dotnet.exe
                                                                          Filesize

                                                                          143KB

                                                                          MD5

                                                                          71026b098f8fb39c88b003df746d9fa0

                                                                          SHA1

                                                                          013ca259f551ad6f33db53fff0e121e74408e20e

                                                                          SHA256

                                                                          11058e8c2cd05f30dcf1775644bf19d2913c9a6d674c12f91d1896d95d9cc5c2

                                                                          SHA512

                                                                          9830be3444225a4b2f9fa4aedbc8af4f45fdb2548f0b6a2eba2a2a407ea3c7d8fd78c0e37fac66cafbdfad781ae78b076d225fd5c836a451f57a54053ccef9ad

                                                                          Download Submit

                                                                        • C:\ProgramData\Splashtop\Splashtop Remote Server\Credential\ad32d30e1439b89a1e5b4221ee2b1851
                                                                          Filesize

                                                                          16KB

                                                                          MD5

                                                                          b2e89027a140a89b6e3eb4e504e93d96

                                                                          SHA1

                                                                          f3b1b34874b73ae3032decb97ef96a53a654228f

                                                                          SHA256

                                                                          5f97b3a9d3702d41e15c0c472c43bea25f825401adbc6e0e1425717e75174982

                                                                          SHA512

                                                                          93fc993af1c83f78fd991cc3d145a81ee6229a89f2c70e038c723032bf5ad12d9962309005d94cdbe0ef1ab11dc5205f57bcf1bc638ee0099fedf88977b99a19

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_93E8F0A6DF0B1F1414474691911362FC
                                                                          Filesize

                                                                          727B

                                                                          MD5

                                                                          dc51fefcb17d7403d7bb44041b3dc713

                                                                          SHA1

                                                                          f79d84c234d0582bde296c0a0f44248e5fab22ae

                                                                          SHA256

                                                                          286ed5eea2c9d736b117a5d2a13c77d9b9f62e39d1b062e43587347a71ad6bf3

                                                                          SHA512

                                                                          0df68035bfbcc8225480574cdd6fa8b551fedb5a9e8312e903c224f3f313b41b1f5110b56371aefc5aa073f4be7177f6ff1204a95ca833cea316ec4212cce136

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_93E8F0A6DF0B1F1414474691911362FC
                                                                          Filesize

                                                                          412B

                                                                          MD5

                                                                          06747afe58891adc960e808e75c16910

                                                                          SHA1

                                                                          cb38cd8f466215600fa656acff02a125b0ccd2db

                                                                          SHA256

                                                                          7c0e633500f5544d54b147f8e875c89dc58742a52e06ef25e508f3fd5d80a4ee

                                                                          SHA512

                                                                          cdbc21f9da2d09c7c71fd55d0a6be39195a5fbe4650783284106cc1d456d647263c956d3ce0c4992aa4b9f0536eb735e51ac0f119667e865bdb003d8eaf1e531

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log
                                                                          Filesize

                                                                          651B

                                                                          MD5

                                                                          9bbfe11735bac43a2ed1be18d0655fe2

                                                                          SHA1

                                                                          61141928bb248fd6e9cd5084a9db05a9b980fb3a

                                                                          SHA256

                                                                          549953bd4fc8acc868a9374ec684ebd9e7b23939adf551016f3433b642697b74

                                                                          SHA512

                                                                          a78c52b2ddc057dabf260eeb744b9f55eab3374ad96e1938a291d2b17f204a0d6e1aa02802de75f0b2cd6d156540d2ddee15e889b89d5e619207054df4c1d483

                                                                          Download Submit

                                                                        • C:\Windows\Installer\MSI3012.tmp
                                                                          Filesize

                                                                          4.5MB

                                                                          MD5

                                                                          08211c29e0d617a579ffa2c41bde1317

                                                                          SHA1

                                                                          4991dae22d8cdc6ca172ad1846010e3d9e35c301

                                                                          SHA256

                                                                          3334a7025ff6cd58d38155a8f9b9867f1a2d872964c72776c9bf4c50f51f9621

                                                                          SHA512

                                                                          d6ae36a09745fdd6d0d508b18eb9f3499a06a7eeafa0834bb47a7004f4b7d54f15fec0d0a45b7e6347a85c8091ca52fe4c679f6f23c3668efe75a660a8ce917f

                                                                          Download Submit

                                                                        • C:\Windows\Installer\MSI9D2A.tmp
                                                                          Filesize

                                                                          509KB

                                                                          MD5

                                                                          88d29734f37bdcffd202eafcdd082f9d

                                                                          SHA1

                                                                          823b40d05a1cab06b857ed87451bf683fdd56a5e

                                                                          SHA256

                                                                          87c97269e2b68898be87b884cd6a21880e6f15336b1194713e12a2db45f1dccf

                                                                          SHA512

                                                                          1343ed80dccf0fa4e7ae837b68926619d734bc52785b586a4f4102d205497d2715f951d9acacc8c3e5434a94837820493173040dc90fb7339a34b6f3ef0288d0

                                                                          Download Submit

                                                                        • C:\Windows\Installer\MSI9D2A.tmp-\AlphaControlAgentInstallation.dll
                                                                          Filesize

                                                                          25KB

                                                                          MD5

                                                                          aa1b9c5c685173fad2dabebeb3171f01

                                                                          SHA1

                                                                          ed756b1760e563ce888276ff248c734b7dd851fb

                                                                          SHA256

                                                                          e44a6582cd3f84f4255d3c230e0a2c284e0cffa0ca5e62e4d749e089555494c7

                                                                          SHA512

                                                                          d3bfb4bd7e7fdb7159fbfc14056067c813ce52cdd91e885bdaac36820b5385fb70077bf58ec434d31a5a48245eb62b6794794618c73fe7953f79a4fc26592334

                                                                          Download Submit

                                                                        • C:\Windows\Installer\MSI9D2A.tmp-\Microsoft.Deployment.WindowsInstaller.dll
                                                                          Filesize

                                                                          179KB

                                                                          MD5

                                                                          1a5caea6734fdd07caa514c3f3fb75da

                                                                          SHA1

                                                                          f070ac0d91bd337d7952abd1ddf19a737b94510c

                                                                          SHA256

                                                                          cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

                                                                          SHA512

                                                                          a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

                                                                          Download Submit

                                                                        • C:\Windows\Installer\MSIA2E8.tmp-\CustomAction.config
                                                                          Filesize

                                                                          1KB

                                                                          MD5

                                                                          bc17e956cde8dd5425f2b2a68ed919f8

                                                                          SHA1

                                                                          5e3736331e9e2f6bf851e3355f31006ccd8caa99

                                                                          SHA256

                                                                          e4ff538599c2d8e898d7f90ccf74081192d5afa8040e6b6c180f3aa0f46ad2c5

                                                                          SHA512

                                                                          02090daf1d5226b33edaae80263431a7a5b35a2ece97f74f494cc138002211e71498d42c260395ed40aee8e4a40474b395690b8b24e4aee19f0231da7377a940

