f9947c5763542b3119788923977153ff8ca807a2e535e6ab28fc42641983aabb

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
21/04/2023, 01:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f9947c5763542b3119788923977153ff8ca807a2e535e6ab28fc42641983aabb.msi
Size

2.6MB
MD5

f1d3df6ea3509004b975337950e58f93
SHA1

4e725bf1f8fde9efbd8adc7ce4986caee58d074e
SHA256

f9947c5763542b3119788923977153ff8ca807a2e535e6ab28fc42641983aabb
SHA512

eb6eb1daa6d8119ba721cd8f345ab558c41910dc3151879566ec9164fecf37f364adca4d951a034becf7e7c61e19217044680d5160ff108a7dbf60fe402e4a28
SSDEEP

49152:ABRNlatz55q6jzoz//stPEqQpTIQW8MQ6M97ouRUbFFOV47S9gonUI0:gRNlap55qAczWgW9MxcFFOV42+r

Score

8^/10

bootkit discovery persistence

Malware Config

Signatures

Blocklisted process makes network request 3 IoCs

flow	pid	Process
2	1204	msiexec.exe
4	1204	msiexec.exe
6	1204	msiexec.exe

Downloads MZ/PE file

Executes dropped EXE 31 IoCs

pid	Process
1588	AteraAgent.exe
1720	AteraAgent.exe
2080	AgentPackageHeartbeat.exe
2560	AgentPackageSTRemote.exe
2344	AgentPackageTicketing.exe
2720	AgentPackageAgentInformation.exe
2832	AgentPackageADRemote.exe
2916	AgentPackageSystemTools.exe
2140	AgentPackageUpgradeAgent.exe
972	AgentPackageUpgradeAgent.exe
2536	AgentPackageInternalPoller.exe
1528	AgentPackageMonitoring.exe
2736	AgentPackageMarketplace.exe
2928	AgentPackageRuntimeInstaller.exe
2896	AgentPackageOsUpdates.exe
2404	AgentPackageProgramManagement.exe
2492	SplashtopStreamer.exe
2904	PreVerCheck.exe
3008	AgentPackageAgentInformation.exe
2768	AteraAgent.exe
2652	6-0-13.exe
2080	6-0-13.exe
1688	dotnet-runtime-6.0.13-win-x64.exe
2764	AteraAgent.exe
2364	AteraAgent.exe
2128	AgentPackageAgentInformation.exe
2708	AgentPackageMonitoring.exe
3056	AgentPackageAgentInformation.exe
1000	AgentPackageAgentInformation.exe
1932	dotnet.exe
2724	dotnet.exe

Loads dropped DLL 27 IoCs

pid	Process
1672	MsiExec.exe
1508	rundll32.exe
1508	rundll32.exe
1508	rundll32.exe
1508	rundll32.exe
1508	rundll32.exe
1672	MsiExec.exe
2388	MsiExec.exe
2564	rundll32.exe
2492	SplashtopStreamer.exe
2564	rundll32.exe
2564	rundll32.exe
2564	rundll32.exe
2564	rundll32.exe
2388	MsiExec.exe
2388	MsiExec.exe
2652	6-0-13.exe
2080	6-0-13.exe
2080	6-0-13.exe
2984	MsiExec.exe
2660	MsiExec.exe
908	msiexec.exe
908	msiexec.exe
2984	MsiExec.exe
2928	AgentPackageRuntimeInstaller.exe
1932	dotnet.exe
2724	dotnet.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce	dotnet-runtime-6.0.13-win-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{ac916c06-1c22-495e-ae7e-b4e24fbbed14} = "\"C:\\ProgramData\\Package Cache\\{ac916c06-1c22-495e-ae7e-b4e24fbbed14}\\dotnet-runtime-6.0.13-win-x64.exe\" /burn.runonce"	dotnet-runtime-6.0.13-win-x64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	AgentPackageMonitoring.exe

Drops file in System32 directory 27 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_D6781754937F132531C364D68914BDA9	AteraAgent.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1	AteraAgent.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4	AteraAgent.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015	AteraAgent.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141	AteraAgent.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416	AteraAgent.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015	AteraAgent.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357	AteraAgent.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4	AteraAgent.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC	6-0-13.exe
File opened for modification	C:\Windows\system32\InstallUtil.InstallLog	AteraAgent.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416	AteraAgent.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357	AteraAgent.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1	AteraAgent.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC	AgentPackageTicketing.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC	AgentPackageTicketing.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015	AgentPackageTicketing.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_D6781754937F132531C364D68914BDA9	AteraAgent.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015	AteraAgent.exe
File opened for modification	C:\Windows\system32\InstallUtil.InstallLog	AteraAgent.exe
File opened for modification	C:\Windows\system32\InstallUtil.InstallLog	AteraAgent.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141	AteraAgent.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC	6-0-13.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB	AteraAgent.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB	AteraAgent.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015	AteraAgent.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015	6-0-13.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.Net.ServicePoint.dll	msiexec.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.ini	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Buffers.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.WebHeaderCollection.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.X509Certificates.dll	AteraAgent.exe
File opened for modification	C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\AteraAgent.exe	AgentPackageUpgradeAgent.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.Reflection.Metadata.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.Diagnostics.TextWriterTraceListener.dll	msiexec.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Runtime.CompilerServices.Unsafe.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Drawing.Primitives.dll	AteraAgent.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\api-ms-win-core-localization-l1-2-0.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.Reflection.Extensions.dll	msiexec.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll	msiexec.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\EO.WebBrowser.WinForm.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Text.RegularExpressions.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Timer.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\System.Diagnostics.DiagnosticSource.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.TextWriterTraceListener.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Primitives.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Tasks.dll	AteraAgent.exe
File created	C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring.zip	AteraAgent.exe
File created	C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\x86\SQLite.Interop.dll	AteraAgent.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.Security.Cryptography.Primitives.dll	msiexec.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\System.Memory.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\System.Runtime.CompilerServices.Unsafe.dll	AteraAgent.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.Net.WebProxy.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.IO.Compression.Brotli.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.Runtime.Serialization.Json.dll	msiexec.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\StructureMap.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll	msiexec.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\Newtonsoft.Json.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.DriveInfo.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Serialization.Formatters.dll	AteraAgent.exe
File created	C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.ini	AteraAgent.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.Threading.Tasks.Dataflow.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.Runtime.Serialization.Xml.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.Configuration.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\mscorrc.dll	msiexec.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingTrayTMP.exe.config	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\System.Management.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Data.Common.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.FileVersionInfo.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Globalization.Extensions.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.Encoding.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\AteraAgent.InstallState	AgentPackageUpgradeAgent.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.ComponentModel.Annotations.dll	msiexec.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\RestartReminderNotification.exe	AteraAgent.exe
File opened for modification	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\log.txt	AgentPackageInternalPoller.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.IO.UnmanagedMemoryStream.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.Resources.Writer.dll	msiexec.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.ini	AteraAgent.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.ComponentModel.EventBasedAsync.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.Xml.Serialization.dll	msiexec.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\AteraAgent.exe.config	AgentPackageUpgradeAgent.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.Diagnostics.StackTrace.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.ValueTuple.dll	msiexec.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackages.ModelsV3.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\System.Runtime.CompilerServices.Unsafe.dll	AteraAgent.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\System.Diagnostics.Process.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.13\mscordaccore.dll	msiexec.exe
File opened for modification	C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Data-log.db	AgentPackageMonitoring.exe
File opened for modification	C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt	AteraAgent.exe

Drops file in Windows directory 53 IoCs

description	ioc	Process
File created	C:\Windows\Installer\6c6c2c.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIADD9.tmp	msiexec.exe
File opened for modification	C:\Windows\WindowsUpdate.log	dotnet-runtime-6.0.13-win-x64.exe
File opened for modification	C:\Windows\Installer\MSI747D.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6A11.tmp	msiexec.exe
File created	C:\Windows\Installer\6c6c48.msi	msiexec.exe
File created	C:\Windows\Installer\6c6c44.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF7CC.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6A11.tmp-\CustomAction.config	rundll32.exe
File opened for modification	C:\Windows\Installer\6c6c41.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7A72.tmp	msiexec.exe
File created	C:\Windows\Installer\6c6c3f.msi	msiexec.exe
File created	C:\Windows\Installer\6c6c49.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIFDC9.tmp	msiexec.exe
File created	C:\Windows\Installer\6c6c4d.msi	msiexec.exe
File created	C:\Windows\Installer\6c6c2f.msi	msiexec.exe
File created	C:\Windows\Installer\6c6c30.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6A11.tmp-\AlphaControlAgentInstallationDialog.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\6c6c44.msi	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.ev1	DrvInst.exe
File opened for modification	C:\Windows\WindowsUpdate.log	AgentPackageOsUpdates.exe
File opened for modification	C:\Windows\Installer\6c6c30.msi	msiexec.exe
File created	C:\Windows\Installer\6c6c46.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\6c6c4b.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6CE9.tmp-\CustomAction.config	rundll32.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\6c6c33.ipi	msiexec.exe
File created	C:\Windows\Installer\6c6c43.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF945.tmp	msiexec.exe
File created	C:\Windows\Installer\6c6c3e.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6A11.tmp-\Microsoft.Deployment.WindowsInstaller.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\MSI74BD.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\6c6c49.msi	msiexec.exe
File created	C:\Windows\Installer\6c6c4b.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\6c6c33.ipi	msiexec.exe
File created	C:\Windows\Installer\6c6c3c.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIEF72.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.ev3	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSI6CE9.tmp-\AlphaControlAgentInstallationDialog.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\MSIADF9.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\6c6c2c.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\6c6c3c.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\6c6c3f.msi	msiexec.exe
File created	C:\Windows\Installer\6c6c41.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID8.tmp	msiexec.exe
File created	C:\Windows\Installer\6c6c2d.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7A71.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID856.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\6c6c46.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6CE9.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6CE9.tmp-\Microsoft.Deployment.WindowsInstaller.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\6c6c2d.ipi	msiexec.exe

