plugx | 5e579c320fc1aae241e855979bdda63d2f62036eac053780a03e68bc8814293e

Analysis

max time kernel
94s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
31-03-2023 18:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Dynatrace-OneAgent-Windows-1.261.201.exe
Size

112.7MB
MD5

e4271f267c3f39e13d58c535edb75a09
SHA1

6bb98a70fae4759da6d0983b375c7be50f626063
SHA256

5e579c320fc1aae241e855979bdda63d2f62036eac053780a03e68bc8814293e
SHA512

3c0434cd5785c279edca2a84f2cd30903e1b120d63ff7785750b1948a79a4ef1aee27dc84088d0a7155102cfe18b41c376a15569d12c16ed16337444f7b0a633
SSDEEP

1572864:p2caw0TIfvBH+9ZA7mh7CMe1JkoHr6uganwVjwFZO7L70RqIcXNMtnMlOpCg/cZs:pdXRvyAqLe1JdoPVmG4RSflQjAww0

Score

10^/10

plugx trojan

Malware Config

Signatures

Detects PlugX payload 1 IoCs

resource	yara_rule
behavioral2/files/0x0003000000000733-176.dat	family_plugx

PlugX
PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
trojan plugx

Detect jar appended to MSI 1 IoCs

resource	yara_rule
behavioral2/files/0x0003000000000733-176.dat	jar_in_msi

Blocklisted process makes network request 2 IoCs

flow	pid	Process
26	1736	msiexec.exe
27	1736	msiexec.exe

Loads dropped DLL 9 IoCs

pid	Process
4164	MsiExec.exe
4164	MsiExec.exe
4164	MsiExec.exe
4164	MsiExec.exe
1200	MsiExec.exe
4164	MsiExec.exe
1200	MsiExec.exe
4164	MsiExec.exe
1200	MsiExec.exe