                                                                          Download Submit

                                                                        • C:\Windows\Installer\MSIA2E8.tmp-\Newtonsoft.Json.dll
                                                                          Filesize

                                                                          695KB

                                                                          MD5

                                                                          715a1fbee4665e99e859eda667fe8034

                                                                          SHA1

                                                                          e13c6e4210043c4976dcdc447ea2b32854f70cc6

                                                                          SHA256

                                                                          c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

                                                                          SHA512

                                                                          bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

                                                                          Download Submit

                                                                        • C:\Windows\Installer\MSIAC51.tmp
                                                                          Filesize

                                                                          211KB

                                                                          MD5

                                                                          a3ae5d86ecf38db9427359ea37a5f646

                                                                          SHA1

                                                                          eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

                                                                          SHA256

                                                                          c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

                                                                          SHA512

                                                                          96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

                                                                          Download Submit

                                                                        • C:\Windows\Installer\MSIC208.tmp
                                                                          Filesize

                                                                          219KB

                                                                          MD5

                                                                          928f4b0fc68501395f93ad524a36148c

                                                                          SHA1

                                                                          084590b18957ca45b4a0d4576d1cc72966c3ea10

                                                                          SHA256

                                                                          2bf33a9b9980e44d21d48f04cc6ac4eed4c68f207bd5990b7d3254a310b944ae

                                                                          SHA512

                                                                          7f2163f651693f9b73a67e90b5c820af060a23502667a5c32c3beb2d6b043f5459f22d61072a744089d622c05502d80f7485e0f86eb6d565ff711d5680512372

                                                                          Download Submit

                                                                        • C:\Windows\Installer\MSICDC9.tmp-\System.Management.dll
                                                                          Filesize

                                                                          60KB

                                                                          MD5

                                                                          878e361c41c05c0519bfc72c7d6e141c

                                                                          SHA1

                                                                          432ef61862d3c7a95ab42df36a7caf27d08dc98f

                                                                          SHA256

                                                                          24de61b5cab2e3495fe8d817fb6e80094662846f976cf38997987270f8bbae40

                                                                          SHA512

                                                                          59a7cbb9224ee28a0f3d88e5f0c518b248768ff0013189c954a3012463e5c0ba63a7297497131c9c0306332646af935dd3a1acf0d3e4e449351c28ec9f1be1fa

                                                                          Download Submit

                                                                        • C:\Windows\Installer\e579c8e.msi
                                                                          Filesize

                                                                          2.9MB

                                                                          MD5

                                                                          e52455d67d3d45211aae128bda4f57e9

                                                                          SHA1

                                                                          6d1a56218a110cb0bd5539f946fa0055ac0962ae

                                                                          SHA256

                                                                          7261e0c3d40bcaab476d265d98935c23379e2536e459503f27ecda30180db7d9

                                                                          SHA512

                                                                          c513dee257778c82cab976c10cb64c0d79e4d1f440b14d931a0996257b04770ca36b1620ad0ae70dae93ed517a0e97e08d65f9235479fa0a34c412bfe252851b

                                                                          Download Submit

                                                                        • C:\Windows\Installer\e579c9b.msi
                                                                          Filesize

                                                                          26.3MB

                                                                          MD5

                                                                          b9c6d23462adef092b8a5b7880531b03

                                                                          SHA1

                                                                          9e8c4f7f48d38fb54a93789a583852869c074f2d

                                                                          SHA256

                                                                          2e23da54aa1ff64de09021ab089c1be6d4a323bdf0d8f46f78b5c6a33df83109

                                                                          SHA512

                                                                          18623991c5690e516541eaf867f22b3a1a02317392178943143bedc7f7eda5e02e69665c3c4a5fa50ade516a191bbbf16fd71e60f3225f660fb10ebc25cd01a5

                                                                          Download Submit

                                                                        • C:\Windows\Installer\e579c9c.msi
                                                                          Filesize

                                                                          772KB

                                                                          MD5

                                                                          d73de5788ab129f16afdd990d8e6bfa9

                                                                          SHA1

                                                                          88cb87af50ea4999e2079d9269ce64c8eb1a584e

                                                                          SHA256

                                                                          4f9ac5a094e9b1b4f0285e6e69c2e914e42dcc184dfe6fe93894f8e03ca6c193

                                                                          SHA512

                                                                          bfc32f9a20e30045f5207446c6ab6e8ef49a3fd7a5a41491c2242e10fee8efd2f82f81c3ff3bf7681e5e660fde065a315a89d87e9f488c863421fe1d6381ba3b

                                                                          Download Submit

                                                                        • C:\Windows\System32\DriverStore\Temp\{294889f4-bb13-764d-b85f-23e6f3a217c7}\lci_proxywddm.cat
                                                                          Filesize

                                                                          12KB

                                                                          MD5

                                                                          8e16d54f986dbe98812fd5ec04d434e8

                                                                          SHA1

                                                                          8bf49fa8e12f801559cc2869365f0b184d7f93fe

                                                                          SHA256

                                                                          7c772fb24326e90d6e9c60a08495f32f7d5def1c52037d78cbd0436ad70549cd

                                                                          SHA512

                                                                          e1da797044663ad6362641189fa78116cc4b8e611f9d33c89d6c562f981d5913920acb12a4f7ef6c1871490563470e583910045378bda5c7a13db25f987e9029

                                                                          Download Submit

                                                                        • C:\Windows\System32\DriverStore\Temp\{294889f4-bb13-764d-b85f-23e6f3a217c7}\lci_proxywddm.inf
                                                                          Filesize

                                                                          2KB

                                                                          MD5

                                                                          0315a579f5afe989154cb7c6a6376b05

                                                                          SHA1

                                                                          e352ff670358cf71e0194918dfe47981e9ccbb88

                                                                          SHA256

                                                                          d10fa136d6ae9a15216202e4dd9f787b3a148213569e438da3bf82b618d8001d

                                                                          SHA512

                                                                          c7ce8278bc5ee8f8b4738ef8bb2c0a96398b40dc65eea1c28688e772ae0f873624311146f4f4ec8971c91df57983d2d8cdbec1fe98eaa7f9d15a2c159d80e0af

                                                                          Download Submit

                                                                        • C:\Windows\System32\DriverStore\Temp\{294889f4-bb13-764d-b85f-23e6f3a217c7}\x64\lci_proxyumd.dll
                                                                          Filesize

                                                                          179KB

                                                                          MD5

                                                                          4dc11547a5fc28ca8f6965fa21573481

                                                                          SHA1

                                                                          d531b0d8d2f8d49d81a4c17fbaf3bc294845362c

                                                                          SHA256

                                                                          e9db5cd21c8d709a47fc0cfb2c6ca3bb76a3ed8218bed5dc37948b3f9c7bd99d

                                                                          SHA512

                                                                          bd0f0a3bbc598480a9b678aa1b35728b2380bf57b195b0249936d0eaaa014f219031a563f486871099bf1c78ccc758f6b25b97cfc5296a73fc60b6caff9877f6