Launches sc.exe 2 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
1728	sc.exe
2716	sc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Kills process with taskkill 1 IoCs

evasion

pid	Process
2148	taskkill.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\32\52C64B7E\@%SystemRoot%\System32\fveui.dll,-844 = "BitLocker Data Recovery Agent"	AgentPackageAgentInformation.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	AgentPackageInternalPoller.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	AgentPackageUpgradeAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	AgentPackageADRemote.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\RestartManager\Session0000\SessionHash = 5e9a02026c8c1721175480aa100e27b3e5dccf65008b501f96bacf0f63e96dbd	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	AgentPackageAgentInformation.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	6-0-13.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	AgentPackageAgentInformation.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	AgentPackageAgentInformation.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs	AgentPackageSTRemote.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates	AgentPackageSystemTools.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	AgentPackageSystemTools.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	AgentPackageAgentInformation.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	AgentPackageTicketing.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	AgentPackageAgentInformation.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	AgentPackageSystemTools.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	AgentPackageMarketplace.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	AgentPackageSTRemote.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	AgentPackageMonitoring.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	AgentPackageSTRemote.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	AgentPackageUpgradeAgent.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "0"	SplashtopStreamer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	AgentPackageMonitoring.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	AgentPackageAgentInformation.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	AgentPackageAgentInformation.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	AgentPackageUpgradeAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	AgentPackageMonitoring.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	AgentPackageAgentInformation.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	AgentPackageAgentInformation.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	AgentPackageAgentInformation.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	AgentPackageSTRemote.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	AgentPackageADRemote.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	AgentPackageAgentInformation.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	AgentPackageAgentInformation.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	AgentPackageMonitoring.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	AgentPackageMonitoring.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	AgentPackageMonitoring.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	AgentPackageInternalPoller.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	AgentPackageAgentInformation.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs	AgentPackageAgentInformation.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	AgentPackageSTRemote.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	AgentPackageSTRemote.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	AgentPackageMonitoring.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	6-0-13.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	AgentPackageTicketing.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\RestartManager\Session0000	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	AgentPackageInternalPoller.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	AgentPackageProgramManagement.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	AgentPackageRuntimeInstaller.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	AgentPackageAgentInformation.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs	AgentPackageAgentInformation.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79434ABCE9E7E284E9AA26F75095FF38\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79434ABCE9E7E284E9AA26F75095FF38\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79434ABCE9E7E284E9AA26F75095FF38	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\25F46F8180ECF4345A1FA7A8935DE9AE	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C6A43DCFD81CE5B42A65ECB5EEC33844	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\600BD0F53EA263D408775642F76D784D\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C3ECADC8460071A40AC2948F135D7FA3\PackageCode = "E16DED461D8D9AC4092FFCDE75D32EAA"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{ac916c06-1c22-495e-ae7e-b4e24fbbed14}\Dependents\{ac916c06-1c22-495e-ae7e-b4e24fbbed14}	dotnet-runtime-6.0.13-win-x64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\dotnet_runtime_48.55.52137_x64	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\600BD0F53EA263D408775642F76D784D\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\600BD0F53EA263D408775642F76D784D\SourceList\Media\1 = ";"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C3ECADC8460071A40AC2948F135D7FA3\Clients = 3a0000000000	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E1061159FF212794FBC992292FACA523\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C6A43DCFD81CE5B42A65ECB5EEC33844\PackageCode = "23975F3E8643D1E4FA5950D6B096AE40"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C6A43DCFD81CE5B42A65ECB5EEC33844\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\600BD0F53EA263D408775642F76D784D\MainFeature	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\600BD0F53EA263D408775642F76D784D\DeploymentFlags = "3"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\600BD0F53EA263D408775642F76D784D\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C3ECADC8460071A40AC2948F135D7FA3\SourceList\Media	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C6A43DCFD81CE5B42A65ECB5EEC33844\SourceList	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_48.55.52137_x64	dotnet-runtime-6.0.13-win-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E1061159FF212794FBC992292FACA523	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E1061159FF212794FBC992292FACA523\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E1061159FF212794FBC992292FACA523\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79434ABCE9E7E284E9AA26F75095FF38\ProductName = "AteraAgent"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79434ABCE9E7E284E9AA26F75095FF38\SourceList	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\C6A43DCFD81CE5B42A65ECB5EEC33844	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\600BD0F53EA263D408775642F76D784D\ProductName = "Microsoft .NET Runtime - 6.0.13 (x64)"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\600BD0F53EA263D408775642F76D784D\AdvertiseFlags = "388"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\600BD0F53EA263D408775642F76D784D\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\E1061159FF212794FBC992292FACA523\Provider	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79434ABCE9E7E284E9AA26F75095FF38\Assignment = "1"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\79434ABCE9E7E284E9AA26F75095FF38	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{ac916c06-1c22-495e-ae7e-b4e24fbbed14}\Dependents	dotnet-runtime-6.0.13-win-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E1061159FF212794FBC992292FACA523\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79434ABCE9E7E284E9AA26F75095FF38\SourceList\Media	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79434ABCE9E7E284E9AA26F75095FF38\SourceList	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\DF94EABFBF456B47F477CDE6962FE1CF	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\C3ECADC8460071A40AC2948F135D7FA3\MainFeature	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79434ABCE9E7E284E9AA26F75095FF38\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\600BD0F53EA263D408775642F76D784D\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{5F0DB006-2AE3-4D36-8077-65247FD687D4}v48.55.52137\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C3ECADC8460071A40AC2948F135D7FA3	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C3ECADC8460071A40AC2948F135D7FA3\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{8CDACE3C-0064-4A17-A02C-49F831D5F73A}v48.55.52137\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_48.3.31210_x64\DisplayName = "Microsoft .NET Host - 6.0.13 (x64)"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E1061159FF212794FBC992292FACA523\Clients = 3a0000000000	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C6A43DCFD81CE5B42A65ECB5EEC33844\AuthorizedLUAApp = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C3ECADC8460071A40AC2948F135D7FA3\Language = "1033"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\094F9C7997352096B7082D27C35AD959	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C6A43DCFD81CE5B42A65ECB5EEC33844\SourceList\PackageName = "ateraAgentSetup64_1_8_3_7.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\600BD0F53EA263D408775642F76D784D\Provider	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\600BD0F53EA263D408775642F76D784D	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C3ECADC8460071A40AC2948F135D7FA3\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_runtime_48.55.52137_x64\DisplayName = "Microsoft .NET Runtime - 6.0.13 (x64)"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\600BD0F53EA263D408775642F76D784D\PackageCode = "6583A622D1F67E64B836884A1D3E6C78"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\dotnet_runtime_48.55.52137_x64	dotnet-runtime-6.0.13-win-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E1061159FF212794FBC992292FACA523\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{9511601E-12FF-4972-BF9C-2992F2CA5A32}v48.55.52137\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\25F46F8180ECF4345A1FA7A8935DE9AE\79434ABCE9E7E284E9AA26F75095FF38	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79434ABCE9E7E284E9AA26F75095FF38\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79434ABCE9E7E284E9AA26F75095FF38\SourceList\Net	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C6A43DCFD81CE5B42A65ECB5EEC33844\Language = "1033"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C3ECADC8460071A40AC2948F135D7FA3\SourceList\Media\1 = ";"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79434ABCE9E7E284E9AA26F75095FF38\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_runtime_48.55.52137_x64\Version = "48.55.52137"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_runtime_48.55.52137_x64\ = "{5F0DB006-2AE3-4D36-8077-65247FD687D4}"	msiexec.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	AteraAgent.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	AteraAgent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	AgentPackageSTRemote.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	AgentPackageSTRemote.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	AteraAgent.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	AteraAgent.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
908	msiexec.exe
908	msiexec.exe
1720	AteraAgent.exe
1720	AteraAgent.exe
1720	AteraAgent.exe
1720	AteraAgent.exe
1720	AteraAgent.exe
1720	AteraAgent.exe
1720	AteraAgent.exe
1720	AteraAgent.exe
1720	AteraAgent.exe
1720	AteraAgent.exe
1720	AteraAgent.exe
1720	AteraAgent.exe
1720	AteraAgent.exe
1720	AteraAgent.exe
1720	AteraAgent.exe
1720	AteraAgent.exe
1720	AteraAgent.exe
1720	AteraAgent.exe
1720	AteraAgent.exe
1720	AteraAgent.exe
1720	AteraAgent.exe
1720	AteraAgent.exe
1720	AteraAgent.exe
1720	AteraAgent.exe
1720	AteraAgent.exe
1720	AteraAgent.exe
2344	AgentPackageTicketing.exe
2536	AgentPackageInternalPoller.exe
972	AgentPackageUpgradeAgent.exe
1528	AgentPackageMonitoring.exe
2560	AgentPackageSTRemote.exe
972	AgentPackageUpgradeAgent.exe
972	AgentPackageUpgradeAgent.exe
908	msiexec.exe
908	msiexec.exe
908	msiexec.exe
908	msiexec.exe
908	msiexec.exe
908	msiexec.exe
908	msiexec.exe
908	msiexec.exe
908	msiexec.exe
908	msiexec.exe
908	msiexec.exe
908	msiexec.exe
2928	AgentPackageRuntimeInstaller.exe
2364	AteraAgent.exe
908	msiexec.exe
908	msiexec.exe
2364	AteraAgent.exe
908	msiexec.exe
908	msiexec.exe
908	msiexec.exe
908	msiexec.exe
2364	AteraAgent.exe
2364	AteraAgent.exe
2364	AteraAgent.exe
2364	AteraAgent.exe
2364	AteraAgent.exe
2364	AteraAgent.exe
2364	AteraAgent.exe
2364	AteraAgent.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
460	Process not Found
460	Process not Found

