RMM Executables

This is a non-exhaustive list of executables associated with a top RMM list, correlated against observations for unique executables.

Wildcard (*) patterns are used to generalize random values (and to sanitize).

download as json

original source

Windows

Ninja RMM

executable	code_signature.subject_name
`C:\Program Files\\NinjaRMMAgentPatcher.exe`	`NinjaRMM, LLC`
`C:\Program Files*\NinjaRMMAgent\NinjaRMMAgentPatcher.exe`	`NinjaRMM, LLC`
`C:\ProgramData\NinjaRMMAgent\ninjarmm-cli.exe`
`C:\Program Files\\NinjaRMMAgent.exe`	`NinjaRMM, LLC`
`C:\Program Files*\NinjaRMMAgent\NinjaRMMAgent.exe`	`NinjaRMM, LLC`

Atera

executable	code_signature.subject_name
`C:\Program Files*\ATERA Networks\AteraAgent\AteraAgent.exe`
`C:\Program Files*\ATERA Networks\AteraAgent\Packages\AgentPackageNetworkDiscoveryWG\AgentPackageNetworkDiscoveryWG.exe`
`C:\Program Files*\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe`
`C:\Program Files*\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe`	`Atera Networks Ltd`
`C:\Program Files*\ATERA Networks\AteraAgent\Packages\AgentPackageFileExplorer\AgentPackageFileExplorer.exe`
`C:\Program Files*\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe`
`C:\Program Files*\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe`

GoToMeeting

executable	code_signature.subject_name
`C:\Windows\SysWOW64\config\systemprofile\AppData\Local\GoToAssist Remote Support Applet\*.tmp\GoToAssistService.exe`	`LogMeIn, Inc.`
`C:\Users\\AppData\Local\GoToAssist Remote Support Applet\.tmp\GoToAssistProcessChecker.exe`	`LogMeIn, Inc.`
`C:\Program Files\LogMeIn\GoToAssist Corporate\\G2AC_HostLauncher.exe`
`C:\Program Files\GoToMeeting\\G2MInstaller.exe`
`C:\Users\\AppData\Local\GoToMeeting\\g2mcomm.exe`
`C:\Users\\AppData\Local\GoToMeeting\\g2mlauncher.exe`
`C:\Program Files\GoToAssist Remote Support Customer\\g2ax_host_service.exe`
`C:\Program Files\GoToAssist Remote Support Customer\\g2ax_comm_customer.exe`
`C:\Users\\AppData\Local\GoTo Resolve Applet\.tmp\GoToResolveService.exe`
`C:\Program Files\GoToAssist Remote Support Unattended\\GoToAssistTools64.exe`	`LogMeIn, Inc.`
`C:\Program Files\GoToAssist Remote Support Unattended\\GoToAssistUnattended.exe`
`C:\Users\\AppData\Local\goto-updater\pending\GoToSetup-.exe`
`C:\Program Files\GoToMeeting\\g2mlauncher.exe`
`C:\Users\\AppData\Local\GoToAssist Remote Support Applet\.tmp\GoToAssistCrashHandler.exe`	`LogMeIn, Inc.`
`C:\Users\\AppData\Local\GoToMeeting\\g2mupdate.exe`	`LogMeIn, Inc.`

Manage Engine

executable	code_signature.subject_name
`C:\ManageEngine\DesktopCentralMSP_Server\jre\bin\java.exe`
`C:\ManageEngine\ADManager Plus\jre\bin\java.exe`
`C:\Program Files*\ManageEngine\PMP\tools\archiver\windows\x86-64\7za.exe`
`C:\ManageEngine\elasticsearch\jre\bin\java.exe`
`C:\Program Files*\ManageEngine\PMP\jre\bin\java.exe`
`C:\Program Files*\ManageEngine\ServiceDesk\DesktopCentral_Server\bin\7za.exe`
`C:\Program Files*\ManageEngine\ServiceDesk\DesktopCentral_Server\bin\wrapper.exe`
`C:\ManageEngine\OpManager\jre\bin\java.exe`	`Oracle America, Inc.`
`C:\ManageEngine\EventLog Analyzer\jre\bin\java.exe`
`C:\ManageEngine\ADAudit Plus\pgsql\bin\postgres.exe`
`C:\ManageEngine\OpManager\Probe\OpManagerProbe\pgsql\bin\postgres.exe`