                                                                          Download Submit

                                                                        • C:\Windows\System32\DriverStore\Temp\{294889f4-bb13-764d-b85f-23e6f3a217c7}\x64\lci_proxyumd32.dll
                                                                          Filesize

                                                                          135KB

                                                                          MD5

                                                                          67ae7b2c36c9c70086b9d41b4515b0a8

                                                                          SHA1

                                                                          ba735d6a338c8fdfa61c98f328b97bf3e8e48b8b

                                                                          SHA256

                                                                          79876f242b79269fe0fe3516f2bdb0a1922c86d820ce1dd98500b385511dac69

                                                                          SHA512

                                                                          4d8320440f3472ee0e9bd489da749a738370970de07b0920b535642723c92de848f4b3d7f898689c817145ce7b08f65128abe91d816827aeb7e5e193d7027078

                                                                          Download Submit

                                                                        • C:\Windows\System32\DriverStore\Temp\{294889f4-bb13-764d-b85f-23e6f3a217c7}\x64\lci_proxywddm.sys
                                                                          Filesize

                                                                          119KB

                                                                          MD5

                                                                          b9b0e9b4d93b18b99ece31a819d71d00

                                                                          SHA1

                                                                          2be1ad570f3ccb2e6f2e2b16d1e0002ca4ec8d9e

                                                                          SHA256

                                                                          0f1c64c0fa08fe45beac15dc675d3b956525b8f198e92e0ccac21d2a70ce42cf

                                                                          SHA512

                                                                          465e389806f3b87a544ab8b0b7b49864feeba2eeef4fb51628d40175573ed1ba00b26d6a2abebc74c31369194206ed31d32c68471dddcf817fdd2d26e3da7a53

                                                                          Download Submit

                                                                        • C:\Windows\System32\DriverStore\Temp\{b3ed7364-f5b3-1d4a-bb2f-fbe722a5bc0a}\lci_iddcx.cat
                                                                          Filesize

                                                                          10KB

                                                                          MD5

                                                                          62458e58313475c9a3642a392363e359

                                                                          SHA1

                                                                          e63a3866f20e8c057933ba75d940e5fd2bf62bc6

                                                                          SHA256

                                                                          85620d87874f27d1aaf1743c0ca47e210c51d9afd0c9381fc0cd8acca3854562

                                                                          SHA512

                                                                          49fb8ca58aecf97a6ab6b97de7d367accb7c5be76fbcd324af4ce75efe96642e8c488f273c0363250f7a5bcea7f7055242d28fd4b1f130b68a1a5d9a078e7fad

                                                                          Download Submit

                                                                        • C:\Windows\System32\DriverStore\Temp\{b3ed7364-f5b3-1d4a-bb2f-fbe722a5bc0a}\lci_iddcx.inf
                                                                          Filesize

                                                                          4KB

                                                                          MD5

                                                                          1cec22ca85e1b5a8615774fca59a420b

                                                                          SHA1

                                                                          049a651751ef38321a1088af6a47c4380f9293fc

                                                                          SHA256

                                                                          60a018f46d17b7640fc34587667cd852a16fa8e82f957a69522637f22e5fe5cf

                                                                          SHA512

                                                                          0f24fe3914aef080a0d109df6cfac548a880947fb85e7490f0d8fa174a606730b29dc8d2ae10525dba4d1ca05ac9b190e4704629b86ac96867188df4ca3168bb

                                                                          Download Submit

                                                                        • C:\Windows\System32\DriverStore\Temp\{b3ed7364-f5b3-1d4a-bb2f-fbe722a5bc0a}\x64\lci_iddcx.dll
                                                                          Filesize

                                                                          52KB

                                                                          MD5

                                                                          01e8bc64139d6b74467330b11331858d

                                                                          SHA1

                                                                          b6421a1d92a791b4d4548ab84f7140f4fc4eb829

                                                                          SHA256

                                                                          148359a84c637d05c20a58f5038d8b2c5390f99a5a229be8eccbb5f85e969438

                                                                          SHA512

                                                                          4099e8038d65d95d3f00fd32eba012f55ae16d0da3828e5d689ef32e20352fdfcc278cd6f78536dc7f28fb97d07185e654fe6eee610822ea8d9e9d5af696dff5

                                                                          Download Submit

                                                                        • C:\Windows\Temp\B7C5EA94-B96A-41F5-BE95-25D78B486678-09-19-53.dat
                                                                          Filesize

                                                                          602B

                                                                          MD5

                                                                          59ff9d9cc7146115ef0e22b5d6f49bc5

                                                                          SHA1

                                                                          3907c007e147481ca6cfb3fdbb460de2d8d23ac3

                                                                          SHA256

                                                                          622887bc448fe589f9f5db9acf4292194997f1b1afe8f50b3c2079fedddb832d

                                                                          SHA512

                                                                          9bfb4773c3f6132cbdb0214f4836a298bae3fef98d5dcbc4192254432c39af30db28355d6f0ab6a9c40a51563ebc86de30502eafdb726ce70abc9440ef6f95ee

                                                                          Download Submit

                                                                        • C:\Windows\Temp\InstallUtil.log
                                                                          Filesize

                                                                          4KB

                                                                          MD5

                                                                          93683e18e7fbb4c9ff97ba4efd6e36cb

                                                                          SHA1

                                                                          313f62f0947e934e21666874fc0a9d38b071d92b

                                                                          SHA256

                                                                          67656244ace3ec6b66041c677e3f056a1dfb5236aaddbe1942865f868f7aeb71

                                                                          SHA512

                                                                          6c4517552c5e4a0cd2b6267fc658772ade4f11ed92610e9d52cdd71dfdbc6eee0e7f9ac89527afd409b2b20690d6c271c10d270f14067344a6b9395c2d8b3c3f

                                                                          Download Submit

                                                                        • C:\Windows\Temp\InstallUtil.log
                                                                          Filesize

                                                                          708B

                                                                          MD5

                                                                          4623942e2c0ee37e516a4740195a1782

                                                                          SHA1

                                                                          71bf9c08b58f71ae4d34b225c5f0fc532ebb77c2

                                                                          SHA256

                                                                          ccafcd251dda829ba9e31f0de374e0db4a0ebf80c79fdbd4a897e5168b22c097

                                                                          SHA512

                                                                          8576edcc97bd6fe35d58d612adcee2cc48a128445c9c47970165950c813157171839aed149112f64199ed4dabb8214d329f6188f558cec83d02ddac3f2e61bb0

                                                                          Download Submit

                                                                        • C:\Windows\Temp\InstallUtil.log
                                                                          Filesize

                                                                          1KB

                                                                          MD5

                                                                          6d62743167f0fdd1b2e95a0297ce8c8e

                                                                          SHA1

                                                                          ee7b4a76d9a8b1eca2281cc61ce3512e8880588a

                                                                          SHA256

                                                                          6baf93c427a49a2b8d79fc1014a741db19601a49661e0270fd8f2e3384f09855

                                                                          SHA512

                                                                          8dc26f2ef6ea2fbeaa95d856030562916cbefc311d9e9f88792f2d670d31eb1293443e0879aa7baf0569901b2e8a4be4260ca16d53e43e3b7fbdd271e01a94a3