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1204	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1204	msiexec.exe
Token: SeRestorePrivilege	908	msiexec.exe
Token: SeTakeOwnershipPrivilege	908	msiexec.exe
Token: SeSecurityPrivilege	908	msiexec.exe
Token: SeCreateTokenPrivilege	1204	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1204	msiexec.exe
Token: SeLockMemoryPrivilege	1204	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1204	msiexec.exe
Token: SeMachineAccountPrivilege	1204	msiexec.exe
Token: SeTcbPrivilege	1204	msiexec.exe
Token: SeSecurityPrivilege	1204	msiexec.exe
Token: SeTakeOwnershipPrivilege	1204	msiexec.exe
Token: SeLoadDriverPrivilege	1204	msiexec.exe
Token: SeSystemProfilePrivilege	1204	msiexec.exe
Token: SeSystemtimePrivilege	1204	msiexec.exe
Token: SeProfSingleProcessPrivilege	1204	msiexec.exe
Token: SeIncBasePriorityPrivilege	1204	msiexec.exe
Token: SeCreatePagefilePrivilege	1204	msiexec.exe
Token: SeCreatePermanentPrivilege	1204	msiexec.exe
Token: SeBackupPrivilege	1204	msiexec.exe
Token: SeRestorePrivilege	1204	msiexec.exe
Token: SeShutdownPrivilege	1204	msiexec.exe
Token: SeDebugPrivilege	1204	msiexec.exe
Token: SeAuditPrivilege	1204	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1204	msiexec.exe
Token: SeChangeNotifyPrivilege	1204	msiexec.exe
Token: SeRemoteShutdownPrivilege	1204	msiexec.exe
Token: SeUndockPrivilege	1204	msiexec.exe
Token: SeSyncAgentPrivilege	1204	msiexec.exe
Token: SeEnableDelegationPrivilege	1204	msiexec.exe
Token: SeManageVolumePrivilege	1204	msiexec.exe
Token: SeImpersonatePrivilege	1204	msiexec.exe
Token: SeCreateGlobalPrivilege	1204	msiexec.exe
Token: SeBackupPrivilege	112	vssvc.exe
Token: SeRestorePrivilege	112	vssvc.exe
Token: SeAuditPrivilege	112	vssvc.exe
Token: SeBackupPrivilege	908	msiexec.exe
Token: SeRestorePrivilege	908	msiexec.exe
Token: SeRestorePrivilege	1932	DrvInst.exe
Token: SeRestorePrivilege	1932	DrvInst.exe
Token: SeRestorePrivilege	1932	DrvInst.exe
Token: SeRestorePrivilege	1932	DrvInst.exe
Token: SeRestorePrivilege	1932	DrvInst.exe
Token: SeRestorePrivilege	1932	DrvInst.exe
Token: SeRestorePrivilege	1932	DrvInst.exe
Token: SeLoadDriverPrivilege	1932	DrvInst.exe
Token: SeLoadDriverPrivilege	1932	DrvInst.exe
Token: SeLoadDriverPrivilege	1932	DrvInst.exe
Token: SeRestorePrivilege	908	msiexec.exe
Token: SeTakeOwnershipPrivilege	908	msiexec.exe
Token: SeRestorePrivilege	908	msiexec.exe
Token: SeTakeOwnershipPrivilege	908	msiexec.exe
Token: SeRestorePrivilege	908	msiexec.exe
Token: SeTakeOwnershipPrivilege	908	msiexec.exe
Token: SeRestorePrivilege	908	msiexec.exe
Token: SeTakeOwnershipPrivilege	908	msiexec.exe
Token: SeRestorePrivilege	908	msiexec.exe
Token: SeTakeOwnershipPrivilege	908	msiexec.exe
Token: SeRestorePrivilege	908	msiexec.exe
Token: SeTakeOwnershipPrivilege	908	msiexec.exe
Token: SeRestorePrivilege	908	msiexec.exe
Token: SeTakeOwnershipPrivilege	908	msiexec.exe
Token: SeRestorePrivilege	908	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1204	msiexec.exe
1204	msiexec.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2492	SplashtopStreamer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 908 wrote to memory of 1672	908	msiexec.exe	32
PID 908 wrote to memory of 1672	908	msiexec.exe	32
PID 908 wrote to memory of 1672	908	msiexec.exe	32
PID 908 wrote to memory of 1672	908	msiexec.exe	32
PID 908 wrote to memory of 1672	908	msiexec.exe	32
PID 908 wrote to memory of 1672	908	msiexec.exe	32
PID 908 wrote to memory of 1672	908	msiexec.exe	32
PID 1672 wrote to memory of 1508	1672	MsiExec.exe	33
PID 1672 wrote to memory of 1508	1672	MsiExec.exe	33
PID 1672 wrote to memory of 1508	1672	MsiExec.exe	33
PID 1672 wrote to memory of 1508	1672	MsiExec.exe	33
PID 1672 wrote to memory of 1508	1672	MsiExec.exe	33
PID 1672 wrote to memory of 1508	1672	MsiExec.exe	33
PID 1672 wrote to memory of 1508	1672	MsiExec.exe	33
PID 908 wrote to memory of 1588	908	msiexec.exe	34
PID 908 wrote to memory of 1588	908	msiexec.exe	34
PID 908 wrote to memory of 1588	908	msiexec.exe	34
PID 1720 wrote to memory of 1728	1720	AteraAgent.exe	36
PID 1720 wrote to memory of 1728	1720	AteraAgent.exe	36
PID 1720 wrote to memory of 1728	1720	AteraAgent.exe	36
PID 1720 wrote to memory of 2080	1720	AteraAgent.exe	45
PID 1720 wrote to memory of 2080	1720	AteraAgent.exe	45
PID 1720 wrote to memory of 2080	1720	AteraAgent.exe	45
PID 1720 wrote to memory of 2560	1720	AteraAgent.exe	42
PID 1720 wrote to memory of 2560	1720	AteraAgent.exe	42
PID 1720 wrote to memory of 2560	1720	AteraAgent.exe	42
PID 1720 wrote to memory of 2344	1720	AteraAgent.exe	41
PID 1720 wrote to memory of 2344	1720	AteraAgent.exe	41
PID 1720 wrote to memory of 2344	1720	AteraAgent.exe	41
PID 1720 wrote to memory of 2720	1720	AteraAgent.exe	44
PID 1720 wrote to memory of 2720	1720	AteraAgent.exe	44
PID 1720 wrote to memory of 2720	1720	AteraAgent.exe	44
PID 1720 wrote to memory of 2832	1720	AteraAgent.exe	47
PID 1720 wrote to memory of 2832	1720	AteraAgent.exe	47
PID 1720 wrote to memory of 2832	1720	AteraAgent.exe	47
PID 1720 wrote to memory of 2916	1720	AteraAgent.exe	50
PID 1720 wrote to memory of 2916	1720	AteraAgent.exe	50
PID 1720 wrote to memory of 2916	1720	AteraAgent.exe	50
PID 1720 wrote to memory of 2140	1720	AteraAgent.exe	51
PID 1720 wrote to memory of 2140	1720	AteraAgent.exe	51
PID 1720 wrote to memory of 2140	1720	AteraAgent.exe	51
PID 2140 wrote to memory of 972	2140	AgentPackageUpgradeAgent.exe	53
PID 2140 wrote to memory of 972	2140	AgentPackageUpgradeAgent.exe	53
PID 2140 wrote to memory of 972	2140	AgentPackageUpgradeAgent.exe	53
PID 1720 wrote to memory of 2536	1720	AteraAgent.exe	55
PID 1720 wrote to memory of 2536	1720	AteraAgent.exe	55
PID 1720 wrote to memory of 2536	1720	AteraAgent.exe	55
PID 1720 wrote to memory of 1528	1720	AteraAgent.exe	57
PID 1720 wrote to memory of 1528	1720	AteraAgent.exe	57
PID 1720 wrote to memory of 1528	1720	AteraAgent.exe	57
PID 1720 wrote to memory of 2736	1720	AteraAgent.exe	59
PID 1720 wrote to memory of 2736	1720	AteraAgent.exe	59
PID 1720 wrote to memory of 2736	1720	AteraAgent.exe	59
PID 1720 wrote to memory of 2928	1720	AteraAgent.exe	61
PID 1720 wrote to memory of 2928	1720	AteraAgent.exe	61
PID 1720 wrote to memory of 2928	1720	AteraAgent.exe	61
PID 1720 wrote to memory of 2896	1720	AteraAgent.exe	62
PID 1720 wrote to memory of 2896	1720	AteraAgent.exe	62
PID 1720 wrote to memory of 2896	1720	AteraAgent.exe	62
PID 1720 wrote to memory of 2404	1720	AteraAgent.exe	65
PID 1720 wrote to memory of 2404	1720	AteraAgent.exe	65
PID 1720 wrote to memory of 2404	1720	AteraAgent.exe	65
PID 2720 wrote to memory of 2528	2720	AgentPackageAgentInformation.exe	67
PID 2720 wrote to memory of 2528	2720	AgentPackageAgentInformation.exe	67

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\f9947c5763542b3119788923977153ff8ca807a2e535e6ab28fc42641983aabb.msi
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1204

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Loads dropped DLL
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:908
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 05B6DB5932D90312F181207403DEDC0E
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1672
- - C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe "C:\Windows\Installer\MSI6CE9.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_7106110 1 AlphaControlAgentInstallationDialog!AlphaControlAgentInstallationDialog.CustomActions.ShouldContinueInstallation
    3⤵
    - Loads dropped DLL
    - Drops file in Windows directory
    PID:1508
- C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
  "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="[email protected]" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="0013z00002xN5FwAAK"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - Modifies data under HKEY_USERS
  PID:1588
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 4DB363498115A81786CFF5CE2771295E M Global\MSI0000
  2⤵
  - Loads dropped DLL
  PID:2388
- - C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe "C:\Windows\Installer\MSI6A11.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_7170897 10 AlphaControlAgentInstallationDialog!AlphaControlAgentInstallationDialog.CustomActions.ShouldContinueInstallation
    3⤵
    - Loads dropped DLL
    - Drops file in Windows directory
    PID:2564
- C:\Windows\system32\NET.exe
  NET STOP AteraAgent
  2⤵
  PID:2372
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 STOP AteraAgent
    3⤵
    PID:1272
- C:\Windows\system32\taskkill.exe
  taskkill /f /im AteraAgent.exe
  2⤵
  - Kills process with taskkill
  PID:2148
- C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
  "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /u
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:2768
- C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe
  "C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="" /CompanyId="" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId=""
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Modifies data under HKEY_USERS
  PID:2764
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 4638E9C2108139520E9FD486272987A1 M Global\MSI0000
  2⤵
  PID:2984
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding BAD985731C473D6A1048730E5EE71485 M Global\MSI0000
  2⤵
  - Loads dropped DLL
  PID:2660
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 86A7C8A053345FB59933CE159DBB2291 M Global\MSI0000
  2⤵
  - Loads dropped DLL
  PID:2984

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:112

C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "0000000000000068" "00000000000005B4"
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1932

C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
"C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies data under HKEY_USERS
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Windows\System32\sc.exe
  "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
  2⤵
  - Launches sc.exe
  PID:1728
- C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" ad34f7af-4a7c-4ce8-a5c7-f668ef15280c "02dee9bf-48d7-45bf-b8d1-0347f15de7ef" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  PID:2344
- C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" ad34f7af-4a7c-4ce8-a5c7-f668ef15280c "05872a3a-84f4-4622-8f74-244b00d66b0c" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded"
  2⤵
  - Executes dropped EXE
  - Modifies data under HKEY_USERS
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  PID:2560
- - C:\Windows\TEMP\SplashtopStreamer.exe
    "C:\Windows\TEMP\SplashtopStreamer.exe" prevercheck /s /i sec_opt=0,confirm_d=0,hidewindow=1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies data under HKEY_USERS
    - Suspicious use of SetWindowsHookEx
    PID:2492
  - - C:\Windows\Temp\unpack\PreVerCheck.exe
      "C:\Windows\Temp\unpack\PreVerCheck.exe" /s /i sec_opt=0,confirm_d=0,hidewindow=1
      4⤵
      Executes dropped EXE
      PID:2904
    - - C:\Windows\SysWOW64\msiexec.exe
        
        msiexec /norestart /i "setup.msi" /qn /l*v "C:\Windows\TEMP\PreVer.log.txt" CA_EXTPATH=1 USERINFO="sec_opt=0,confirm_d=0,hidewindow=1"
        5⤵
        
