plugx | 5e579c320fc1aae241e855979bdda63d2f62036eac053780a03e68bc8814293e

Analysis

max time kernel
70s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
31-03-2023 18:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Dynatrace-OneAgent-Windows-1.261.201.exe
Size

112.7MB
MD5

e4271f267c3f39e13d58c535edb75a09
SHA1

6bb98a70fae4759da6d0983b375c7be50f626063
SHA256

5e579c320fc1aae241e855979bdda63d2f62036eac053780a03e68bc8814293e
SHA512

3c0434cd5785c279edca2a84f2cd30903e1b120d63ff7785750b1948a79a4ef1aee27dc84088d0a7155102cfe18b41c376a15569d12c16ed16337444f7b0a633
SSDEEP

1572864:p2caw0TIfvBH+9ZA7mh7CMe1JkoHr6uganwVjwFZO7L70RqIcXNMtnMlOpCg/cZs:pdXRvyAqLe1JdoPVmG4RSflQjAww0

Score

10^/10

plugx trojan

Malware Config

Signatures

Detects PlugX payload 1 IoCs

resource	yara_rule
behavioral2/files/0x0004000000009f90-176.dat	family_plugx

PlugX
PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
trojan plugx

Detect jar appended to MSI 1 IoCs

resource	yara_rule
behavioral2/files/0x0004000000009f90-176.dat	jar_in_msi

Blocklisted process makes network request 2 IoCs

flow	pid	Process
33	4288	msiexec.exe
34	4288	msiexec.exe

Loads dropped DLL 9 IoCs

pid	Process
1156	MsiExec.exe
1156	MsiExec.exe
1156	MsiExec.exe
1156	MsiExec.exe
4396	MsiExec.exe
1156	MsiExec.exe
4396	MsiExec.exe
1156	MsiExec.exe
4396	MsiExec.exe