                                                                          Download Submit

                                                                        • C:\Windows\Temp\PreVer.log
                                                                          Filesize

                                                                          2KB

                                                                          MD5

                                                                          33e829f8d270a225c119213fd09f7d9a

                                                                          SHA1

                                                                          5ad0d2028f55fa4c561c1e33af6ee0c7e9e2fb29

                                                                          SHA256

                                                                          acda14a6944651491f026d5b4408e549a789649aa8e8179d57164672593a115a

                                                                          SHA512

                                                                          48195e243538ef20e6af795a9193a9093a0755a5ce0eb73dc9a3343fc20f3604dc3ae47265de6cb27ad6c7dcc89ed85fe9dc041a33fb9cb336c6018ae4e6c23f

                                                                          Download Submit

                                                                        • C:\Windows\Temp\__PSScriptPolicyTest_wtw3i2aq.v2e.ps1
                                                                          Filesize

                                                                          60B

                                                                          MD5

                                                                          d17fe0a3f47be24a6453e9ef58c94641

                                                                          SHA1

                                                                          6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                          SHA256

                                                                          96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                          SHA512

                                                                          5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                          Download Submit

                                                                        • C:\Windows\Temp\unpack.log
                                                                          Filesize

                                                                          2KB

                                                                          MD5

                                                                          bcfb33814fe8d1f9d1a5a91e76a6a31d

                                                                          SHA1

                                                                          60114b438fb0a643fd33c72cf0523318cf87edea

                                                                          SHA256

                                                                          e47a47e26d562e3e82c74b8aa49bd3d379f97ea535897d40af9050b5deebafd5

                                                                          SHA512

                                                                          18974e8c8301879ae290a4121efce6a5ed5c127640fa7fa07013c2b194e09adc124d6608dff7cc699798cce6ca7fe4fe9b6a807d703cfccd4e4720b9dd3653f4

                                                                          Download Submit

                                                                        • C:\Windows\Temp\unpack.log
                                                                          Filesize

                                                                          4KB

                                                                          MD5

                                                                          d36fa97c85e51233d04d730e77c2adc3

                                                                          SHA1

                                                                          51ab4ac93d52cd28de5f4d70981e4e8e652b5e93

                                                                          SHA256

                                                                          56006cbc828ac32293cb654ee5ca619e694243ef6f81e9f85eb6b52a3ceba1aa

                                                                          SHA512

                                                                          a08bb4d76913f316c5b96bcf3e694edf005e36117835b5dcbd3eab453b67a61c9c126910767a2dd33fa2351640cdeec62c14cc6731741a7553bb3aab6f4c1b10

                                                                          Download Submit

                                                                        • C:\Windows\Temp\unpack\PreVerCheck.exe
                                                                          Filesize

                                                                          3.2MB

                                                                          MD5

                                                                          2c18826adf72365827f780b2a1d5ea75

                                                                          SHA1

                                                                          a85b5eae6eba4af001d03996f48d97f7791e36eb

                                                                          SHA256

                                                                          ae06a5a23b6c61d250e8c28534ed0ffa8cc0c69b891c670ffaf54a43a9bf43be

                                                                          SHA512

                                                                          474fce1ec243b9f63ea3d427eb1117ad2ebc5a122f64853c5015193e6727ffc8083c5938117b66e572da3739fd0a86cd5bc118f374c690fa7a5fe9f0c071c167

                                                                          Download Submit

                                                                        • C:\Windows\Temp\{15AA7A2F-7F7C-41FE-B284-BFA91E978FE0}\IsConfig.ini
                                                                          Filesize

                                                                          571B

                                                                          MD5

                                                                          d239b8964e37974225ad69d78a0a8275

                                                                          SHA1

                                                                          cf208e98a6f11d1807cd84ca61504ad783471679

                                                                          SHA256

                                                                          0ce4b4c69344a2d099dd6ca99e44801542fa2011b5505dd9760f023570049b73

                                                                          SHA512

                                                                          88eb06ae80070203cb7303a790ba0e8a63c503740ca6e7d70002a1071c89b640f9b43f376ddc3c9d6ee29bae0881f736fa71e677591416980b0a526b27ee41e8

                                                                          Download Submit

                                                                        • C:\Windows\Temp\{15AA7A2F-7F7C-41FE-B284-BFA91E978FE0}\String1033.txt
                                                                          Filesize

                                                                          182KB

                                                                          MD5

                                                                          99bbffd900115fe8672c73fb1a48a604

                                                                          SHA1

                                                                          8f587395fa6b954affef337c70781ce00913950e

                                                                          SHA256

                                                                          57ceff2d980d9224c53a910a6f9e06475dc170f42a0070ae4934868ccd13d2dc

                                                                          SHA512

                                                                          d578b1931a8daa1ef0f0238639a0c1509255480b5dbd464c639b4031832e2e7537f003c646d7bd65b75e721a7ad584254b4dfa7efc41cf6c8fbd6b72d679eeff

                                                                          Download Submit

                                                                        • C:\Windows\Temp\{15AA7A2F-7F7C-41FE-B284-BFA91E978FE0}\_is1BC1.exe
                                                                          Filesize

                                                                          179KB

                                                                          MD5

                                                                          7a1c100df8065815dc34c05abc0c13de

                                                                          SHA1

                                                                          3c23414ae545d2087e5462a8994d2b87d3e6d9e2

                                                                          SHA256

                                                                          e46c768950aad809d04c91fb4234cb4b2e7d0b195f318719a71e967609e3bbed

                                                                          SHA512

                                                                          bbec114913bc2f92e8de7a4dd9513bff31f6b0ef4872171b9b6b63fef7faa363cf47e63e2d710dd32e9fc84c61f828e0fae3d48d06b76da023241bee9d4a6327

                                                                          Download Submit

                                                                        • C:\Windows\Temp\{15AA7A2F-7F7C-41FE-B284-BFA91E978FE0}\setup.inx
                                                                          Filesize

                                                                          345KB

                                                                          MD5

                                                                          0376dd5b7e37985ea50e693dc212094c

                                                                          SHA1

                                                                          02859394164c33924907b85ab0aaddc628c31bf1

                                                                          SHA256

                                                                          c9e6af6fb0bdbeb532e297436a80eb92a2ff7675f9c777c109208ee227f73415

                                                                          SHA512

                                                                          69d79d44908f6305eee5d8e6f815a0fee0c6d913f4f40f0c2c9f2f2e50f24bf7859ebe12c85138d971e5db95047f159f077ae687989b8588f76517cab7d3e0d5

                                                                          Download Submit

                                                                        • C:\Windows\Temp\{8D0A6590-2689-40EF-9065-DEA5570E5954}\.ba\BootstrapperApplicationData.xml
                                                                          Filesize