        PID:2384
- C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" ad34f7af-4a7c-4ce8-a5c7-f668ef15280c "bd8373e7-1259-4fb4-8f6d-b8106390e3ba" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2720
- - C:\Windows\System32\cmd.exe
    "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office14\ospp.vbs" /dstatus
    3⤵
    PID:2528
  - - C:\Windows\system32\cscript.exe
      cscript "C:\Program Files (x86)\Microsoft Office\Office14\ospp.vbs" /dstatus
      4⤵
      PID:2004
- C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" ad34f7af-4a7c-4ce8-a5c7-f668ef15280c "0ca41803-aab1-404e-a224-9d84b5236298" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat"
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe" ad34f7af-4a7c-4ce8-a5c7-f668ef15280c "54206896-1d34-431c-894d-359597f775ed" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBZENvbW1hbmRUeXBlIjo1LCJJbnN0YWxsYXRpb25GaWxlVXJsIjpudWxsfQ=="
  2⤵
  - Executes dropped EXE
  - Modifies data under HKEY_USERS
  PID:2832
- C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" ad34f7af-4a7c-4ce8-a5c7-f668ef15280c "cd9447e7-21e1-4ab8-873c-5cd8964d0580" agent-api.atera.com/Production 443 or8ixLi90Mf "probe"
  2⤵
  - Executes dropped EXE
  - Modifies data under HKEY_USERS
  PID:2916
- C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" ad34f7af-4a7c-4ce8-a5c7-f668ef15280c "60306b9e-f1e1-4cdf-b7d1-e5f07b35b041" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2140
- - C:\Windows\TEMP\AteraUpgradeAgentPackage\AgentPackageUpgradeAgent.exe
    "C:\Windows\TEMP\AteraUpgradeAgentPackage\AgentPackageUpgradeAgent.exe" "ad34f7af-4a7c-4ce8-a5c7-f668ef15280c" "60306b9e-f1e1-4cdf-b7d1-e5f07b35b041" "agent-api.atera.com/Production" "443" "or8ixLi90Mf" "checkforupdates"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    PID:972
  - - C:\Windows\system32\msiexec.exe
      "msiexec.exe" /i C:\Windows\TEMP\ateraAgentSetup64_1_8_3_7.msi /lv* AteraSetupLog.txt /qn /norestart
      4⤵
      PID:2468
- C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" ad34f7af-4a7c-4ce8-a5c7-f668ef15280c "d980ec73-5d00-46e6-9554-2b4ea93d0315" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  PID:2536
- C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" ad34f7af-4a7c-4ce8-a5c7-f668ef15280c "676d7bbd-ec23-46d9-96a2-0da2f40597cf" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor"
  2⤵
  - Executes dropped EXE
  - Writes to the Master Boot Record (MBR)
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  PID:1528
- C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe" ad34f7af-4a7c-4ce8-a5c7-f668ef15280c "e6555f42-a40e-49f8-b8e5-24cd99d72c4e" agent-api.atera.com/Production 443 or8ixLi90Mf "agentprovision"
  2⤵
  - Executes dropped EXE
  - Modifies data under HKEY_USERS
  PID:2736
- C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe" ad34f7af-4a7c-4ce8-a5c7-f668ef15280c "d1541e36-c954-442c-8790-7de1ee3557b2" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJDb21tYW5kTmFtZSI6Imluc3RhbGxkb3RuZXQiLCJEb3ROZXRWZXJzaW9uIjoiNi4wLjEzIiwiTWFjQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2FhM2IzMTUwLTgwY2ItNGQzMC04N2Y4LWRjMzZmYTFkY2YyNi84ZWM5ZmY2ODM2ODI4MTc1ZjFhNmE2MGFlZmQ0ZTYzYi9kb3RuZXQtcnVudGltZS02LjAuMTMtb3N4LWFybTY0LnBrZyIsIk1hY1g2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci8yZWYxMjM1Ny00OTliLTRhNWItYTQ4OC1kYTQ1YTVmMzEwZTYvZmJlMzVjMzU0YmZiNTA5MzRhOTc2ZmM5MWM2ZDhkODEvZG90bmV0LXJ1bnRpbWUtNi4wLjEzLW9zeC14NjQucGtnIiwiV2luQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzVmZTE3M2VhLTRjNTgtNGE4ZC1iOGU1LTVjN2VhN2M1OTAxMS9hMTkzNmUxMjM5ZTU5ZGM0ZGY1OGExYmMzZGI1MjdjMy9kb3RuZXQtcnVudGltZS02LjAuMTMtd2luLWFybTY0LmV4ZSIsIldpblg2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci80MzZiY2U2YS1mM2U3LTQ0OGUtOTI3OS1kNThmMWUzOWFiOGEvOWY1YzdlZDM3NzI5NGNjOGUwMjhlOTAwNTQwNjMyZDUvZG90bmV0LXJ1bnRpbWUtNi4wLjEzLXdpbi14NjQuZXhlIiwiV2luWDg2RG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzVmMDk1Y2JiLWFmNmMtNGQyMC05MDlkLTg3ZGI1Mzg3OTM3MC9kNGM2ZjM4MGE5YTY4ZmM4NTNiZDg5MTE4OWYzYzk3NS9kb3RuZXQtcnVudGltZS02LjAuMTMtd2luLXg4Ni5leGUiLCJNYWNBUk1DaGVja3N1bSI6IlM1WTRyU0syVmtpbWcyd01pSEVGZUI2N2U5YTBIZG9ocE13TkZ1TEVJTGpXaVNQVnpYXHUwMDJCSjNPUFJ5aUVZQmlmdkZcdTAwMkI0bnN4aTVcdTAwMkJzSG4wMGN0cU13UTZBPT0iLCJNYWNYNjRDaGVja3N1bSI6IjRqSVl1dGhzTDU4dnV0cWlkZHNGMk1pQ3NcdTAwMkJBRTBUN2FWMVgwXHUwMDJCMk1FWFNSQ0xXdGdqM0x0MklldmVxZ2l1UUVsU2VxNVF1TGJybkRjSHBRbEVpd0N3QT09IiwiV2luQVJNQ2hlY2tzdW0iOiJkLzBlWkR4L0VTSE92dUM1RURKdU4yOTFqckllYnVKTXdjdUxsV2RLOGp0Ym1kbVNYUGNhVzBpOFx1MDAyQk9kdGJwcC9SaG9TMXk3SC9mOVlTTWd6aFVPY3NBPT0iLCJXaW5YNjRDaGVja3N1bSI6InNQdmlCM3VQQVpXRG53YVZoM3YwVEpjYWRUMmNLa0d0MXVNQUM5YzBwTXNNYnduZ01IUkN3ZmxjZTlxUWNjSzJNXHUwMDJCb1BSM2t6NVpNZmh1MlA1SmdvVWc9PSIsIldpblg4NkNoZWNrc3VtIjoicTE2UjdyUzZpcjR3RW1YMTZIQVJhUThtWDByNDNhek9IODZKOXpISkNpVzlmWklhS2VYL1hvbUJrQ2xocXZxSzhIeDVuNTA2R0k4MTBPakRmbG50Y3c9PSIsIldvcmtzcGFjZUlkIjoiYmYwY2U0OWQtNzdjZi00NzIxLWJmNzAtNTc2ODYzODNjOWFiIiwiTG9nTmFtZSI6IkRvdE5ldFJ1bnRpbWVJbnN0YWxsYXRpb25SZXBvcnQiLCJTaGFyZWRLZXkiOiJqVUlTL1Q5Q1JWRGVLeFlnNFVyM2FDaGhXUXVjWTdQVnZ3ZzB6SHVxSnNjclRqalEyTHdLNlVqZnU3Y0EyTnByQVIwci9TUkFYSllZbGRQS0tGeUtLUT09In0="
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  PID:2928
- - C:\Windows\system32\cmd.exe
    "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
    3⤵
    PID:2968
- - C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\6-0-13.exe
    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\6-0-13.exe" /repair /quiet /norestart
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2652
  - - C:\Windows\Temp\{51939976-D1A3-44B8-944D-51A4D51882E9}\.cr\6-0-13.exe
      "C:\Windows\Temp\{51939976-D1A3-44B8-944D-51A4D51882E9}\.cr\6-0-13.exe" -burn.clean.room="C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\6-0-13.exe" -burn.filehandle.attached=188 -burn.filehandle.self=196 /repair /quiet /norestart
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Modifies data under HKEY_USERS
      PID:2080
    - - C:\Windows\Temp\{D75D9687-4F47-4803-B1FC-BD859538E466}\.be\dotnet-runtime-6.0.13-win-x64.exe
        
        "C:\Windows\Temp\{D75D9687-4F47-4803-B1FC-BD859538E466}\.be\dotnet-runtime-6.0.13-win-x64.exe" -q -burn.elevated BurnPipe.{1B92AD90-A9D6-453B-85E9-FE5FCB226C09} {2147A206-15D5-4696-8799-D98AB86186C9} 2080
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in Windows directory
        Modifies registry class
        
        PID:1688
- - C:\Windows\system32\cmd.exe
    "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
    3⤵
    PID:2444
- - C:\Program Files\dotnet\dotnet.exe
    "C:\Program Files\dotnet\dotnet" --list-runtimes
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1932
- - C:\Windows\system32\cmd.exe
    "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
    3⤵
    PID:2216
- - C:\Program Files\dotnet\dotnet.exe
    "C:\Program Files\dotnet\dotnet" --list-runtimes
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2724
- C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" ad34f7af-4a7c-4ce8-a5c7-f668ef15280c "5382552c-b98c-43b6-b6fc-f7ec6578d862" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates"
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  PID:2896
- C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe" ad34f7af-4a7c-4ce8-a5c7-f668ef15280c "12b9fa1b-3fd2-4384-aebf-98e921076720" agent-api.atera.com/Production 443 or8ixLi90Mf "syncinstalledapps"
  2⤵
  - Executes dropped EXE
  - Modifies data under HKEY_USERS
  PID:2404
- C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" ad34f7af-4a7c-4ce8-a5c7-f668ef15280c "42b009c9-2179-4cd5-9056-6ff590b025ab" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification"
  2⤵
  - Executes dropped EXE
  - Modifies data under HKEY_USERS
  PID:3008

C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe
"C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:2364
- C:\Windows\System32\sc.exe
  "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
  2⤵
  - Launches sc.exe
  PID:2716
- C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
  "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" ad34f7af-4a7c-4ce8-a5c7-f668ef15280c "26cd403d-470d-48e6-be28-ead74cc6832e" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification"
  2⤵
  - Executes dropped EXE
  - Modifies data under HKEY_USERS
  PID:2128
- C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
  "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" ad34f7af-4a7c-4ce8-a5c7-f668ef15280c "abc9a21f-978f-40da-b63b-c6e85ec96cb2" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Modifies data under HKEY_USERS
  PID:2708
- C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
  "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" ad34f7af-4a7c-4ce8-a5c7-f668ef15280c "16869c78-7c0f-497e-b3d5-cc903fcb0b61" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui"
  2⤵
  - Executes dropped EXE
  - Modifies data under HKEY_USERS
  PID:3056
- - C:\Windows\System32\cmd.exe
    "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office14\ospp.vbs" /dstatus
    3⤵
    PID:2884
  - - C:\Windows\system32\cscript.exe
      cscript "C:\Program Files (x86)\Microsoft Office\Office14\ospp.vbs" /dstatus
      4⤵
      PID:2784
- - C:\Windows\System32\cmd.exe
    "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office14\ospp.vbs" /dstatus
    3⤵
    PID:2428
  - - C:\Windows\system32\cscript.exe
      cscript "C:\Program Files (x86)\Microsoft Office\Office14\ospp.vbs" /dstatus
      4⤵
      PID:772
- C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
  "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" ad34f7af-4a7c-4ce8-a5c7-f668ef15280c "bac6cc16-cc98-47ad-bbe8-ac0ae0f79a7f" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification"
  2⤵
  - Executes dropped EXE
  - Modifies data under HKEY_USERS
  PID:1000

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\6c6c2e.rbs

Filesize
8KB

MD5
c9f38980f073e9afaf5148e49259eecd

SHA1
41dbb5a2643c3c1d72be1fc7cba5d06169845267

SHA256
488a1d2eb65d5eaca24360eac30b2a65d74b46f095176fb4937bd967d3527a72

SHA512
e25a30090e411ed711084d5611a76ab25f379c47c8adc6d098897055e6dee74d3eb996ab83c8ccaa27dbe1dabc584cc3b3dbbb33e7a30778dbfe0dce077e20d6