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe

NSIS installer 1 IoCs

installer

resource	yara_rule
behavioral2/files/0x0004000000009f90-176.dat	nsis_installer_2

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4288	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4288	msiexec.exe
Token: SeSecurityPrivilege	2320	msiexec.exe
Token: SeCreateTokenPrivilege	4288	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4288	msiexec.exe
Token: SeLockMemoryPrivilege	4288	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4288	msiexec.exe
Token: SeMachineAccountPrivilege	4288	msiexec.exe
Token: SeTcbPrivilege	4288	msiexec.exe
Token: SeSecurityPrivilege	4288	msiexec.exe
Token: SeTakeOwnershipPrivilege	4288	msiexec.exe
Token: SeLoadDriverPrivilege	4288	msiexec.exe
Token: SeSystemProfilePrivilege	4288	msiexec.exe
Token: SeSystemtimePrivilege	4288	msiexec.exe
Token: SeProfSingleProcessPrivilege	4288	msiexec.exe
Token: SeIncBasePriorityPrivilege	4288	msiexec.exe
Token: SeCreatePagefilePrivilege	4288	msiexec.exe
Token: SeCreatePermanentPrivilege	4288	msiexec.exe
Token: SeBackupPrivilege	4288	msiexec.exe
Token: SeRestorePrivilege	4288	msiexec.exe
Token: SeShutdownPrivilege	4288	msiexec.exe
Token: SeDebugPrivilege	4288	msiexec.exe
Token: SeAuditPrivilege	4288	msiexec.exe
Token: SeSystemEnvironmentPrivilege	4288	msiexec.exe
Token: SeChangeNotifyPrivilege	4288	msiexec.exe
Token: SeRemoteShutdownPrivilege	4288	msiexec.exe
Token: SeUndockPrivilege	4288	msiexec.exe
Token: SeSyncAgentPrivilege	4288	msiexec.exe
Token: SeEnableDelegationPrivilege	4288	msiexec.exe
Token: SeManageVolumePrivilege	4288	msiexec.exe
Token: SeImpersonatePrivilege	4288	msiexec.exe
Token: SeCreateGlobalPrivilege	4288	msiexec.exe
Token: SeCreateTokenPrivilege	4288	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4288	msiexec.exe
Token: SeLockMemoryPrivilege	4288	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4288	msiexec.exe
Token: SeMachineAccountPrivilege	4288	msiexec.exe
Token: SeTcbPrivilege	4288	msiexec.exe
Token: SeSecurityPrivilege	4288	msiexec.exe
Token: SeTakeOwnershipPrivilege	4288	msiexec.exe
Token: SeLoadDriverPrivilege	4288	msiexec.exe
Token: SeSystemProfilePrivilege	4288	msiexec.exe
Token: SeSystemtimePrivilege	4288	msiexec.exe
Token: SeProfSingleProcessPrivilege	4288	msiexec.exe
Token: SeIncBasePriorityPrivilege	4288	msiexec.exe
Token: SeCreatePagefilePrivilege	4288	msiexec.exe
Token: SeCreatePermanentPrivilege	4288	msiexec.exe
Token: SeBackupPrivilege	4288	msiexec.exe
Token: SeRestorePrivilege	4288	msiexec.exe
Token: SeShutdownPrivilege	4288	msiexec.exe
Token: SeDebugPrivilege	4288	msiexec.exe
Token: SeAuditPrivilege	4288	msiexec.exe
Token: SeSystemEnvironmentPrivilege	4288	msiexec.exe
Token: SeChangeNotifyPrivilege	4288	msiexec.exe
Token: SeRemoteShutdownPrivilege	4288	msiexec.exe
Token: SeUndockPrivilege	4288	msiexec.exe
Token: SeSyncAgentPrivilege	4288	msiexec.exe
Token: SeEnableDelegationPrivilege	4288	msiexec.exe
Token: SeManageVolumePrivilege	4288	msiexec.exe
Token: SeImpersonatePrivilege	4288	msiexec.exe
Token: SeCreateGlobalPrivilege	4288	msiexec.exe
Token: SeCreateTokenPrivilege	4288	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4288	msiexec.exe
Token: SeLockMemoryPrivilege	4288	msiexec.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4288	msiexec.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3532	Dynatrace-OneAgent-Windows-1.261.201.exe
3532	Dynatrace-OneAgent-Windows-1.261.201.exe
3532	Dynatrace-OneAgent-Windows-1.261.201.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3532 wrote to memory of 2808	3532	Dynatrace-OneAgent-Windows-1.261.201.exe	85
PID 3532 wrote to memory of 2808	3532	Dynatrace-OneAgent-Windows-1.261.201.exe	85
PID 2808 wrote to memory of 4288	2808	cmd.exe	87
PID 2808 wrote to memory of 4288	2808	cmd.exe	87
PID 2320 wrote to memory of 1156	2320	msiexec.exe	94
PID 2320 wrote to memory of 1156	2320	msiexec.exe	94
PID 2320 wrote to memory of 1156	2320	msiexec.exe	94
PID 2320 wrote to memory of 4396	2320	msiexec.exe	95
PID 2320 wrote to memory of 4396	2320	msiexec.exe	95

C:\Users\Admin\AppData\Local\Temp\Dynatrace-OneAgent-Windows-1.261.201.exe
"C:\Users\Admin\AppData\Local\Temp\Dynatrace-OneAgent-Windows-1.261.201.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3532
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe" /C ""C:\Users\Admin\AppData\Local\Temp\install.bat" "
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2808
- - C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /i "C:\Users\Admin\AppData\Local\Temp\Dynatrace-OneAgent-Windows-1.261.201.msi" /L*v "C:\Users\Admin\AppData\Local\Temp\installation_msiexec_20230331-210549.log" PRECONFIGURED_PARAMETERS="--set-server={https://sg-us-east-1-3-219-253-30-prd-91ba76b5-ae84-4252-93d5-717ec93c9.live.dynatrace.com/communication;https://sg-us-east-1-44-197-18-172-prd-91ba76b5-ae84-4252-93d5-717ec93c.live.dynatrace.com/communication;https://sg-us-east-1-52-86-225-129-prd-91ba76b5-ae84-4252-93d5-717ec93c.live.dynatrace.com/communication;https://wcj66953.live.dynatrace.com:443} --set-tenant=wcj66953 --set-tenant-token=H7n4tva4LvVpEynD" INTERNAL_LOG_PATH_FEEDBACK="C:\Users\Admin\AppData\Local\Temp\dynatrace_log_path_feedback.conf"
    3⤵
    - Blocklisted process makes network request
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    PID:4288

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding B2952FC228A98C241CAD0F951BF9785E C
  2⤵
  - Loads dropped DLL
  PID:1156
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding EADBA68B6A0610800510AFC9E67BA90D C
  2⤵
  - Loads dropped DLL
  PID:4396