                                                                          6KB

                                                                          MD5

                                                                          4487aea1acc637f079c0b95cc52556ce

                                                                          SHA1

                                                                          dc4dcc5bd9824e212ab4439632f8d79e5bfcb34f

                                                                          SHA256

                                                                          062c872144b676d3557be20f17acaf98eb0015b135576f3b30a966bc9e0df4ff

                                                                          SHA512

                                                                          8f8915bbc50e14df1969b3e20df22dc968847e0a15aa6a85b7f1d6dbb2f3fbc87c1018d0605292d64d4d3405d74ea6e904bcea04ec060f3589443005ec997311

                                                                          Download Submit

                                                                        • C:\Windows\Temp\{8D0A6590-2689-40EF-9065-DEA5570E5954}\.ba\thm.xml
                                                                          Filesize

                                                                          11KB

                                                                          MD5

                                                                          03cf60952e7b59460fd22807e8cb28e1

                                                                          SHA1

                                                                          5f4454019c5f33059ae53522ffb534eef815a5f5

                                                                          SHA256

                                                                          af7c42ac777b45751763bceaf8604fa5b842b096da4d1370158a1c3422713555

                                                                          SHA512

                                                                          bfb3c642759522cd4fd8c784909e97c38e6c44cced11d70167d0e243d8da12555a94aa2cd9978745849fa5233a1915485d3e1cb011d985c92a115e44a11b7140

                                                                          Download Submit

                                                                        • C:\Windows\Temp\{997E8A61-3FFA-448C-8354-4E5735DE85B6}\ISRT.dll
                                                                          Filesize

                                                                          427KB

                                                                          MD5

                                                                          85315ad538fa5af8162f1cd2fce1c99d

                                                                          SHA1

                                                                          31c177c28a05fa3de5e1f934b96b9d01a8969bba

                                                                          SHA256

                                                                          70735b13f629f247d6af2be567f2da8112039fbced5fbb37961e53a2a3ec1ec7

                                                                          SHA512

                                                                          877eb3238517eeb87c2a5d42839167e6c58f9ca7228847db3d20a19fb13b176a6280c37decda676fa99a6ccf7469569ddc0974eccf4ad67514fdedf9e9358556

                                                                          Download Submit

                                                                        • C:\Windows\Temp\{997E8A61-3FFA-448C-8354-4E5735DE85B6}\_isres_0x0409.dll
                                                                          Filesize

                                                                          1.8MB

                                                                          MD5

                                                                          befe2ef369d12f83c72c5f2f7069dd87

                                                                          SHA1

                                                                          b89c7f6da1241ed98015dc347e70322832bcbe50

                                                                          SHA256

                                                                          9652ffae3f5c57d1095c6317ab6d75a9c835bb296e7c8b353a4d55d55c49a131

                                                                          SHA512

                                                                          760631b05ef79c308570b12d0c91c1d2a527427d51e4e568630e410b022e4ba24c924d6d85be6462ba7f71b2f0ba05587d3ec4b8f98fcdb8bb4f57949a41743b

                                                                          Download Submit

                                                                        • C:\Windows\Temp\{D53DD847-B008-4186-A342-77646358D9D8}\.ba\1033\thm.wxl
                                                                          Filesize

                                                                          5KB

                                                                          MD5

                                                                          34d0c531eed48550be3d877290ad2553

                                                                          SHA1

                                                                          7983955032f9e7d2ee72cabc644a14c892a92289

                                                                          SHA256

                                                                          0d2abde2e4974cc8b7231f017975180d67592ee6d3418cd6dc52e2bc4bf03e50

                                                                          SHA512

                                                                          0c9d916ac420c6a27e723d8bab2db80372cc6303c79a6e1c3b2bd462711b711f2cc45fae43ceb2ce603708c884b0ec6bb7217981ef2a03e0fc3e6c6916716e7a

                                                                          Download Submit

                                                                        • C:\Windows\Temp\{D53DD847-B008-4186-A342-77646358D9D8}\.ba\wixstdba.dll
                                                                          Filesize

                                                                          190KB

                                                                          MD5

                                                                          f1919c6bd85d7a78a70c228a5b227fbe

                                                                          SHA1

                                                                          71647ebf4e7bed3bc1663d520419ac550fe630ff

                                                                          SHA256

                                                                          dcea15f3710822ffc262e62ec04cc7bbbf0f33f5d1a853609fbfb65cb6a45640

                                                                          SHA512

                                                                          c7ff9b19c9bf320454a240c6abbc382950176a6befce05ea73150eeb0085d0b6ed5b65b2dcb4b04621ef9cca1d5c4e59c6682b9c85d1d5845e5ce3e5eedfd2eb

                                                                          Download Submit

                                                                        • C:\Windows\Temp\{E29ACE1E-615F-44CA-A464-3755F5716188}\.ba\bg.png
                                                                          Filesize

                                                                          4KB

                                                                          MD5

                                                                          9eb0320dfbf2bd541e6a55c01ddc9f20

                                                                          SHA1

                                                                          eb282a66d29594346531b1ff886d455e1dcd6d99

                                                                          SHA256

                                                                          9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79

                                                                          SHA512

                                                                          9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

                                                                          Download Submit

                                                                        • C:\Windows\Temp\{E29ACE1E-615F-44CA-A464-3755F5716188}\.be\dotnet-runtime-8.0.11-win-x64.exe
                                                                          Filesize

                                                                          607KB

                                                                          MD5

                                                                          669de3ab32955e69decfe13a3c89891e

                                                                          SHA1

                                                                          ab2e90613c8b9261f022348ca11952a29f9b2c73

                                                                          SHA256

                                                                          2240e6318171b3cddcee6a801488f59145c1f54ca123068c2a73564535954677

                                                                          SHA512

                                                                          be5d737a7d25cc779736b60b1ea59982593f0598e207340219a13fd9572d140cfbcd112e3cf93e3be6085fe284a54d4458563e6f6e4e1cfe7c919685c9ee5442

                                                                          Download Submit

                                                                        • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                                          Filesize

                                                                          727B

                                                                          MD5

                                                                          e272717afaaca7a366e4a7188798038c

                                                                          SHA1

                                                                          777a11c8db0d2babe0995bc69b088912f02074d9

                                                                          SHA256

                                                                          c49731b00ec0ec46dfbe8d646820951c1ed2ca974c6ecf2fe2493c152d55a973

                                                                          SHA512

                                                                          cc9d1820d7b1262231c8b988917be19ef96b9972003c1c8a6a7a915386270b2d508db06ac86a1dfe25f6ca90c82463672ad302222c0589ec1a1865b7cc6e7aa2

                                                                          Download Submit

                                                                        • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                                          Filesize