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe

NSIS installer 1 IoCs

installer

resource	yara_rule
behavioral2/files/0x0003000000000733-176.dat	nsis_installer_2

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1736	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1736	msiexec.exe
Token: SeSecurityPrivilege	2664	msiexec.exe
Token: SeCreateTokenPrivilege	1736	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1736	msiexec.exe
Token: SeLockMemoryPrivilege	1736	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1736	msiexec.exe
Token: SeMachineAccountPrivilege	1736	msiexec.exe
Token: SeTcbPrivilege	1736	msiexec.exe
Token: SeSecurityPrivilege	1736	msiexec.exe
Token: SeTakeOwnershipPrivilege	1736	msiexec.exe
Token: SeLoadDriverPrivilege	1736	msiexec.exe
Token: SeSystemProfilePrivilege	1736	msiexec.exe
Token: SeSystemtimePrivilege	1736	msiexec.exe
Token: SeProfSingleProcessPrivilege	1736	msiexec.exe
Token: SeIncBasePriorityPrivilege	1736	msiexec.exe
Token: SeCreatePagefilePrivilege	1736	msiexec.exe
Token: SeCreatePermanentPrivilege	1736	msiexec.exe
Token: SeBackupPrivilege	1736	msiexec.exe
Token: SeRestorePrivilege	1736	msiexec.exe
Token: SeShutdownPrivilege	1736	msiexec.exe
Token: SeDebugPrivilege	1736	msiexec.exe
Token: SeAuditPrivilege	1736	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1736	msiexec.exe
Token: SeChangeNotifyPrivilege	1736	msiexec.exe
Token: SeRemoteShutdownPrivilege	1736	msiexec.exe
Token: SeUndockPrivilege	1736	msiexec.exe
Token: SeSyncAgentPrivilege	1736	msiexec.exe
Token: SeEnableDelegationPrivilege	1736	msiexec.exe
Token: SeManageVolumePrivilege	1736	msiexec.exe
Token: SeImpersonatePrivilege	1736	msiexec.exe
Token: SeCreateGlobalPrivilege	1736	msiexec.exe
Token: SeCreateTokenPrivilege	1736	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1736	msiexec.exe
Token: SeLockMemoryPrivilege	1736	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1736	msiexec.exe
Token: SeMachineAccountPrivilege	1736	msiexec.exe
Token: SeTcbPrivilege	1736	msiexec.exe
Token: SeSecurityPrivilege	1736	msiexec.exe
Token: SeTakeOwnershipPrivilege	1736	msiexec.exe
Token: SeLoadDriverPrivilege	1736	msiexec.exe
Token: SeSystemProfilePrivilege	1736	msiexec.exe
Token: SeSystemtimePrivilege	1736	msiexec.exe
Token: SeProfSingleProcessPrivilege	1736	msiexec.exe
Token: SeIncBasePriorityPrivilege	1736	msiexec.exe
Token: SeCreatePagefilePrivilege	1736	msiexec.exe
Token: SeCreatePermanentPrivilege	1736	msiexec.exe
Token: SeBackupPrivilege	1736	msiexec.exe
Token: SeRestorePrivilege	1736	msiexec.exe
Token: SeShutdownPrivilege	1736	msiexec.exe
Token: SeDebugPrivilege	1736	msiexec.exe
Token: SeAuditPrivilege	1736	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1736	msiexec.exe
Token: SeChangeNotifyPrivilege	1736	msiexec.exe
Token: SeRemoteShutdownPrivilege	1736	msiexec.exe
Token: SeUndockPrivilege	1736	msiexec.exe
Token: SeSyncAgentPrivilege	1736	msiexec.exe
Token: SeEnableDelegationPrivilege	1736	msiexec.exe
Token: SeManageVolumePrivilege	1736	msiexec.exe
Token: SeImpersonatePrivilege	1736	msiexec.exe
Token: SeCreateGlobalPrivilege	1736	msiexec.exe
Token: SeCreateTokenPrivilege	1736	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1736	msiexec.exe
Token: SeLockMemoryPrivilege	1736	msiexec.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1736	msiexec.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4488	Dynatrace-OneAgent-Windows-1.261.201.exe
4488	Dynatrace-OneAgent-Windows-1.261.201.exe
4488	Dynatrace-OneAgent-Windows-1.261.201.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4488 wrote to memory of 1868	4488	Dynatrace-OneAgent-Windows-1.261.201.exe	87
PID 4488 wrote to memory of 1868	4488	Dynatrace-OneAgent-Windows-1.261.201.exe	87
PID 1868 wrote to memory of 1736	1868	cmd.exe	89
PID 1868 wrote to memory of 1736	1868	cmd.exe	89
PID 2664 wrote to memory of 4164	2664	msiexec.exe	96
PID 2664 wrote to memory of 4164	2664	msiexec.exe	96
PID 2664 wrote to memory of 4164	2664	msiexec.exe	96
PID 2664 wrote to memory of 1200	2664	msiexec.exe	97
PID 2664 wrote to memory of 1200	2664	msiexec.exe	97

C:\Users\Admin\AppData\Local\Temp\Dynatrace-OneAgent-Windows-1.261.201.exe
"C:\Users\Admin\AppData\Local\Temp\Dynatrace-OneAgent-Windows-1.261.201.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4488
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe" /C ""C:\Users\Admin\AppData\Local\Temp\install.bat" "
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1868
- - C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /i "C:\Users\Admin\AppData\Local\Temp\Dynatrace-OneAgent-Windows-1.261.201.msi" /L*v "C:\Users\Admin\AppData\Local\Temp\installation_msiexec_20230331-210127.log" PRECONFIGURED_PARAMETERS="--set-server={https://sg-us-east-1-3-219-253-30-prd-91ba76b5-ae84-4252-93d5-717ec93c9.live.dynatrace.com/communication;https://sg-us-east-1-44-197-18-172-prd-91ba76b5-ae84-4252-93d5-717ec93c.live.dynatrace.com/communication;https://sg-us-east-1-52-86-225-129-prd-91ba76b5-ae84-4252-93d5-717ec93c.live.dynatrace.com/communication;https://wcj66953.live.dynatrace.com:443} --set-tenant=wcj66953 --set-tenant-token=H7n4tva4LvVpEynD" INTERNAL_LOG_PATH_FEEDBACK="C:\Users\Admin\AppData\Local\Temp\dynatrace_log_path_feedback.conf"
    3⤵
    - Blocklisted process makes network request
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    PID:1736

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2664
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding F0ACCDCAD536B279EAF9B9D1DCF99297 C
  2⤵
  - Loads dropped DLL
  PID:4164
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding F9D67CF7C94FDF27CE95836D56126C28 C
  2⤵
  - Loads dropped DLL
  PID:1200

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Dynatrace-OneAgent-Windows-1.261.201.msi