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Dynatrace-OneAgent-Windows-1.261.201.msi

Filesize
544.0MB

MD5
b0debbdbf057248853a51ffe3f2b0091

SHA1
dc3fc19e5686010ea3dd276b5fdd8682de1fb2a5

SHA256
3e4d0b2b4bc1102e1bba8bafe94f038625ce5ea126d0de604664f25a2f6d70a2

SHA512
00fbf3e2ec66d6ffb19cb9d94785f5c3ef26c75dd24ce291ce65729dd4c6659f5a2947d06585803d65e06765af4bb5ce0b8fa494f148189b7bd1a89b2a47128f

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI71A6.tmp

Filesize
557KB

MD5
db7612f0fd6408d664185cfc81bef0cb

SHA1
19a6334ec00365b4f4e57d387ed885b32aa7c9aa

SHA256
e9e426b679b3efb233f03c696e997e2da3402f16a321e954b54454317fceb240

SHA512
25e129cb22aaabc68c42ecf10bb650ac4d0609b12c08703c780572bac7ecf4559fcc49cd595c56ea48cf55260a984cfa333c08307ffb7c62268b03fbecc724b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI71A6.tmp

Filesize
557KB

MD5
db7612f0fd6408d664185cfc81bef0cb

SHA1
19a6334ec00365b4f4e57d387ed885b32aa7c9aa

SHA256
e9e426b679b3efb233f03c696e997e2da3402f16a321e954b54454317fceb240

SHA512
25e129cb22aaabc68c42ecf10bb650ac4d0609b12c08703c780572bac7ecf4559fcc49cd595c56ea48cf55260a984cfa333c08307ffb7c62268b03fbecc724b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI80BA.tmp

Filesize
557KB

MD5
db7612f0fd6408d664185cfc81bef0cb

SHA1
19a6334ec00365b4f4e57d387ed885b32aa7c9aa

SHA256
e9e426b679b3efb233f03c696e997e2da3402f16a321e954b54454317fceb240

SHA512
25e129cb22aaabc68c42ecf10bb650ac4d0609b12c08703c780572bac7ecf4559fcc49cd595c56ea48cf55260a984cfa333c08307ffb7c62268b03fbecc724b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI80BA.tmp

Filesize
557KB

MD5
db7612f0fd6408d664185cfc81bef0cb

SHA1
19a6334ec00365b4f4e57d387ed885b32aa7c9aa

SHA256
e9e426b679b3efb233f03c696e997e2da3402f16a321e954b54454317fceb240

SHA512
25e129cb22aaabc68c42ecf10bb650ac4d0609b12c08703c780572bac7ecf4559fcc49cd595c56ea48cf55260a984cfa333c08307ffb7c62268b03fbecc724b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI838A.tmp

Filesize
557KB

MD5
db7612f0fd6408d664185cfc81bef0cb

SHA1
19a6334ec00365b4f4e57d387ed885b32aa7c9aa

SHA256
e9e426b679b3efb233f03c696e997e2da3402f16a321e954b54454317fceb240

SHA512
25e129cb22aaabc68c42ecf10bb650ac4d0609b12c08703c780572bac7ecf4559fcc49cd595c56ea48cf55260a984cfa333c08307ffb7c62268b03fbecc724b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI838A.tmp

Filesize
557KB

MD5
db7612f0fd6408d664185cfc81bef0cb

SHA1
19a6334ec00365b4f4e57d387ed885b32aa7c9aa

SHA256
e9e426b679b3efb233f03c696e997e2da3402f16a321e954b54454317fceb240

SHA512
25e129cb22aaabc68c42ecf10bb650ac4d0609b12c08703c780572bac7ecf4559fcc49cd595c56ea48cf55260a984cfa333c08307ffb7c62268b03fbecc724b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI838A.tmp

Filesize
557KB

MD5
db7612f0fd6408d664185cfc81bef0cb

SHA1
19a6334ec00365b4f4e57d387ed885b32aa7c9aa

SHA256
e9e426b679b3efb233f03c696e997e2da3402f16a321e954b54454317fceb240

SHA512
25e129cb22aaabc68c42ecf10bb650ac4d0609b12c08703c780572bac7ecf4559fcc49cd595c56ea48cf55260a984cfa333c08307ffb7c62268b03fbecc724b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI858E.tmp