Download Submit
C:\Config.Msi\6c6c34.rbs

Filesize
9KB

MD5
20ebf11ecda55f2f75ffaa73656567bd

SHA1
b66b04e65e7179cb99e8ecae0efd329a73aa2eea

SHA256
d492406118c803a23cd1cfc2a9368ea729d43a6df821e5f7ea1c1d759db67286

SHA512
0f75f368dfa93d4aa0a316821c3593614d2704cac922f3fc613fc365e868822fb4bef23f93062e67ebf9a6f9798081fff0d3398aa7d0def98290b6df84d51e59

Download Submit
C:\Config.Msi\6c6c3d.rbs

Filesize
7KB

MD5
9e08cfc0188bd8992b3f5c4304a38a5f

SHA1
5291d9a7ef44cecb9cb2290551e0a9d2cbaa7cdf

SHA256
3c27512e96cc4ec80f3d1ee25f46e50c8a6db3ec9e56d03079f3b11faf9211bf

SHA512
4bd8c2ec1f15927edef69fe4df8fcb99cddab2d6d5a7302b2421a3194da6007373a4a0cbe5969a9db8dc945501240394b961029a7fa59134306cdad061e83a6d

Download Submit
C:\Config.Msi\6c6c42.rbs

Filesize
55KB

MD5
3c7e4b3bcdf58dd5d4b3e82e0a2ae82d

SHA1
f90ef41e9e1c84525df2d916a700323894c120c1

SHA256
3fec5f4936fea5c6e8e4867a4266cb29e36a9a2c889155ec54189777528bf122

SHA512
3cc8154a4b46b3d24e58fc8c4176fb421bce8052b2133e923957fa89c4a848c1604b76ed000ee61cfa22fd42afe081869194c14afd98bd4a77380c5841da04fc

Download Submit
C:\Config.Msi\6c6c47.rbs

Filesize
8KB

MD5
6634a3e7fdedecb5b7e139426704de45

SHA1
7347ad5168391c23abb147c053ba5588fe9df909

SHA256
8521f8c5439a1123514949302e89485c6b4868a2664322bf8d4d296caeee7219

SHA512
1cc57931fd7c3072ba539184ac48878707e53a8665f2768922db1d04e4f2254405efafd1f12bf83bee207c04b36fb4757554962c0b45d9cf253973fa2c45b165

Download Submit
C:\Config.Msi\6c6c4c.rbs

Filesize
9KB

MD5
f9f49a50d4aeb0d081f176e6ad105561

SHA1
3c56e4551ede6e29cc728c340b9f8391727acb96

SHA256
67af55d84053db933bce54043c5bffc311a9bf57086ff95293aff58fd1251fad

SHA512
89bda10889097d4bccfd49982b73b8bd7338a96535884b900c99990dff95079e25e92e52c2ee3300c53c7c2a0490f3a3f42519a13b4325c6b6d3bb9c7fb9e1b5

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog

Filesize
753B

MD5
8298451e4dee214334dd2e22b8996bdc

SHA1
bc429029cc6b42c59c417773ea5df8ae54dbb971

SHA256
6fbf5845a6738e2dc2aa67dd5f78da2c8f8cb41d866bbba10e5336787c731b25

SHA512
cda4ffd7d6c6dff90521c6a67a3dba27bf172cc87cee2986ae46dccd02f771d7e784dcad8aea0ad10decf46a1c8ae1041c184206ec2796e54756e49b9217d7ba

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog

Filesize
1KB

MD5
3840b31c383fdf49bfd6740d945c9032

SHA1
a6f50164a69718bcef4664d7c47534f0d721866a

SHA256
1f119f4fda8028b420e70ee1637c65e2b4198b41eb3eb44d911afa6f1a0bbc64

SHA512
f5315421d4bc5f08fef4e1449e5799ddf311f08eda317a9eaad8c88c2e7b7c26182bd586c0221ffe5f4112e5d6e05f5d45d2d0382b0ed51ca25aa94d4d95a84d

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

Filesize
138KB

MD5
8dd350bb44e45c0b89d0c2cea8e1fd9f

SHA1
298ccacd3f218f8d98709a43df09acc82178cbf2

SHA256
127fde9b3c238f66232d0f0db1d3ff62d2c46d16f50aa92073d26977f36f463a

SHA512
ec8c638a8c616c7fa7989585cd5c577c3bff88801789c5b975e016ec888c0d2a1d3f492d12bbb3618ee93c79c80dc1f666ed9e21ffe595dd7b2f3c9f601e03c0

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

Filesize
138KB

MD5
8dd350bb44e45c0b89d0c2cea8e1fd9f

SHA1
298ccacd3f218f8d98709a43df09acc82178cbf2

SHA256
127fde9b3c238f66232d0f0db1d3ff62d2c46d16f50aa92073d26977f36f463a

SHA512
ec8c638a8c616c7fa7989585cd5c577c3bff88801789c5b975e016ec888c0d2a1d3f492d12bbb3618ee93c79c80dc1f666ed9e21ffe595dd7b2f3c9f601e03c0

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

Filesize
138KB

MD5
8dd350bb44e45c0b89d0c2cea8e1fd9f

SHA1
298ccacd3f218f8d98709a43df09acc82178cbf2

SHA256
127fde9b3c238f66232d0f0db1d3ff62d2c46d16f50aa92073d26977f36f463a

SHA512
ec8c638a8c616c7fa7989585cd5c577c3bff88801789c5b975e016ec888c0d2a1d3f492d12bbb3618ee93c79c80dc1f666ed9e21ffe595dd7b2f3c9f601e03c0

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config

Filesize
1KB

MD5
b3bb71f9bb4de4236c26578a8fae2dcd

SHA1
1ad6a034ccfdce5e3a3ced93068aa216bd0c6e0e

SHA256
e505b08308622ad12d98e1c7a07e5dc619a2a00bcd4a5cbe04fe8b078bcf94a2

SHA512
fb6a46708d048a8f964839a514315b9c76659c8e1ab2cd8c5c5d8f312aa4fb628ab3ce5d23a793c41c13a2aa6a95106a47964dad72a5ecb8d035106fc5b7ba71

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll

Filesize
209KB

MD5
b322ca965d1571b468b8c49d387d7f84

SHA1
cc1c2fd52c081e36c2b01f05fb2995d0807fcb19

SHA256
e45af7598efae14255851cf7d23c669af1a0e89fffa64e4e12c59960542ad0da

SHA512
50cfb1240491efe00760c37150f2f8a7dc6769f58fbeccc811eea9574917f383c510af3bce181efe7515e417fc211314aad48326a296f6c1093ca23ff76c9318

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll

Filesize
693KB

MD5
fdde119bd5c37341879e1bd1bfce033a

SHA1
e7228d4dd8a2a0fa7d60f50f68e32560932c3a6a

SHA256
9a7f775a3d2569ee6a830a7814f1b6068613153b14bc5515ea7644dd51e5972e

SHA512
8f91ae407ae1998d86e2edadf9b871e31f8b46b24f7285d17e6f221c33ed19623cbb16f4b73f94dde860dd47ad122f38cba7f5810350b049f79d89c417f53ab8

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.INI

Filesize
11B

MD5
3cdfd5df6e00dc0b92545ad224c3b830

SHA1
ce0b546c4444f4459994d48a73bae1e81c34100b

SHA256
94b3763fc3a5b1cf09cd6c28d8dce25fbf584268793395c161966104aa8c2d9c

SHA512
4fd44991f30acde7e2260e67967bd4ad33df075b59467a94684d130bfbc5e8998a42b6b74638006836c19b2210fa1675f23f3e79708f097dfaa8ce93e4c69258

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe

Filesize
39KB

MD5
6ccbda9d45af2fa76ced1be2fea3ca24

SHA1
f1bb857e19d7b5caf0e91629050f828a62881bed

SHA256
bcc3126921cd6337cb94f352fda84e4ac9bff629b526523cdeaed82cf0e30cfa

SHA512
cbbb85451d50c1167e48276771e109d7abe1efc0b9d7a4b02ea5e5a84251b8112c52c13f3b9aaee6ba637950c314e30c9e92877100aa68560661356f01ab4047

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe

Filesize
39KB

MD5
6ccbda9d45af2fa76ced1be2fea3ca24

SHA1
f1bb857e19d7b5caf0e91629050f828a62881bed

SHA256
bcc3126921cd6337cb94f352fda84e4ac9bff629b526523cdeaed82cf0e30cfa

SHA512
cbbb85451d50c1167e48276771e109d7abe1efc0b9d7a4b02ea5e5a84251b8112c52c13f3b9aaee6ba637950c314e30c9e92877100aa68560661356f01ab4047

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe

Filesize
39KB

MD5
6ccbda9d45af2fa76ced1be2fea3ca24

SHA1
f1bb857e19d7b5caf0e91629050f828a62881bed

SHA256
bcc3126921cd6337cb94f352fda84e4ac9bff629b526523cdeaed82cf0e30cfa

SHA512
cbbb85451d50c1167e48276771e109d7abe1efc0b9d7a4b02ea5e5a84251b8112c52c13f3b9aaee6ba637950c314e30c9e92877100aa68560661356f01ab4047

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe.config

Filesize
1KB

MD5
200b9c5450a1640157e06de09698a485

SHA1
fd8cbe606fff687c4c4aa807f2ea22b73f353ad0

SHA256
e6505d2e060926a7e7e7ed3e2d66b974ec15576719d18177e2aa9e540d4acd9f

SHA512
b88b11a7bc0bba669263bf25a8ccd9cbde71a4196e59b35c4e4cd26deed6f18ff00452d585c6d1ec4986d92f6d51c9b94c0cfcc577acdbe6ae94fe2475b6ba51

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackages.CommonLib.dll

Filesize
88KB

MD5
c80f80d9442354c8c5f6160e804ba8ea

SHA1
e656968323a33f3df47a5bb4593d6c131d1fea57

SHA256
fcb0089ed619319476e22bffcac04740f98d845cf7ef58ff04e3482781d4ac83

SHA512
9697cbeb2fad8acc7def44e7cb4ba60696618a6cd10f9ab47f0f230d2f3dfcaa6caf63a4e211cf1adad9cae0a1000a0028814709ee074b2bea0db5a76b3986c2

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackages.ModelsV3.dll

Filesize
55KB

MD5
417e8f266515178340863765edc06087

SHA1
c061765f28fbb649e09c1bba5549c0a38dc2e77e

SHA256
9a966f8b45faad9cda949fc4a1b250cdcd8c504082db02981f1c56d6bb7870f1

SHA512
e5544873e098b46eb312d4bc25e5c331778f7857347a2a5a858b0791eff0ffbd098d846b922835cd4caea0b4974ba7d5a5d873e8bb3841ab3e7ddbf740a12661

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\StructureMap.dll

Filesize
274KB

MD5
f67919a4bee5d90c6813f18a75064bc0

SHA1
efb353fc85ef4fefdea2e3d68aade72c1f868517

SHA256
e7a1b8e90f181c93a3fe1d277d43e57f979246a98a1ae9ee988858cffd6cb372

SHA512
a570c88427838ee62d111ded600ea71e5a3ae4b37c90b716d4134f7d88dc4f33fcb5405a36158a46c207e77c0bf027451598b141ccef21ccfdabb1621c1f2275