Filesize
544.0MB

MD5
b0debbdbf057248853a51ffe3f2b0091

SHA1
dc3fc19e5686010ea3dd276b5fdd8682de1fb2a5

SHA256
3e4d0b2b4bc1102e1bba8bafe94f038625ce5ea126d0de604664f25a2f6d70a2

SHA512
00fbf3e2ec66d6ffb19cb9d94785f5c3ef26c75dd24ce291ce65729dd4c6659f5a2947d06585803d65e06765af4bb5ce0b8fa494f148189b7bd1a89b2a47128f

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI3940.tmp

Filesize
557KB

MD5
db7612f0fd6408d664185cfc81bef0cb

SHA1
19a6334ec00365b4f4e57d387ed885b32aa7c9aa

SHA256
e9e426b679b3efb233f03c696e997e2da3402f16a321e954b54454317fceb240

SHA512
25e129cb22aaabc68c42ecf10bb650ac4d0609b12c08703c780572bac7ecf4559fcc49cd595c56ea48cf55260a984cfa333c08307ffb7c62268b03fbecc724b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI3940.tmp

Filesize
557KB

MD5
db7612f0fd6408d664185cfc81bef0cb

SHA1
19a6334ec00365b4f4e57d387ed885b32aa7c9aa

SHA256
e9e426b679b3efb233f03c696e997e2da3402f16a321e954b54454317fceb240

SHA512
25e129cb22aaabc68c42ecf10bb650ac4d0609b12c08703c780572bac7ecf4559fcc49cd595c56ea48cf55260a984cfa333c08307ffb7c62268b03fbecc724b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI493F.tmp

Filesize
557KB

MD5
db7612f0fd6408d664185cfc81bef0cb

SHA1
19a6334ec00365b4f4e57d387ed885b32aa7c9aa

SHA256
e9e426b679b3efb233f03c696e997e2da3402f16a321e954b54454317fceb240

SHA512
25e129cb22aaabc68c42ecf10bb650ac4d0609b12c08703c780572bac7ecf4559fcc49cd595c56ea48cf55260a984cfa333c08307ffb7c62268b03fbecc724b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI493F.tmp

Filesize
557KB

MD5
db7612f0fd6408d664185cfc81bef0cb

SHA1
19a6334ec00365b4f4e57d387ed885b32aa7c9aa

SHA256
e9e426b679b3efb233f03c696e997e2da3402f16a321e954b54454317fceb240

SHA512
25e129cb22aaabc68c42ecf10bb650ac4d0609b12c08703c780572bac7ecf4559fcc49cd595c56ea48cf55260a984cfa333c08307ffb7c62268b03fbecc724b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI4AB7.tmp

Filesize
557KB

MD5
db7612f0fd6408d664185cfc81bef0cb

SHA1
19a6334ec00365b4f4e57d387ed885b32aa7c9aa

SHA256
e9e426b679b3efb233f03c696e997e2da3402f16a321e954b54454317fceb240

SHA512
25e129cb22aaabc68c42ecf10bb650ac4d0609b12c08703c780572bac7ecf4559fcc49cd595c56ea48cf55260a984cfa333c08307ffb7c62268b03fbecc724b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI4AB7.tmp

Filesize
557KB

MD5
db7612f0fd6408d664185cfc81bef0cb

SHA1
19a6334ec00365b4f4e57d387ed885b32aa7c9aa

SHA256
e9e426b679b3efb233f03c696e997e2da3402f16a321e954b54454317fceb240

SHA512
25e129cb22aaabc68c42ecf10bb650ac4d0609b12c08703c780572bac7ecf4559fcc49cd595c56ea48cf55260a984cfa333c08307ffb7c62268b03fbecc724b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI4AB7.tmp

Filesize
557KB

MD5
db7612f0fd6408d664185cfc81bef0cb

SHA1
19a6334ec00365b4f4e57d387ed885b32aa7c9aa

SHA256
e9e426b679b3efb233f03c696e997e2da3402f16a321e954b54454317fceb240

SHA512
25e129cb22aaabc68c42ecf10bb650ac4d0609b12c08703c780572bac7ecf4559fcc49cd595c56ea48cf55260a984cfa333c08307ffb7c62268b03fbecc724b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI4C10.tmp