                                                                          412B

                                                                          MD5

                                                                          29f10d290d7be3da366e4ba0b3dd54a1

                                                                          SHA1

                                                                          a02bf28dbbbe73198e60ebd467b019be04a1a7f5

                                                                          SHA256

                                                                          9cf33d4df4bd567ec5d2d2cfca7d0f19fbcbd938cf5be112a167558a806f278e

                                                                          SHA512

                                                                          6c9c09bee743236489711aa0a15144dbf169254f912d2bc3f46a481e26e6190d6c0205c5f74765ab6b5ef3de6bfaca368ba230d04cbaa09a7d1574c8d059a2a0

                                                                          Download Submit

                                                                        • C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log
                                                                          Filesize

                                                                          1KB

                                                                          MD5

                                                                          9cad061ddf5ad182cfe7879190aeed71

                                                                          SHA1

                                                                          cfd292d16d937f95b642527464403b7e5ef6af96

                                                                          SHA256

                                                                          b2d273fa926ebf6946e69e8808ad332db42bc65f449748082e088aa732e408ca

                                                                          SHA512

                                                                          df517d66358f441a7c4c690cd90e214f18d490e3de767dd76164effaa179b1dd865a0056d68ce3ab6aee55917465c7f39146e7694b1ac475fcc95c280fb29e92

                                                                          Download Submit

                                                                        • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
                                                                          Filesize

                                                                          24.1MB

                                                                          MD5

                                                                          aa4e5837810b1e6cbaaf958560fb6d23

                                                                          SHA1

                                                                          fe3c10a54f3c03996ecdb694a7f5cef2e8c4a4f1

                                                                          SHA256

                                                                          9268c8dd82d8faea148e1c814352567b6621d855a9a09bbba09d9fdf5883511e

                                                                          SHA512

                                                                          ea2ee240e638acdf16fd31cb906bf6387c910b7903920e793c399e0d0727623fe160f62f4601da75031086ea15fdfafaa31925daa1d69aa931e81b9d0a70749a

                                                                          Download Submit

                                                                        • \??\Volume{a235e470-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{27b2c09a-f357-438e-989d-4b1858a0345f}_OnDiskSnapshotProp
                                                                          Filesize

                                                                          6KB

                                                                          MD5

                                                                          1def9f18cb8e8a65375b5cf8ecdf4f9d

                                                                          SHA1

                                                                          92a4909ef44d4bfd22f602e2e2119bd174d4b7c2

                                                                          SHA256

                                                                          25403af741883275bc805def9c52c37274e542c27610a0b079f03e3a30d12d64

                                                                          SHA512

                                                                          c84a9f7044d8462e4ef1b5058cb420b4f8b7bc305db06721edfefbb967c06e9dec7d1ea404684fc9d527193ab3360ec48b650ab71d87c13d782d06140a0d52f0

                                                                          Download Submit

                                                                        • memory/532-35-0x00000000046F0000-0x00000000046FC000-memory.dmp

                                                                          Filesize

                                                                          48KB

                                                                          Download

                                                                        • memory/532-1119-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                          Filesize

                                                                          1.1MB

                                                                          Download

                                                                        • memory/532-512-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                          Filesize

                                                                          1.1MB

                                                                          Download

                                                                        • memory/532-515-0x0000000003E90000-0x0000000004057000-memory.dmp

                                                                          Filesize

                                                                          1.8MB

                                                                          Download

                                                                        • memory/532-548-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                          Filesize

                                                                          1.1MB

                                                                          Download

                                                                        • memory/532-940-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                          Filesize

                                                                          1.1MB

                                                                          Download

                                                                        • memory/532-943-0x0000000003ED0000-0x0000000004097000-memory.dmp

                                                                          Filesize

                                                                          1.8MB

                                                                          Download

                                                                        • memory/532-1082-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                          Filesize

                                                                          1.1MB

                                                                          Download

                                                                        • memory/532-31-0x00000000046C0000-0x00000000046EE000-memory.dmp

                                                                          Filesize

                                                                          184KB

                                                                          Download

                                                                        • memory/752-273-0x00000189DA5A0000-0x00000189DA652000-memory.dmp

                                                                          Filesize

                                                                          712KB

                                                                          Download

                                                                        • memory/752-269-0x00000189D9C00000-0x00000189D9C42000-memory.dmp

                                                                          Filesize

                                                                          264KB

                                                                          Download

                                                                        • memory/752-275-0x00000189DA490000-0x00000189DA4B0000-memory.dmp

                                                                          Filesize

                                                                          128KB

                                                                          Download

                                                                        • memory/1440-68-0x0000000005340000-0x00000000053F2000-memory.dmp

                                                                          Filesize

                                                                          712KB

                                                                          Download

                                                                        • memory/1440-72-0x0000000005400000-0x0000000005754000-memory.dmp

                                                                          Filesize

                                                                          3.3MB

                                                                          Download

                                                                        • memory/1440-71-0x0000000005280000-0x00000000052A2000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/1988-152-0x000002D2A6030000-0x000002D2A60C8000-memory.dmp