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.INI

Filesize
12B

MD5
3eaa2ad2e4281887fb4b32b62bfa45fd

SHA1
5dfba9c4e6933c7e4418291da07da6b752e98bae

SHA256
4eb38123404984b2511e3ec2dc2af2e76ac1c85a87f0a4f45dba1b64ccdcb1b6

SHA512
b1f92223ab6c1c35ed6f092a06f2db47eed48a0eb62c104cf5df78935b4ba3edd4a8bba54e185a2ddb5eacf9f1fc7774ae86c8bb9d0076c90581f4b6ba27a315

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe

Filesize
161KB

MD5
00a36b03209e75fa4adaa9ac011e9b7f

SHA1
2c0b27c829f59b4876a42e775ed2126290eecd97

SHA256
d65d5e72effb890cd3a9444930bbf3222c49e311d14963b4ced33a2aeac47866

SHA512
e8e0fd26ae604b5ace44e4edb711f2335d06b5aeb092d0ced0884b46b2bbd6b1a0e8199d03dfaa43357501d64eb91442438df06befb612532fa1aefabbd4c190

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe

Filesize
161KB

MD5
00a36b03209e75fa4adaa9ac011e9b7f

SHA1
2c0b27c829f59b4876a42e775ed2126290eecd97

SHA256
d65d5e72effb890cd3a9444930bbf3222c49e311d14963b4ced33a2aeac47866

SHA512
e8e0fd26ae604b5ace44e4edb711f2335d06b5aeb092d0ced0884b46b2bbd6b1a0e8199d03dfaa43357501d64eb91442438df06befb612532fa1aefabbd4c190

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe

Filesize
161KB

MD5
00a36b03209e75fa4adaa9ac011e9b7f

SHA1
2c0b27c829f59b4876a42e775ed2126290eecd97

SHA256
d65d5e72effb890cd3a9444930bbf3222c49e311d14963b4ced33a2aeac47866

SHA512
e8e0fd26ae604b5ace44e4edb711f2335d06b5aeb092d0ced0884b46b2bbd6b1a0e8199d03dfaa43357501d64eb91442438df06befb612532fa1aefabbd4c190

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config

Filesize
546B

MD5
158fb7d9323c6ce69d4fce11486a40a1

SHA1
29ab26f5728f6ba6f0e5636bf47149bd9851f532

SHA256
5e38ef232f42f9b0474f8ce937a478200f7a8926b90e45cb375ffda339ec3c21

SHA512
7eefcc5e65ab4110655e71bc282587e88242c15292d9c670885f0daae30fa19a4b059390eb8e934607b8b14105e3e25d7c5c1b926b6f93bdd40cbd284aaa3ceb

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll

Filesize
83KB

MD5
10c0ee8f8bd59adb0c1ab757b86d4d8e

SHA1
6116200618e32ac0004d2e145e8198ec7ef59eb3

SHA256
2fc4a3226c040c345531fec9bbeae79c4ea37bc0cd17a643a6dc1a0ef89e015c

SHA512
bd7679de78b6415fad3f767e9514ab38a09f69c9876119f21b9b7ae0e9b6fa4939dff3d48e4f335278f1ff0998d27e0c0be15d1763d42a959a6f8d826443f905

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll

Filesize
687KB

MD5
46d14e2b5187bc7e2c8acabccb77dcf4

SHA1
bb4beea0341a984618f0cde0f9052cef96e93fb1

SHA256
dfcc1e81e509c6defb4a93bb00e4ca91e051d4ad77d2d076339e2832174b8ffc

SHA512
324d70f8088d970b288cfdf163294fddd6d9dc3254315b6c1cb40300efff400a00a3f0ee51928211a7a79597e304c9185cafdcfdfc4fd2f77b093c5c4a770c78

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.INI

Filesize
13B

MD5
628ca66025f77286df96177c3ebb8138

SHA1
14dba90e4c2f9b8fa7b13e9af01c5d2b6a6af6d6

SHA256
d7630e927dbb907ee379a95be9ed1cbb2a0a87fc9aed83ed6dae8340bfcf1b09

SHA512
231d3244cabcbbc811f9bc06a89517083a58ed6748a4bc6e0c1676054cd22d7cab7bc21af5a221e47fa096a5129ea908c9d09ef4b98baeec2ce78b78ebb26dc4

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe

Filesize
25KB

MD5
fd9e8a53114dba71999e09386fb6ff83

SHA1
8b24a77a7f8cb1070a8207ff9abb9b8b7fe8a679

SHA256
4a7d1e7fac5578c585f0d5598f37245bf8288ca654f4d8bfe9935376256b3dbe

SHA512
4412e7b8feafbc140a74ff431557e4755fb5a0da15de85666e58a414f378d13a9a23f7e84f7167663e00d95cedddea425af96f63be0a13dec8bc704f71fa7d0b

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe

Filesize
25KB

MD5
fd9e8a53114dba71999e09386fb6ff83

SHA1
8b24a77a7f8cb1070a8207ff9abb9b8b7fe8a679

SHA256
4a7d1e7fac5578c585f0d5598f37245bf8288ca654f4d8bfe9935376256b3dbe

SHA512
4412e7b8feafbc140a74ff431557e4755fb5a0da15de85666e58a414f378d13a9a23f7e84f7167663e00d95cedddea425af96f63be0a13dec8bc704f71fa7d0b

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe

Filesize
25KB

MD5
fd9e8a53114dba71999e09386fb6ff83

SHA1
8b24a77a7f8cb1070a8207ff9abb9b8b7fe8a679

SHA256
4a7d1e7fac5578c585f0d5598f37245bf8288ca654f4d8bfe9935376256b3dbe

SHA512
4412e7b8feafbc140a74ff431557e4755fb5a0da15de85666e58a414f378d13a9a23f7e84f7167663e00d95cedddea425af96f63be0a13dec8bc704f71fa7d0b

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe.config

Filesize
187B

MD5
3f9b7c50015ca8be5ec84127bb37e2cb

SHA1
07fa0b2f00ba82a440bfeacafd8b0b8d1b3e4ee7

SHA256
c66e1ba36e874342cd570cf5bdd3d8b73864a4c9e9d802398be7f46fe39a8532

SHA512
db5713dda4ecac0a1201add7d5d1a55bdbfc9e373b2277661869f7de9e8ba593f44bdafa6c8dbeba09df158b2dfdd1875c26c047f50597185f1f2f5612fc87b9

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\Atera.AgentPackage.Common.dll

Filesize
81KB

MD5
ea658407265ab5ce2a1794ab9ab3339c

SHA1
1bda2624f029a30e3b89e2aeccdd32b09bb031fb

SHA256
735d255f396448ef6bc30d3b38dfda4487f4832bcc6dadeec2737fdfaa938548

SHA512
7027638a120c35f8df29e24d0e061d2657d2fac37a83150cfe14a65bc91960da0c674c442fe97cc5175eb52248bef4b4f5abb78639a7dd659ceecb02e3a14280

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\Newtonsoft.Json.dll

Filesize
522KB

MD5
50bdc0231af5435fa5ad29927d7273d6

SHA1
6b9ba2ff309b30f5b3318ab0d31270ce70b94307

SHA256
5059afd9cfc492a74e230949ebb528572d228d29da767227bbea75716907ad75

SHA512
15719741cf26f5057251b8507af83dd5a8355b8cc142b6e0c85c4c0ca98e6e2ce5cbb955dfebd88ff5ca4b78471983feef66f7513d7bdd43468f47b55bc7ea4b

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe

Filesize
209KB

MD5
833180d04a470941ef02adc4621e3d79

SHA1
35ebf7de06b0674fdf79bf85392caaba56019a34

SHA256
f2aa38af3a3353c05cae995b7403ff88b96b946ecc94164997d77eac9ac71d18

SHA512
e03e8ca4617ea738862fb198317074ebc0acd2e98bce1edbfda91ed0231f54cbce7995e20367380f8d1e4e880c33f3c00513670b87a88c7890eb8219fec40b66

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe

Filesize
31KB

MD5
5c33b399551c1ff47d5486c6556121bb

SHA1
74d49780496b0ed524442aa95f6eb69bc83ded18

SHA256
aad2956ff675d736d2d98f79aefe3f5fab742846a7f7eac0b796dbab69acd3b9

SHA512
6f9c4fa63fb157248a1483869e2c4fd071926a08b396df163db6d53f637c1a0dcb7e4c1315f3bafa438f75a08084ca8cfd7d5fb485316b19eede00814393e74c

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe

Filesize
361KB

MD5
ae7967f93eab6df959ef08e9d3a08c26

SHA1
cc7339d27161cb13628e4a87c452ae48343bed31

SHA256
0b727b251fe3e086987143e917c577c8a8e743df6934c85dd5267abecf4eeeec

SHA512
5467a0abcc4301fdf7e16bf2b7c5fe321fa80877a16b01d0a527d649d5a707eba4926ef5196ee1ff40032918c37b17b97c56775f44df507ed12bfd1fab0df6c6

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe

Filesize
182KB

MD5
168f440cba53e1d00d1591629afa5f75

SHA1
dbeb9626a5b55f0e32b714bb3ef42442da0fbf97

SHA256
e9858c5ea9a7b3e31a2e631e142d9a74641f30c1adcd87fa6e613c325a80659b

SHA512
7c0aed927adc67ec5e8f12895e6002e133a09469faef72d542f20e3d3965edabf052d6794426b69e1f7be5196e709d21c8235e3abf402b04b1a404400522fab5

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe

Filesize
46KB

MD5
603d1d19b1d85805fd243f938fd1e2f6

SHA1
8faea3be0494a2a25d6339a4ce830142725cab05

SHA256
e87bd1bc6a49526838c01e30c7fc36d764a22af20ff0cc86febe3a81875b2123

SHA512
eb3c681090f6dd8d443d12a47e9d984661d9544aad67e374ffb817d3e675849e6dffbf0708f3abe31de62b13c19e8264e84938543be16615b2838e62be576aec

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe

Filesize
53KB

MD5
b7aca4b1a547ca9ba8931fb2f3a8ffe4

SHA1
ade0df9aa1b3419b1f5dca663a5ba86221fca0b9

SHA256
bec6398691bd7290f2b504fffe3271275816af6cb4a481dcecb8325f497a4d80

SHA512
7344734e229ab95bd5764523ab8db72760f71c50e947547daa4dc5668a97f257022f8f864fda38e26f922df3ef16856979bab3785164dc4a3a661e25a2706735

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.INI

Filesize
12B

MD5
217efb4cfd0e2fe659eb9238ea4c3121

SHA1
956ff139442faf8cbea2940171559af5bee3b6e5

SHA256
05fd94189e503efa8d3bd8cfc139a50fa2d4b6bff702d1345d165e85cd09867d

SHA512
dce527723d814ef4f435875e15028fcb7de73ab73e9519f2d87aaee3af10bb6854c62bccdf4786712f3746971b2cbb4c789c9ff7d9ab200b9dd2ba4734059e1a

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe

Filesize
57KB

MD5
640fccea6286b24cddceb3c060735778

SHA1
8e07a5313ef59ead7ffb01c7d642fe80a7f9407d

SHA256
21cda2c93efa7a5e30067d0ff3f1ee18437576156656642decf62a62343b3509

SHA512
ceb613ca3ee8efcd1015cc00da2f71f183febf4a34e3a98fd2953c099f1283d4083003d8f1c52cea38b9d2e53ac5c4228d9ee940cfc2beffbf357043cbdc346b