Filesize
557KB

MD5
db7612f0fd6408d664185cfc81bef0cb

SHA1
19a6334ec00365b4f4e57d387ed885b32aa7c9aa

SHA256
e9e426b679b3efb233f03c696e997e2da3402f16a321e954b54454317fceb240

SHA512
25e129cb22aaabc68c42ecf10bb650ac4d0609b12c08703c780572bac7ecf4559fcc49cd595c56ea48cf55260a984cfa333c08307ffb7c62268b03fbecc724b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI858E.tmp

Filesize
557KB

MD5
db7612f0fd6408d664185cfc81bef0cb

SHA1
19a6334ec00365b4f4e57d387ed885b32aa7c9aa

SHA256
e9e426b679b3efb233f03c696e997e2da3402f16a321e954b54454317fceb240

SHA512
25e129cb22aaabc68c42ecf10bb650ac4d0609b12c08703c780572bac7ecf4559fcc49cd595c56ea48cf55260a984cfa333c08307ffb7c62268b03fbecc724b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI8800.tmp

Filesize
4.0MB

MD5
01189e13910f1590cd75ff56c2d6dc1f

SHA1
179fb404fbd37e722742bdf4fbcfc76e7ce80af9

SHA256
c46747149fdb59cd44246cc2501c1a467ebfccb11c5e3d9c7da512d021893d6f

SHA512
5188ee3dbb560efb2307eedfd960a25691300eb12bc206c18243b34f5a89599eb471a3f77ec4d78ecbfbe527980854d063cef0ea5897d31c7ee6f1b8bc86f9c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI8800.tmp

Filesize
4.0MB

MD5
01189e13910f1590cd75ff56c2d6dc1f

SHA1
179fb404fbd37e722742bdf4fbcfc76e7ce80af9

SHA256
c46747149fdb59cd44246cc2501c1a467ebfccb11c5e3d9c7da512d021893d6f

SHA512
5188ee3dbb560efb2307eedfd960a25691300eb12bc206c18243b34f5a89599eb471a3f77ec4d78ecbfbe527980854d063cef0ea5897d31c7ee6f1b8bc86f9c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI8978.tmp

Filesize
557KB

MD5
db7612f0fd6408d664185cfc81bef0cb

SHA1
19a6334ec00365b4f4e57d387ed885b32aa7c9aa

SHA256
e9e426b679b3efb233f03c696e997e2da3402f16a321e954b54454317fceb240

SHA512
25e129cb22aaabc68c42ecf10bb650ac4d0609b12c08703c780572bac7ecf4559fcc49cd595c56ea48cf55260a984cfa333c08307ffb7c62268b03fbecc724b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI8978.tmp

Filesize
557KB

MD5
db7612f0fd6408d664185cfc81bef0cb

SHA1
19a6334ec00365b4f4e57d387ed885b32aa7c9aa

SHA256
e9e426b679b3efb233f03c696e997e2da3402f16a321e954b54454317fceb240

SHA512
25e129cb22aaabc68c42ecf10bb650ac4d0609b12c08703c780572bac7ecf4559fcc49cd595c56ea48cf55260a984cfa333c08307ffb7c62268b03fbecc724b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI8AA2.tmp

Filesize
4.0MB

MD5
01189e13910f1590cd75ff56c2d6dc1f

SHA1
179fb404fbd37e722742bdf4fbcfc76e7ce80af9

SHA256
c46747149fdb59cd44246cc2501c1a467ebfccb11c5e3d9c7da512d021893d6f

SHA512
5188ee3dbb560efb2307eedfd960a25691300eb12bc206c18243b34f5a89599eb471a3f77ec4d78ecbfbe527980854d063cef0ea5897d31c7ee6f1b8bc86f9c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI8AA2.tmp

Filesize
4.0MB

MD5
01189e13910f1590cd75ff56c2d6dc1f

SHA1
179fb404fbd37e722742bdf4fbcfc76e7ce80af9

SHA256
c46747149fdb59cd44246cc2501c1a467ebfccb11c5e3d9c7da512d021893d6f

SHA512
5188ee3dbb560efb2307eedfd960a25691300eb12bc206c18243b34f5a89599eb471a3f77ec4d78ecbfbe527980854d063cef0ea5897d31c7ee6f1b8bc86f9c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI8CE5.tmp