                                                                          Filesize

                                                                          608KB

                                                                          Download

                                                                        • memory/1988-140-0x000002D28B960000-0x000002D28B988000-memory.dmp

                                                                          Filesize

                                                                          160KB

                                                                          Download

                                                                        • memory/1988-156-0x000002D28BD50000-0x000002D28BD62000-memory.dmp

                                                                          Filesize

                                                                          72KB

                                                                          Download

                                                                        • memory/1988-157-0x000002D28D6C0000-0x000002D28D6FC000-memory.dmp

                                                                          Filesize

                                                                          240KB

                                                                          Download

                                                                        • memory/2648-1943-0x0000000073100000-0x000000007321C000-memory.dmp

                                                                          Filesize

                                                                          1.1MB

                                                                          Download

                                                                        • memory/2648-1915-0x0000000073100000-0x000000007321C000-memory.dmp

                                                                          Filesize

                                                                          1.1MB

                                                                          Download

                                                                        • memory/2648-1944-0x0000000072D30000-0x00000000730FD000-memory.dmp

                                                                          Filesize

                                                                          3.8MB

                                                                          Download

                                                                        • memory/2648-1916-0x0000000072D30000-0x00000000730FD000-memory.dmp

                                                                          Filesize

                                                                          3.8MB

                                                                          Download

                                                                        • memory/2712-102-0x0000000005280000-0x00000000052E6000-memory.dmp

                                                                          Filesize

                                                                          408KB

                                                                          Download

                                                                        • memory/2920-1936-0x000001DA7DDB0000-0x000001DA7DE62000-memory.dmp

                                                                          Filesize

                                                                          712KB

                                                                          Download

                                                                        • memory/2920-1935-0x000001DA655C0000-0x000001DA655DC000-memory.dmp

                                                                          Filesize

                                                                          112KB

                                                                          Download

                                                                        • memory/2920-1934-0x000001DA64C40000-0x000001DA64C52000-memory.dmp

                                                                          Filesize

                                                                          72KB

                                                                          Download

                                                                        • memory/2932-1760-0x0000020D7AF90000-0x0000020D7AFDA000-memory.dmp

                                                                          Filesize

                                                                          296KB

                                                                          Download

                                                                        • memory/2932-1930-0x0000020D7B0C0000-0x0000020D7B19C000-memory.dmp

                                                                          Filesize

                                                                          880KB

                                                                          Download

                                                                        • memory/2932-1754-0x0000020D626E0000-0x0000020D6272A000-memory.dmp

                                                                          Filesize

                                                                          296KB

                                                                          Download

                                                                        • memory/2932-1945-0x0000020D7B260000-0x0000020D7B2C2000-memory.dmp

                                                                          Filesize

                                                                          392KB

                                                                          Download

                                                                        • memory/2932-1755-0x0000020D62670000-0x0000020D6268C000-memory.dmp

                                                                          Filesize

                                                                          112KB

                                                                          Download

                                                                        • memory/2932-1757-0x0000020D626B0000-0x0000020D626C8000-memory.dmp

                                                                          Filesize

                                                                          96KB

                                                                          Download

                                                                        • memory/2932-1753-0x0000020D61CE0000-0x0000020D61D30000-memory.dmp

                                                                          Filesize

                                                                          320KB

                                                                          Download

                                                                        • memory/2932-1758-0x0000020D62690000-0x0000020D6269C000-memory.dmp

                                                                          Filesize

                                                                          48KB

                                                                          Download

                                                                        • memory/2932-1942-0x0000020D7B1A0000-0x0000020D7B252000-memory.dmp

                                                                          Filesize

                                                                          712KB

                                                                          Download

                                                                        • memory/4396-233-0x000002AAFFD70000-0x000002AAFFDA8000-memory.dmp

                                                                          Filesize

                                                                          224KB

                                                                          Download

                                                                        • memory/4396-185-0x000002AAFFCB0000-0x000002AAFFD62000-memory.dmp

                                                                          Filesize

                                                                          712KB

                                                                          Download

                                                                        • memory/4396-193-0x000002AAFFC20000-0x000002AAFFC42000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/4700-363-0x0000022F444A0000-0x0000022F4457C000-memory.dmp