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe

Filesize
57KB

MD5
640fccea6286b24cddceb3c060735778

SHA1
8e07a5313ef59ead7ffb01c7d642fe80a7f9407d

SHA256
21cda2c93efa7a5e30067d0ff3f1ee18437576156656642decf62a62343b3509

SHA512
ceb613ca3ee8efcd1015cc00da2f71f183febf4a34e3a98fd2953c099f1283d4083003d8f1c52cea38b9d2e53ac5c4228d9ee940cfc2beffbf357043cbdc346b

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe

Filesize
57KB

MD5
640fccea6286b24cddceb3c060735778

SHA1
8e07a5313ef59ead7ffb01c7d642fe80a7f9407d

SHA256
21cda2c93efa7a5e30067d0ff3f1ee18437576156656642decf62a62343b3509

SHA512
ceb613ca3ee8efcd1015cc00da2f71f183febf4a34e3a98fd2953c099f1283d4083003d8f1c52cea38b9d2e53ac5c4228d9ee940cfc2beffbf357043cbdc346b

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe.config

Filesize
180B

MD5
9bc8c60dca1db56880a6de6186139bbb

SHA1
215828e6240b6d588e1d3e1a92e9df51ede80062

SHA256
98cbf73681a1b63d4242cb40a2bd0bb6b04a61528a4230e8eb7e10bd83b6e6b0

SHA512
809a8d652869977bcaa702fc7ab4963ef48554e122acd08314c7645dbb878bb32e0c5be0aa08606956fcf1fac5431cc401f5949ef781e52eb9919c72c88f999a

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\Atera.AgentPackage.Common.dll

Filesize
50KB

MD5
a7ba559f21909eaf8f37b13d7246ed89

SHA1
ee0f90e6c552e2b0a2d7fb18f280a6556841a60d

SHA256
edb3a880f4f19c2b428afe0687ea1b09372410629841736c730f0dfe84217e89

SHA512
6e6b3bc637a21bc6ebae7fa5cda3620da1bc38172666f82a9b3abd16982b3ee8660b74783d13bcfac4599e1a5da452c74746bb30d8065fac6562c95e4d072a4a

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\Newtonsoft.Json.dll

Filesize
523KB

MD5
37d2fe6f26972a60611679e3dd4c78f8

SHA1
df31c923a8ed225809399c321d0383aa8a01643e

SHA256
42e0d59650b2b63a7e7ebab52189625d88d6ade60e1c0bbf0d09af5e011c9020

SHA512
2b884b5cb977baf71ee0b2f29a91048e3c1b9f86505b97d2ad2d353d5d54a2c94c89995d9543ed85428930744274db09431b0bc768d13362ce14fc6de8fe8945

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.INI

Filesize
12B

MD5
5d617161192563118200820318e001ee

SHA1
33f4bd97051033a1d3bce8b3ef3d8a1c7161d937

SHA256
2c993dd2e58906e673e063e5d935d114fd01c7b1b9268619c7b99819a271094a

SHA512
f1f34950c88d590104df0daa59b452d671c1b5888835aac9ae10bc303482d692da936bbf7dba6a24098b21debbe0dd9bd7bef865afeea0f5a84d59f5f8cb5e34

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe

Filesize
43KB

MD5
07dc5a06d0162c6d646d80e8fe98cbbe

SHA1
94df85deaff11ab3d0e945a50acbe959df36707f

SHA256
2d4e9cb55fb953a74e860d5b76770d3ad9bc2d9fc606e9d9a0e0cc8ee31dc650

SHA512
7d4f3bcfea175263f10bf2cacd4032fe4e1025ea2f8fa6fe29ea1201e35f9b71e2d230243f4ce1d96968cf4a605101e3939f14e71f615863a414e698a2e49b0c

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe

Filesize
43KB

MD5
07dc5a06d0162c6d646d80e8fe98cbbe

SHA1
94df85deaff11ab3d0e945a50acbe959df36707f

SHA256
2d4e9cb55fb953a74e860d5b76770d3ad9bc2d9fc606e9d9a0e0cc8ee31dc650

SHA512
7d4f3bcfea175263f10bf2cacd4032fe4e1025ea2f8fa6fe29ea1201e35f9b71e2d230243f4ce1d96968cf4a605101e3939f14e71f615863a414e698a2e49b0c

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe

Filesize
43KB

MD5
07dc5a06d0162c6d646d80e8fe98cbbe

SHA1
94df85deaff11ab3d0e945a50acbe959df36707f

SHA256
2d4e9cb55fb953a74e860d5b76770d3ad9bc2d9fc606e9d9a0e0cc8ee31dc650

SHA512
7d4f3bcfea175263f10bf2cacd4032fe4e1025ea2f8fa6fe29ea1201e35f9b71e2d230243f4ce1d96968cf4a605101e3939f14e71f615863a414e698a2e49b0c

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe.config

Filesize
138B

MD5
4ae63ede7bd788050330b2cb69685055

SHA1
b152688c4261ac9da78b481fc6e44e8ef08903b4

SHA256
c3c261201a1fe6a3b9ae4d179138c86cdd3d9682bac2c4f4fecbfd341dedfd73

SHA512
82941806c68ceaf7162b9bcbc45d3b23a27c4ec4caa28691f9e45dd0a24588dd6cb2b7adb34375109a646bbdfc05aa7eb9c8c1637166cd3fdb3422570abc5f6e

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\Atera.AgentPackage.Common.dll

Filesize
90KB

MD5
db7d451e2e4a8a7ab74eb617258d175b

SHA1
9819be13c07d73a6501b56786a325bee45f75d13

SHA256
229797727fb61818c9caeb58f8569dc0dcf4e72ae52929b0b10d0a52a59322fb

SHA512
aa8e34f6cc5b8806038c6f9bab55799edb933eefb37d9ebd2d0859de0a8c8da0d948e2b1dc00d1c91e272d8115d810737c3a8887cc71fddac2c0f8d654bb8ec9

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\Newtonsoft.Json.dll

Filesize
523KB

MD5
920da3564710ecb653550117d43039d6

SHA1
0cfefa563c9bd4ff65c7b450c0906c2d34695b2d

SHA256
d3785e7497ffeafc60764f284873728e5ceb140efdd1cc4999ad2516f8ab110c

SHA512
9462e9abb48c364001734a57a22a53d05c09dd2fcf2186279c124d6b2f0dab660de76e7b9d1aecbf17de561b227b63375adc717399597ade0576b4e39b5e8acb

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.INI

Filesize
12B

MD5
65974904d4c828956a69f67287c4d801

SHA1
95ac7981f1764d52cc456f6ea52dc520cb5651ed

SHA256
63148fc2dfb6c815167fc6d6d23e7b6538d8b3a9a65b6d83efb3f3fc444c5c82

SHA512
ee8b055281dad68970bf03375b18d68c34d0bf085a1879a5d3beaaedbed0a5ffd49cb419c5375637fdd1c6c3ae78abb92e5a5ff050afa200288953a5e87d75ad

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe

Filesize
27KB

MD5
c30f1a0fb19e7f66f306b09d92a218ac

SHA1
c21d448e363effcf96eb485054796214f76adcf6

SHA256
07b222df51c3150904fdd2dc03cd50d14ec3dcc86fe9eef5fb860ab508393119

SHA512
4f0ce90c774cfd967ffc20c940f34b8980815dac530556675d18af7f5c5aec0156f10c5c8db099c0a7caec78ab6601a04a1fa95af453d6a08cc697268846bdf9

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe

Filesize
27KB

MD5
c30f1a0fb19e7f66f306b09d92a218ac

SHA1
c21d448e363effcf96eb485054796214f76adcf6

SHA256
07b222df51c3150904fdd2dc03cd50d14ec3dcc86fe9eef5fb860ab508393119

SHA512
4f0ce90c774cfd967ffc20c940f34b8980815dac530556675d18af7f5c5aec0156f10c5c8db099c0a7caec78ab6601a04a1fa95af453d6a08cc697268846bdf9

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe

Filesize
27KB

MD5
c30f1a0fb19e7f66f306b09d92a218ac

SHA1
c21d448e363effcf96eb485054796214f76adcf6

SHA256
07b222df51c3150904fdd2dc03cd50d14ec3dcc86fe9eef5fb860ab508393119

SHA512
4f0ce90c774cfd967ffc20c940f34b8980815dac530556675d18af7f5c5aec0156f10c5c8db099c0a7caec78ab6601a04a1fa95af453d6a08cc697268846bdf9

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe.config

Filesize
180B

MD5
9bc8c60dca1db56880a6de6186139bbb

SHA1
215828e6240b6d588e1d3e1a92e9df51ede80062

SHA256
98cbf73681a1b63d4242cb40a2bd0bb6b04a61528a4230e8eb7e10bd83b6e6b0

SHA512
809a8d652869977bcaa702fc7ab4963ef48554e122acd08314c7645dbb878bb32e0c5be0aa08606956fcf1fac5431cc401f5949ef781e52eb9919c72c88f999a

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\Newtonsoft.Json.dll

Filesize
523KB

MD5
a0dc8d55f22db9b6f61769738ffa144e

SHA1
4a9981c7445d541c403e029acb05f8bcdfa34341

SHA256
d968784172870c7223daf11c768f431cda51bf0456b2f5124a23a9b534f69c03

SHA512
4bebf212da874b59b99b318d3e0d17e61940128b2f0f0bbb431905a7d87c9dd86017f7393dd422c58f5571e3c258a4a7d95189928a46e72c90c1c4458b729620

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingTrayTMP.exe.config

Filesize
180B

MD5
9bc8c60dca1db56880a6de6186139bbb

SHA1
215828e6240b6d588e1d3e1a92e9df51ede80062

SHA256
98cbf73681a1b63d4242cb40a2bd0bb6b04a61528a4230e8eb7e10bd83b6e6b0

SHA512
809a8d652869977bcaa702fc7ab4963ef48554e122acd08314c7645dbb878bb32e0c5be0aa08606956fcf1fac5431cc401f5949ef781e52eb9919c72c88f999a

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe

Filesize
51KB

MD5
6499be64846f547a2e1667bbe00fb7b6

SHA1
cec452b5c6a42af4fce54502297ec509c0f2d222

SHA256
1c63c36028d71e20ca2a41a5cbbd628a95c5f2cbee8def0cb593784c39d7c893

SHA512
d8a5c16b8a7af15e6769d3bf289d412ec9ff1112cc763482a43ef4af8eb0faeaa46e06bccc175200ddbff38ac80fae87c0d786a4d7d64729e93ea6dd776f6748

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe

Filesize
51KB

MD5
6499be64846f547a2e1667bbe00fb7b6

SHA1
cec452b5c6a42af4fce54502297ec509c0f2d222

SHA256
1c63c36028d71e20ca2a41a5cbbd628a95c5f2cbee8def0cb593784c39d7c893

SHA512
d8a5c16b8a7af15e6769d3bf289d412ec9ff1112cc763482a43ef4af8eb0faeaa46e06bccc175200ddbff38ac80fae87c0d786a4d7d64729e93ea6dd776f6748

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe.config

Filesize
175B

MD5
332f07af284ae49f72f9b8554936340e

SHA1
422a0d4659036445311fed59949443f2d46c0d5c

SHA256
8a4d689f426e0523d7011753f369ea208e0c08039c7ddb51aaf97b8dc16f18d3

SHA512
7aad55c55b223826e6388158bd2dca01ab95d4195d0f4445b417e42b67b96a2a44acb441d43c7252cf7083417f8c256a616289ff3119b2eda0a6e156632f6745