Microsoft Intune

executable	code_signature.subject_name
`C:\Program Files*\Microsoft Intune Management Extension\ClientHealthEval.exe`
`C:\Program Files\WindowsApps\Microsoft.\IntuneManagementExtensionBridge\IntuneManagementExtensionBridge.exe`
`C:\Program Files\WindowsApps\Microsoft.\BridgeLauncher\BridgeLauncher.exe`
`C:\Program Files*\Microsoft Intune Management Extension\Microsoft.Management.Services.IntuneWindowsAgent.exe`
`C:\Program Files*\Microsoft Intune Management Extension\Microsoft.Management.Clients.CopyAgentCatalog.exe`
`C:\Program Files*\Microsoft Intune Management Extension\SensorLogonTask.exe`
`C:\Program Files*\Microsoft Intune Management Extension\AgentExecutor.exe`

N-Central

executable	code_signature.subject_name
`C:\Users\\AppData\Local\MSP Anywhere for N-central\Viewer\Tmp\SWI_MSP_RC_ViewerUpdate-.exe`

Desktop Central

executable	code_signature.subject_name
`C:\Program Files*\DesktopCentral_Agent\bin\dcagentservice.exe`
`C:\Program Files*\DesktopCentral_Agent\bin\DCFAService64.exe`
`C:\Program Files*\DesktopCentral_Agent\bin\dcagentregister.exe`
`C:\Program Files*\DesktopCentral_Server\pgsql\bin\postgres.exe`
`C:\Program Files*\DesktopCentral_Server\bin\wrapper.exe`
`C:\ManageEngine\DesktopCentral_Server\bin\wrapper.exe`
`C:\Program Files*\DesktopCentral_Server\bin\UEMS.exe`
`C:\Program Files*\DesktopCentral_Server\nginx\dcnginx.exe`
`C:\Program Files*\ManageEngine\ServiceDesk\DesktopCentral_Server\jre\bin\java.exe`
`C:\Program Files*\DesktopCentral_Agent\bin\EMSAddonInstaller.exe`
`C:\ManageEngine\DesktopCentral_Server\jre\bin\java.exe`	`Azul Systems, Inc.`
`C:\Program Files*\DesktopCentral_Server\apache\bin\dcserverhttpd.exe`
`C:\Program Files*\DesktopCentral_Server\bin\7za.exe`
`C:\Program Files*\DesktopCentral_Server\jre\bin\java.exe`
`C:\Program Files*\DesktopCentral_Server\bin\dcnotificationserver.exe`
`C:\Program Files*\DesktopCentral_Agent\dcconfig.exe`
`C:\Program Files\DesktopCentral_Agent\patches\-gimp-*-setup.exe`
`C:\ManageEngine\AssetExplorer\DesktopCentral_Server\bin\wrapper.exe`
`C:\Program Files*\ManageEngine\ServiceDesk\DesktopCentral_Server\lib\native\64bit\wrapper.dll`	`Tanuki Software Ltd.`
`C:\Program Files*\ManageEngine\ServiceDesk\DesktopCentral_Server\jre\bin\awt.dll`	`Azul Systems, Inc.`
`C:\Program Files*\ManageEngine\ServiceDesk\DesktopCentral_Server\jre\bin\sunec.dll`	`Azul Systems, Inc.`
`C:\Program Files*\ManageEngine\ServiceDesk\DesktopCentral_Server\jre\bin\freetype.dll`	`Azul Systems, Inc.`
`C:\Program Files*\ManageEngine\ServiceDesk\DesktopCentral_Server\jre\bin\fontmanager.dll`	`Azul Systems, Inc.`
`C:\Program Files*\ManageEngine\ServiceDesk\DesktopCentral_Server\lib\native\64bit\SyMNative.dll`	`ZOHO Corporation Private Limited`
`C:\Program Files*\ManageEngine\ServiceDesk\DesktopCentral_Server\lib\native\64bit\OSDSyMNative.dll`	`ZOHO Corporation Private Limited`

Action1

executable	code_signature.subject_name
`C:\Windows\Action1\action1_remote.exe`
`C:\Windows\Action1\action1_agent.exe`	`Action1 Corporation`