Filesize
557KB

MD5
db7612f0fd6408d664185cfc81bef0cb

SHA1
19a6334ec00365b4f4e57d387ed885b32aa7c9aa

SHA256
e9e426b679b3efb233f03c696e997e2da3402f16a321e954b54454317fceb240

SHA512
25e129cb22aaabc68c42ecf10bb650ac4d0609b12c08703c780572bac7ecf4559fcc49cd595c56ea48cf55260a984cfa333c08307ffb7c62268b03fbecc724b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI4C10.tmp

Filesize
557KB

MD5
db7612f0fd6408d664185cfc81bef0cb

SHA1
19a6334ec00365b4f4e57d387ed885b32aa7c9aa

SHA256
e9e426b679b3efb233f03c696e997e2da3402f16a321e954b54454317fceb240

SHA512
25e129cb22aaabc68c42ecf10bb650ac4d0609b12c08703c780572bac7ecf4559fcc49cd595c56ea48cf55260a984cfa333c08307ffb7c62268b03fbecc724b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI52E7.tmp

Filesize
4.0MB

MD5
01189e13910f1590cd75ff56c2d6dc1f

SHA1
179fb404fbd37e722742bdf4fbcfc76e7ce80af9

SHA256
c46747149fdb59cd44246cc2501c1a467ebfccb11c5e3d9c7da512d021893d6f

SHA512
5188ee3dbb560efb2307eedfd960a25691300eb12bc206c18243b34f5a89599eb471a3f77ec4d78ecbfbe527980854d063cef0ea5897d31c7ee6f1b8bc86f9c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI52E7.tmp

Filesize
4.0MB

MD5
01189e13910f1590cd75ff56c2d6dc1f

SHA1
179fb404fbd37e722742bdf4fbcfc76e7ce80af9

SHA256
c46747149fdb59cd44246cc2501c1a467ebfccb11c5e3d9c7da512d021893d6f

SHA512
5188ee3dbb560efb2307eedfd960a25691300eb12bc206c18243b34f5a89599eb471a3f77ec4d78ecbfbe527980854d063cef0ea5897d31c7ee6f1b8bc86f9c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI5895.tmp

Filesize
557KB

MD5
db7612f0fd6408d664185cfc81bef0cb

SHA1
19a6334ec00365b4f4e57d387ed885b32aa7c9aa

SHA256
e9e426b679b3efb233f03c696e997e2da3402f16a321e954b54454317fceb240

SHA512
25e129cb22aaabc68c42ecf10bb650ac4d0609b12c08703c780572bac7ecf4559fcc49cd595c56ea48cf55260a984cfa333c08307ffb7c62268b03fbecc724b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI5895.tmp

Filesize
557KB

MD5
db7612f0fd6408d664185cfc81bef0cb

SHA1
19a6334ec00365b4f4e57d387ed885b32aa7c9aa

SHA256
e9e426b679b3efb233f03c696e997e2da3402f16a321e954b54454317fceb240

SHA512
25e129cb22aaabc68c42ecf10bb650ac4d0609b12c08703c780572bac7ecf4559fcc49cd595c56ea48cf55260a984cfa333c08307ffb7c62268b03fbecc724b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI5961.tmp

Filesize
4.0MB

MD5
01189e13910f1590cd75ff56c2d6dc1f

SHA1
179fb404fbd37e722742bdf4fbcfc76e7ce80af9

SHA256
c46747149fdb59cd44246cc2501c1a467ebfccb11c5e3d9c7da512d021893d6f

SHA512
5188ee3dbb560efb2307eedfd960a25691300eb12bc206c18243b34f5a89599eb471a3f77ec4d78ecbfbe527980854d063cef0ea5897d31c7ee6f1b8bc86f9c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI5961.tmp

Filesize
4.0MB

MD5
01189e13910f1590cd75ff56c2d6dc1f

SHA1
179fb404fbd37e722742bdf4fbcfc76e7ce80af9

SHA256
c46747149fdb59cd44246cc2501c1a467ebfccb11c5e3d9c7da512d021893d6f

SHA512
5188ee3dbb560efb2307eedfd960a25691300eb12bc206c18243b34f5a89599eb471a3f77ec4d78ecbfbe527980854d063cef0ea5897d31c7ee6f1b8bc86f9c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI5D98.tmp