                                                                          Filesize

                                                                          880KB

                                                                          Download

                                                                        • memory/4700-370-0x0000022F44640000-0x0000022F446A8000-memory.dmp

                                                                          Filesize

                                                                          416KB

                                                                          Download

                                                                        • memory/4700-373-0x0000022F443F0000-0x0000022F44416000-memory.dmp

                                                                          Filesize

                                                                          152KB

                                                                          Download

                                                                        • memory/4700-372-0x0000022F446F0000-0x0000022F4472A000-memory.dmp

                                                                          Filesize

                                                                          232KB

                                                                          Download

                                                                        • memory/4700-371-0x0000022F44420000-0x0000022F4444A000-memory.dmp

                                                                          Filesize

                                                                          168KB

                                                                          Download

                                                                        • memory/4700-369-0x0000022F443E0000-0x0000022F443E8000-memory.dmp

                                                                          Filesize

                                                                          32KB

                                                                          Download

                                                                        • memory/4700-368-0x0000022F443D0000-0x0000022F443D8000-memory.dmp

                                                                          Filesize

                                                                          32KB

                                                                          Download

                                                                        • memory/4700-367-0x0000022F443C0000-0x0000022F443C8000-memory.dmp

                                                                          Filesize

                                                                          32KB

                                                                          Download

                                                                        • memory/4700-366-0x0000022F44580000-0x0000022F44632000-memory.dmp

                                                                          Filesize

                                                                          712KB

                                                                          Download

                                                                        • memory/4700-349-0x0000022F2B910000-0x0000022F2B918000-memory.dmp

                                                                          Filesize

                                                                          32KB

                                                                          Download

                                                                        • memory/4700-350-0x0000022F2B920000-0x0000022F2B92A000-memory.dmp

                                                                          Filesize

                                                                          40KB

                                                                          Download

                                                                        • memory/4700-348-0x0000022F44270000-0x0000022F442B8000-memory.dmp

                                                                          Filesize

                                                                          288KB

                                                                          Download

                                                                        • memory/4700-346-0x0000022F44220000-0x0000022F4426C000-memory.dmp

                                                                          Filesize

                                                                          304KB

                                                                          Download

                                                                        • memory/4700-345-0x0000022F2B550000-0x0000022F2B56C000-memory.dmp

                                                                          Filesize

                                                                          112KB

                                                                          Download

                                                                        • memory/4700-343-0x0000022F2B050000-0x0000022F2B0B6000-memory.dmp

                                                                          Filesize

                                                                          408KB

                                                                          Download

                                                                        • memory/4700-344-0x0000022F2B960000-0x0000022F2B9AA000-memory.dmp

                                                                          Filesize

                                                                          296KB

                                                                          Download

                                                                        • memory/4756-1752-0x0000025ADC0D0000-0x0000025ADC5F8000-memory.dmp

                                                                          Filesize

                                                                          5.2MB

                                                                          Download

                                                                        • memory/4756-1602-0x0000025AC28D0000-0x0000025AC28DA000-memory.dmp

                                                                          Filesize

                                                                          40KB

                                                                          Download

                                                                        • memory/4756-1607-0x0000025AC3220000-0x0000025AC323A000-memory.dmp

                                                                          Filesize

                                                                          104KB

                                                                          Download

                                                                        • memory/4756-1612-0x0000025ADBAE0000-0x0000025ADBB92000-memory.dmp

                                                                          Filesize

                                                                          712KB

                                                                          Download

                                                                        • memory/4860-1933-0x00000256A6090000-0x00000256A6142000-memory.dmp

                                                                          Filesize

                                                                          712KB

                                                                          Download

                                                                        • memory/4860-1946-0x000002568D910000-0x000002568D976000-memory.dmp

                                                                          Filesize

                                                                          408KB

                                                                          Download

                                                                        • memory/4860-1931-0x000002568CE90000-0x000002568CEA0000-memory.dmp

                                                                          Filesize

                                                                          64KB

                                                                          Download

                                                                        • memory/4860-1932-0x000002568D7F0000-0x000002568D810000-memory.dmp

                                                                          Filesize

                                                                          128KB

                                                                          Download

                                                                        • memory/4860-1947-0x000002568D810000-0x000002568D824000-memory.dmp

                                                                          Filesize

                                                                          80KB

                                                                          Download

                                                                        • memory/5092-3738-0x0000000072D30000-0x00000000730FD000-memory.dmp

                                                                          Filesize

                                                                          3.8MB

                                                                          Download

                                                                        • memory/5092-2474-0x0000000072D30000-0x00000000730FD000-memory.dmp

                                                                          Filesize

                                                                          3.8MB

                                                                          Download

                                                                        • memory/5092-1190-0x0000000072D30000-0x00000000730FD000-memory.dmp

                                                                          Filesize

                                                                          3.8MB

                                                                          Download

                                                                        • memory/5092-3737-0x0000000073100000-0x000000007321C000-memory.dmp

                                                                          Filesize

                                                                          1.1MB

                                                                          Download

                                                                        • memory/5092-2473-0x0000000073100000-0x000000007321C000-memory.dmp

                                                                          Filesize

                                                                          1.1MB

                                                                          Download

                                                                        • memory/5092-1189-0x0000000073100000-0x000000007321C000-memory.dmp

                                                                          Filesize

                                                                          1.1MB

                                                                          Download

                                                                        • memory/5100-3739-0x0000000073100000-0x000000007321C000-memory.dmp

                                                                          Filesize

                                                                          1.1MB

                                                                          Download

                                                                        • memory/5100-3740-0x0000000072D30000-0x00000000730FD000-memory.dmp

                                                                          Filesize

                                                                          3.8MB

                                                                          Download

                                                                        • memory/5100-1192-0x0000000072D30000-0x00000000730FD000-memory.dmp

                                                                          Filesize

                                                                          3.8MB

                                                                          Download

                                                                        • memory/5100-1191-0x0000000073100000-0x000000007321C000-memory.dmp

                                                                          Filesize

                                                                          1.1MB

                                                                          Download

                                                                        • memory/5144-1927-0x000002981AF70000-0x000002981AF82000-memory.dmp

                                                                          Filesize

                                                                          72KB

                                                                          Download

                                                                        • memory/5144-1929-0x000002981B340000-0x000002981B35C000-memory.dmp

                                                                          Filesize

                                                                          112KB

                                                                          Download

                                                                        • memory/5144-1928-0x000002981B810000-0x000002981B85A000-memory.dmp

                                                                          Filesize

                                                                          296KB

                                                                          Download

                                                                        • memory/5284-1756-0x0000000073100000-0x000000007321C000-memory.dmp

                                                                          Filesize

                                                                          1.1MB

                                                                          Download

                                                                        • memory/5284-1172-0x0000000073100000-0x000000007321C000-memory.dmp

                                                                          Filesize

                                                                          1.1MB

                                                                          Download

                                                                        • memory/5284-2003-0x0000000073100000-0x000000007321C000-memory.dmp

                                                                          Filesize

                                                                          1.1MB

                                                                          Download

                                                                        • memory/5284-2004-0x0000000072D30000-0x00000000730FD000-memory.dmp

                                                                          Filesize

                                                                          3.8MB

                                                                          Download

                                                                        • memory/5284-1759-0x0000000072D30000-0x00000000730FD000-memory.dmp

                                                                          Filesize

                                                                          3.8MB

                                                                          Download

                                                                        • memory/5284-2431-0x0000000073100000-0x000000007321C000-memory.dmp

                                                                          Filesize

                                                                          1.1MB

                                                                          Download

                                                                        • memory/5284-2432-0x0000000072D30000-0x00000000730FD000-memory.dmp

                                                                          Filesize

                                                                          3.8MB

                                                                          Download

                                                                        • memory/5284-1173-0x0000000072D30000-0x00000000730FD000-memory.dmp

                                                                          Filesize

                                                                          3.8MB

                                                                          Download

                                                                        • memory/5740-1917-0x000001C41CBA0000-0x000001C41CBB0000-memory.dmp

                                                                          Filesize

                                                                          64KB

                                                                          Download

                                                                        • memory/5740-1609-0x000001C404250000-0x000001C40426C000-memory.dmp

                                                                          Filesize

                                                                          112KB

                                                                          Download

                                                                        • memory/5740-1613-0x000001C41CCA0000-0x000001C41CCE8000-memory.dmp

                                                                          Filesize

                                                                          288KB

                                                                          Download

                                                                        • memory/5740-1606-0x000001C41CBE0000-0x000001C41CC92000-memory.dmp

                                                                          Filesize

                                                                          712KB

                                                                          Download

                                                                        • memory/5740-1407-0x000001C403940000-0x000001C40397A000-memory.dmp

                                                                          Filesize

                                                                          232KB

                                                                          Download

                                                                        • memory/5740-1920-0x000001C41CE90000-0x000001C41CEB8000-memory.dmp

                                                                          Filesize

                                                                          160KB

                                                                          Download

                                                                        • memory/5820-1937-0x000001376CCC0000-0x000001376CD9C000-memory.dmp

                                                                          Filesize

                                                                          880KB

                                                                          Download

                                                                        • memory/5820-1924-0x00000137538E0000-0x00000137538F0000-memory.dmp

                                                                          Filesize

                                                                          64KB

                                                                          Download

                                                                        • memory/5820-1925-0x0000013754270000-0x00000137542BA000-memory.dmp

                                                                          Filesize

                                                                          296KB

                                                                          Download

                                                                        • memory/5820-1926-0x0000013753CB0000-0x0000013753CCC000-memory.dmp

                                                                          Filesize

                                                                          112KB

                                                                          Download

                                                                        • memory/5944-1724-0x0000026C75990000-0x0000026C75A40000-memory.dmp

                                                                          Filesize

                                                                          704KB

                                                                          Download

                                                                        • memory/5944-1603-0x0000026C5C6B0000-0x0000026C5C6BC000-memory.dmp

                                                                          Filesize

                                                                          48KB

                                                                          Download

                                                                        • memory/5944-1892-0x0000026C758F0000-0x0000026C7590C000-memory.dmp

                                                                          Filesize

                                                                          112KB

                                                                          Download

                                                                        • memory/5944-1763-0x0000026C75B20000-0x0000026C75BFC000-memory.dmp

                                                                          Filesize

                                                                          880KB

                                                                          Download

                                                                        • memory/5944-1605-0x0000026C5CF30000-0x0000026C5CF7A000-memory.dmp

                                                                          Filesize

                                                                          296KB

                                                                          Download

                                                                        • memory/5944-1608-0x0000026C5CF00000-0x0000026C5CF1C000-memory.dmp

                                                                          Filesize

                                                                          112KB

                                                                          Download

                                                                        • memory/6048-1354-0x000002091D8C0000-0x000002091D8CC000-memory.dmp

                                                                          Filesize

                                                                          48KB

                                                                          Download

                                                                        • memory/6048-1355-0x000002091DCA0000-0x000002091DCB8000-memory.dmp

                                                                          Filesize

                                                                          96KB

                                                                          Download

                                                                        • memory/6048-1356-0x000002091E240000-0x000002091E2F2000-memory.dmp

                                                                          Filesize

                                                                          712KB

                                                                          Download

                                                                        • memory/6048-1357-0x000002091DCC0000-0x000002091DCE0000-memory.dmp

                                                                          Filesize

                                                                          128KB

                                                                          Download

                                                                        • memory/6100-342-0x0000020425B90000-0x0000020425BAC000-memory.dmp

                                                                          Filesize

                                                                          112KB

                                                                          Download

                                                                        • memory/6100-340-0x0000020425C30000-0x0000020425CE2000-memory.dmp

                                                                          Filesize

                                                                          712KB

                                                                          Download

                                                                        • memory/6100-326-0x000002040CB10000-0x000002040CB26000-memory.dmp

                                                                          Filesize

                                                                          88KB

                                                                          Download