ConnectWise

executable	code_signature.subject_name
`C:\Users\\AppData\Roaming\ConnectWise\cache\\controls\cef\ConnectWise.exe`	`Connectwise, LLC`
`C:\Users\\AppData\Roaming\ConnectWise\cache\\controls\cef\ConnectWise.exe`	`ConnectWise, LLC`
`C:\Program Files\ConnectWise\\ConnectWiseManage.exe`	`ConnectWise, LLC`
`C:\Program Files*\ScreenConnect\Bin\ScreenConnect.Service.exe`	`Connectwise, LLC`
`C:\Program Files*\ScreenConnect\Bin\ScreenConnect.Client.exe`	`Connectwise, LLC`
`C:\Windows\LTSvc\LTSVC.exe`	`Connectwise, LLC`
`C:\Users\*\Downloads\ConnectWiseControl.Client.exe`	`Connectwise, LLC`

MacOS

Ninja RMM

executable	code_signature.subject_name
`/Applications/NinjaRMMAgent/programfiles/ninjarmm-macagent`	`Developer ID Application: NinjaRMM LLC (EBNT3ZX97E)`

GoToMeeting

executable	code_signature.subject_name
`/Applications/GoToMeeting.app/Contents/MacOS/GoToMeeting`
`/Applications/GoToMeeting.app/Contents/Helpers/G2MUpdate`
`/Users/*/Library/Application Support/LogMeInInc/GoToMeeting/G2MUpdate`

Microsoft Intune

executable	code_signature.subject_name
`/Library/Intune/Microsoft Intune Agent.app/Contents/MacOS/IntuneMdmDaemon`

N-Central

executable	code_signature.subject_name
`/Applications/MSP Anywhere Agent N-central.app/Contents/Resources/MSP Anywhere Service Configurator.app/Contents/MacOS/MSP Anywhere Service Configurator`	`Developer ID Application: N-able Technologies Inc. (YT3GCGK3Z7)`
`/Applications/MSP Anywhere Agent N-central.app/Contents/Resources/MSP Anywhere Helper`	`Developer ID Application: N-able Technologies Inc. (YT3GCGK3Z7)`

Jamf

executable	code_signature.subject_name
`/usr/local/jamf/bin/jamf`	`Developer ID Application: JAMF Software (483DWKW443)`
`/Library/Application Support/JAMF/Jamf.app/Contents/MacOS/JamfDaemon.app/Contents/MacOS/JamfDaemon`	`Developer ID Application: JAMF Software (483DWKW443)`
`/Library/Application Support/JAMF/Jamf.app/Contents/MacOS/JamfManagementService.app/Contents/MacOS/JamfManagementService`	`Developer ID Application: JAMF Software (483DWKW443)`
`/Library/Application Support/JAMF/Jamf.app/Contents/MacOS/JamfManagementService.app/Contents/MacOS/jamf_trampoline`	`Developer ID Application: JAMF Software (483DWKW443)`
`/Library/Application Support/JAMF/tmp/jamf`	`Developer ID Application: JAMF Software (483DWKW443)`

executable	code_signature.subject_name
`C:\Windows\SysWOW64\config\systemprofile\AppData\Local\GoToAssist Remote Support Applet\*.tmp\GoToAssistService.exe`	`LogMeIn, Inc.`
`C:\Users\\AppData\Local\GoToAssist Remote Support Applet\.tmp\GoToAssistProcessChecker.exe`	`LogMeIn, Inc.`
`C:\Program Files\LogMeIn\GoToAssist Corporate\\G2AC_HostLauncher.exe`
`C:\Program Files\GoToMeeting\\G2MInstaller.exe`
`C:\Users\\AppData\Local\GoToMeeting\\g2mcomm.exe`
`C:\Users\\AppData\Local\GoToMeeting\\g2mlauncher.exe`
`C:\Program Files\GoToAssist Remote Support Customer\\g2ax_host_service.exe`
`C:\Program Files\GoToAssist Remote Support Customer\\g2ax_comm_customer.exe`
`C:\Users\\AppData\Local\GoTo Resolve Applet\.tmp\GoToResolveService.exe`
`C:\Program Files\GoToAssist Remote Support Unattended\\GoToAssistTools64.exe`	`LogMeIn, Inc.`
`C:\Program Files\GoToAssist Remote Support Unattended\\GoToAssistUnattended.exe`
`C:\Users\\AppData\Local\goto-updater\pending\GoToSetup-.exe`
`C:\Program Files\GoToMeeting\\g2mlauncher.exe`
`C:\Users\\AppData\Local\GoToAssist Remote Support Applet\.tmp\GoToAssistCrashHandler.exe`	`LogMeIn, Inc.`
`C:\Users\\AppData\Local\GoToMeeting\\g2mupdate.exe`	`LogMeIn, Inc.`