Filesize
557KB

MD5
db7612f0fd6408d664185cfc81bef0cb

SHA1
19a6334ec00365b4f4e57d387ed885b32aa7c9aa

SHA256
e9e426b679b3efb233f03c696e997e2da3402f16a321e954b54454317fceb240

SHA512
25e129cb22aaabc68c42ecf10bb650ac4d0609b12c08703c780572bac7ecf4559fcc49cd595c56ea48cf55260a984cfa333c08307ffb7c62268b03fbecc724b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI8CE5.tmp

Filesize
557KB

MD5
db7612f0fd6408d664185cfc81bef0cb

SHA1
19a6334ec00365b4f4e57d387ed885b32aa7c9aa

SHA256
e9e426b679b3efb233f03c696e997e2da3402f16a321e954b54454317fceb240

SHA512
25e129cb22aaabc68c42ecf10bb650ac4d0609b12c08703c780572bac7ecf4559fcc49cd595c56ea48cf55260a984cfa333c08307ffb7c62268b03fbecc724b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI8DA2.tmp

Filesize
4.0MB

MD5
01189e13910f1590cd75ff56c2d6dc1f

SHA1
179fb404fbd37e722742bdf4fbcfc76e7ce80af9

SHA256
c46747149fdb59cd44246cc2501c1a467ebfccb11c5e3d9c7da512d021893d6f

SHA512
5188ee3dbb560efb2307eedfd960a25691300eb12bc206c18243b34f5a89599eb471a3f77ec4d78ecbfbe527980854d063cef0ea5897d31c7ee6f1b8bc86f9c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI8DA2.tmp

Filesize
4.0MB

MD5
01189e13910f1590cd75ff56c2d6dc1f

SHA1
179fb404fbd37e722742bdf4fbcfc76e7ce80af9

SHA256
c46747149fdb59cd44246cc2501c1a467ebfccb11c5e3d9c7da512d021893d6f

SHA512
5188ee3dbb560efb2307eedfd960a25691300eb12bc206c18243b34f5a89599eb471a3f77ec4d78ecbfbe527980854d063cef0ea5897d31c7ee6f1b8bc86f9c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI8DA2.tmp

Filesize
4.0MB

MD5
01189e13910f1590cd75ff56c2d6dc1f

SHA1
179fb404fbd37e722742bdf4fbcfc76e7ce80af9

SHA256
c46747149fdb59cd44246cc2501c1a467ebfccb11c5e3d9c7da512d021893d6f

SHA512
5188ee3dbb560efb2307eedfd960a25691300eb12bc206c18243b34f5a89599eb471a3f77ec4d78ecbfbe527980854d063cef0ea5897d31c7ee6f1b8bc86f9c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\dynatrace_extractor_20230331-210549.log

Filesize
559B

MD5
a90d45b9779f14bcc7352fa4793780f8

SHA1
1040dd4d49fb8703a03bba14cc884061eee8ee42

SHA256
6525b6b7e8c5ca68280157d6a46f799985fd2c088634abe2b985c90a2f5250e1

SHA512
d5ad7639e329cd91e172a9e43a32131ef243ba4c5cc04f66be39fc9872bbb520f58fc7549e3121ff2281884c581a4aa3a0ec0dd04be612ac97b5a49766835168

Download Submit
C:\Users\Admin\AppData\Local\Temp\dynatrace_extractor_20230331-210549.log

Filesize
1KB

MD5
68d7ec6e3d382a76e2380717824e5684

SHA1
40c15aabe9c5629f28ec6b62f4fcfaa3d41b56fa

SHA256
15e06f90a466c01ff84751475e3b1c9c9e613566d2f30bcfbed95a4c4316b7c6

SHA512
8eb68aa1f0a1379e2b156dbc3dd15edae6dbadca603a00887a7f7df929080759df93e3756fe1b32f366128d6cba5b1f9aed022fbdef494c9ddfd005c0c5e4bbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\install.bat

Filesize
1KB

MD5
593ec054a9242972ac2b5d74484fa3ff

SHA1
4c9a3bf1f1f494d29f869ad04ad6001dd1a08352

SHA256
7c185eac44e08a3799f5a658c73328dcacae7a4b0d26d85e2ebc919aaca3e982

SHA512
cf4c3d81781fad5355cc62479658d83dbd242b0706807eab691c8ed8559a704b7b7a5f10212872b4df2c2e76804554ab8a78a31d1201cb8c1b3cec426e091265

Download Submit