Filesize
557KB

MD5
db7612f0fd6408d664185cfc81bef0cb

SHA1
19a6334ec00365b4f4e57d387ed885b32aa7c9aa

SHA256
e9e426b679b3efb233f03c696e997e2da3402f16a321e954b54454317fceb240

SHA512
25e129cb22aaabc68c42ecf10bb650ac4d0609b12c08703c780572bac7ecf4559fcc49cd595c56ea48cf55260a984cfa333c08307ffb7c62268b03fbecc724b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI5D98.tmp

Filesize
557KB

MD5
db7612f0fd6408d664185cfc81bef0cb

SHA1
19a6334ec00365b4f4e57d387ed885b32aa7c9aa

SHA256
e9e426b679b3efb233f03c696e997e2da3402f16a321e954b54454317fceb240

SHA512
25e129cb22aaabc68c42ecf10bb650ac4d0609b12c08703c780572bac7ecf4559fcc49cd595c56ea48cf55260a984cfa333c08307ffb7c62268b03fbecc724b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI5F4E.tmp

Filesize
4.0MB

MD5
01189e13910f1590cd75ff56c2d6dc1f

SHA1
179fb404fbd37e722742bdf4fbcfc76e7ce80af9

SHA256
c46747149fdb59cd44246cc2501c1a467ebfccb11c5e3d9c7da512d021893d6f

SHA512
5188ee3dbb560efb2307eedfd960a25691300eb12bc206c18243b34f5a89599eb471a3f77ec4d78ecbfbe527980854d063cef0ea5897d31c7ee6f1b8bc86f9c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI5F4E.tmp

Filesize
4.0MB

MD5
01189e13910f1590cd75ff56c2d6dc1f

SHA1
179fb404fbd37e722742bdf4fbcfc76e7ce80af9

SHA256
c46747149fdb59cd44246cc2501c1a467ebfccb11c5e3d9c7da512d021893d6f

SHA512
5188ee3dbb560efb2307eedfd960a25691300eb12bc206c18243b34f5a89599eb471a3f77ec4d78ecbfbe527980854d063cef0ea5897d31c7ee6f1b8bc86f9c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI5F4E.tmp

Filesize
4.0MB

MD5
01189e13910f1590cd75ff56c2d6dc1f

SHA1
179fb404fbd37e722742bdf4fbcfc76e7ce80af9

SHA256
c46747149fdb59cd44246cc2501c1a467ebfccb11c5e3d9c7da512d021893d6f

SHA512
5188ee3dbb560efb2307eedfd960a25691300eb12bc206c18243b34f5a89599eb471a3f77ec4d78ecbfbe527980854d063cef0ea5897d31c7ee6f1b8bc86f9c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\dynatrace_extractor_20230331-210127.log

Filesize
559B

MD5
bf5bf9fa1a125a633f5eafa19a92d4fa

SHA1
400e7b7506d7601c2d7c059abf821899926cdf99

SHA256
adf0dec8e3a0debdf15eef5bf3f153ba84e6750b892ae467f4510257967f0f85

SHA512
ab283a1699122949f324d807e5d621f934563fc82e05b7dc6833ad3a3a13d1d241f91af7cabb84321306e003450ee672c1aa7865ef4879c9e04d996c43f5c9ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\dynatrace_extractor_20230331-210127.log

Filesize
1KB

MD5
8b9459b1007fc0d08d4443c5dcf250a2

SHA1
c5894b5a865ebee93b0bc8da77ba6bad43bab448

SHA256
8205318dfe49337b506b0747df331298f7afcfe509ae33b21a200ad13fe93c1b

SHA512
c8aec0e16cae41a34cc9b4f5d8b098dc583e78ff89536afe5b481c3cd9d3f62646c0884b0d1d8cfd5b4a572bc4e338e70a3d9951aaa40b9348e6940cca020fee

Download Submit
C:\Users\Admin\AppData\Local\Temp\install.bat

Filesize
1KB

MD5
3e10ac99dcea1e1fa6aad37c652e1f39

SHA1
1b292722199f2cb553c7b89f331f13253caa3fd3

SHA256
1f08bab9c48c6ab7c9217484853551ac1b7b29fe18f333bd2cac727c37fe2ef7

SHA512
78012e9cc8399d2dd2cf301f56c99aaeba63d470d5389780f5aa942b9297f20f6db0528988620fe79cd57899a9820bb5e9bdef4f0a8964423783c7080f3b21b8

Download Submit