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll

Filesize
588KB

MD5
d39533ae3451324100a8be62845799e6

SHA1
31af6d7acac3ff2b67a3b6d5dca6ba22809988d3

SHA256
fa52b413bec029179f4dc476b9198f53d9034b0de59ae2439a8882403b61d07e

SHA512
ce69bde9859ba32aa24b09538e5ccefa8766f2f264bf637fae2d0ec1419e306f767e3343793448d960880c82d328fa6e7b75e14cbc2de3403fb21c80f03318bd

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt

Filesize
167B

MD5
039eae6f06b2fb218c29f7a535303274

SHA1
78e36f03c526253da0e24a37bd926a27ff4da79c

SHA256
1ac010ed24fa0ba37f47464fe56814eb4d196d6b5e0935540f8d3880b8318edc

SHA512
2c3097286a36204493b4ddbe4c07ffc173ab6fe6506711933a495f68f1bbe53592a7d1189eb80fe6a984dfec19392a347a12890dc718777aafbb7f4d52a620dd

Download Submit
C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallLog

Filesize
287B

MD5
fcad4da5d24f95ebf38031673ddbcdb8

SHA1
3f68c81b47e6b4aebd08100c97de739c98f57deb

SHA256
7e1def23e5ab80fea0688c3f9dbe81c0ab4ec9e7bdbcc0a4f9cd413832755e63

SHA512
1694957720b7a2137f5c96874b1eb814725bdba1f60b0106073fa921da00038a532764ec9a5501b6ffb9904ee485ce42ff2a61c41f88b5ff9b0afde93d6f7f3d

Download Submit
C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallLog

Filesize
717B

MD5
ef0a07aec4367a64c16c581da2657aa9

SHA1
13011a5abcbadb3424fb6ecee560665556bb1d24

SHA256
f8c02541eba2fde1b29b3ce428cbb0f1913110d4bba9b52f7252f728e9fce987

SHA512
35cfaedb4e5f754dde69f4cef508bbd6127408c405baa5ee2e20104f9aaa1ff2a228f0bfa42d51dcd1006e026ce238bd7042906e449ca78ef91e4d00b08c5c46

Download Submit
C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallState

Filesize
7KB

MD5
362ce475f5d1e84641bad999c16727a0

SHA1
6b613c73acb58d259c6379bd820cca6f785cc812

SHA256
1f78f1056761c6ebd8965ed2c06295bafa704b253aff56c492b93151ab642899

SHA512
7630e1629cf4abecd9d3ddea58227b232d5c775cb480967762a6a6466be872e1d57123b08a6179fe1cfbc09403117d0f81bc13724f259a1d25c1325f1eac645b

Download Submit
C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe

Filesize
138KB

MD5
8dd350bb44e45c0b89d0c2cea8e1fd9f

SHA1
298ccacd3f218f8d98709a43df09acc82178cbf2

SHA256
127fde9b3c238f66232d0f0db1d3ff62d2c46d16f50aa92073d26977f36f463a

SHA512
ec8c638a8c616c7fa7989585cd5c577c3bff88801789c5b975e016ec888c0d2a1d3f492d12bbb3618ee93c79c80dc1f666ed9e21ffe595dd7b2f3c9f601e03c0

Download Submit
C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote.zip

Filesize
1.0MB

MD5
b6b3804b3bdf91d48b3941d89a3b5c0c

SHA1
9bbac5920627543510db53e799ab1ad1a3bb2daf

SHA256
2ae934c67c90031194340ab6727c50a9ca7e7cdd30312838028794aa1309132c

SHA512
0ed5c02820f4fdec9c44f86326e3a4379989a3565af2d3c90e5c9c8ba56ce46ee72acbf3f98e5524a7183e803babd0adbd73fead4002594ca0319cf6c4959eb8

Download Submit
C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation.zip

Filesize
366KB

MD5
1a0fd323ec802c0dbf08756c5c707f93

SHA1
5476d0bc3e1a493df47c048a61947f51d1f51513

SHA256
24d87bd78c19f6866ff35c56a2231b9aaf504b540f8ccce738f843eaa1cf87d2

SHA512
1dd354b89f43347a26c0b645d5471cb0f4175e1037c3f320949c1f3ff6a73a39db41f92674364a94493c0e3aabc5a58bcf75cca5b0c9f493ea60c7452f7934ef

Download Submit
C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.ini

Filesize
12B

MD5
3eaa2ad2e4281887fb4b32b62bfa45fd

SHA1
5dfba9c4e6933c7e4418291da07da6b752e98bae

SHA256
4eb38123404984b2511e3ec2dc2af2e76ac1c85a87f0a4f45dba1b64ccdcb1b6

SHA512
b1f92223ab6c1c35ed6f092a06f2db47eed48a0eb62c104cf5df78935b4ba3edd4a8bba54e185a2ddb5eacf9f1fc7774ae86c8bb9d0076c90581f4b6ba27a315

Download Submit
C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller.zip

Filesize
256KB

MD5
81d91e831bec82e372f0a104fc0ae8dd

SHA1
da82dffc51ccd60bd5ed8836a6041680dd3f1d0b

SHA256
f925d7bed8dec9296362ab11a9e8bda923003782729b699b7b406fdfe0619e7e

SHA512
7a26ba5a188de9ad25814a058e5daf494801382bc8ad33cd3d13d2adcbeb9652244bd2fdf2fcffd68b5ebbfa7e1d947e81265a4995cbf1f400de3698ef707389

Download Submit
C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace.zip

Filesize
1.1MB

MD5
958f5d4b962db483ceb537950d711ae1

SHA1
6f3c9d7fa3f4680d66257fec6af93f07be53b297

SHA256
b57b445f4e9a785299db77a3a2b39b0da0b26d7bfcdd9439fa1c92cd43c667e1

SHA512
6e6a6a2d6b94e1e1cf142b20c914f424401bcda8a6f158d6e26258be9004864967d038b21cf628a8d12b73475eb9e7b127e5dd7f2c4663e44a4900633b1d20e8

Download Submit
C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring.zip

Filesize
3.6MB

MD5
fca664328ec92e81776c0484e30f110f

SHA1
2c4239e8262fb0bd259b3190edc3754be02fbd41

SHA256
737ff26f289930f50b154817d52816bb982adea692936fc1bdb893341c4bfe20

SHA512
ee27466cf34696204061d288abba5e45235e865d768a5b06c040d086aeb95d5a7bd19a678453d41b796dd9e4c004bbf97792248502e3b8de1d6ae24baaa079cd

Download Submit
C:\Program Files\dotnet\LICENSE.txt

Filesize
9KB

MD5
31c5a77b3c57c8c2e82b9541b00bcd5a

SHA1
153d4bc14e3a2c1485006f1752e797ca8684d06d

SHA256
7f6839a61ce892b79c6549e2dc5a81fdbd240a0b260f8881216b45b7fda8b45d

SHA512
ad33e3c0c3b060ad44c5b1b712c991b2d7042f6a60dc691c014d977c922a7e3a783ba9bade1a34de853c271fde1fb75bc2c47869acd863a40be3a6c6d754c0a6

Download Submit
C:\Program Files\dotnet\ThirdPartyNotices.txt

Filesize
78KB

MD5
f77a4aecfaf4640d801eb6dcdfddc478

SHA1
7424710f255f6205ef559e4d7e281a3b701183bb

SHA256
d5db0ed54363e40717ae09e746dec99ad5b09223cc1273bb870703176dd226b7

SHA512
1b729dfa561899980ba8b15128ea39bc1e609fe07b30b283001fd9cf9da62885d78c18082d0085edd81f09203f878549b48f7f888a8486a2a526b134c849fd6b

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
133KB

MD5
a90579f241ab4d4d83b3a6f234d9472c

SHA1
8d7a563343761b77b57e1f4af440156862e7722c

SHA256
a54b4a3f19be39922488d86417824194c7dc5adc4493c37f87133fd3fc80948f

SHA512
2554aa432615939e77925363824527086f556e3eea53e26f79864834f879c8728cfe1458079b590053208e44a0eb4966361b3d85b173b09807cdc7a43a9687b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
471B

MD5
7b0ad42901607fc4f9259a75966b7624

SHA1
b39512defa6cd96dce6210768304d2d499511bb7

SHA256
8ee7bb81e3e37e7b3313892d71c8abd2c62eac2b5f5d87b0ba9fb46f5ae0d815

SHA512
cba5f94c579bdd754bf040220a7703558e1eb4dfd58db67b074ce5ed35f2002181fcd94b125bd8aa669a651a0cc9b72ed60063ffd619a8a6960c4aa35dc57348

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_D6781754937F132531C364D68914BDA9

Filesize
727B

MD5
b9fccbada30cea201a14ee3af637d71a

SHA1
f7681ec0db4ff794a2ba7ac089825c6d25c64b98

SHA256
b4e159161a49c854edba6b542e1c8cf3e498e893205dcae7b17005be32c6c925

SHA512
ef0a852ec4c9ad7030f60c6536a6d55afb4fd853548ace60cf0497f219016eda9eda127fdc46ca47f0186d6f66df8d95a78383db9d81c691f77112f38a7f02b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
727B

MD5
8d3daaf3dab7b8273540453709d899bf

SHA1
a45a633ad99da98919409b59e5041bd20535e381

SHA256
e339383148fb442d04bf242f961310a3612f3850155f08d1481265dfc829734d

SHA512
64e75f48bff4f2fac8242125d26f1806c4f2f4ddf61dcd1408ff5f9cbd865214c641eb29dc464f7a2af58811477da4832ce31a7d5c5af806fb9da7c610783028

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
430B

MD5
e959835949efc40d86af2a3aabf09320

SHA1
514ec38862f3a7a70269dfa2ff290c9ad619b344

SHA256
5f41c6f631d13fbdf45f7dcbbb069f15ad640b8bd7793f56c24a900af542c93b

SHA512
c5cc343a224eb4d7ab0e2d4d2b22ffd99e2457c235ac2d7b71082c54d2f24bbcd3260fe21c0a54cdba3c0f948e34298783e52a90efb20c5d1db419aa30b17a85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_D6781754937F132531C364D68914BDA9

Filesize
408B

MD5
2b97db74e3cb1f6e5e92c75e90cced4b

SHA1
f979eb8eb1ed9fa53ced7ae1b1571a819d5e3df0

SHA256
bbf6e0bb1369427f97dfb9dd09ce3ae8b3039949357cea19e2d23c01dec8a654

SHA512
8b8e69cfdf79ca9edb8a22d86b3df2fba1c87e86ce2f9453ddebdb40d4d86134c637ffae577e965339a04841b66aa8837791688406db64bcd1f38cf82e7ae3fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4e0747fb3a98258bdf2533160777f056

SHA1
d5fdbbe14446705cb960fef9b262180fd20c50ed

SHA256
809b1485f61c86f9ec701998ee1a0981ad8af52c9f5314bba6acd8dedc803dfd

SHA512
53d8ebee7b53af293e0187ae785deb0181fd8ff2b1b3e6edc9ba6807c42524834f6d28fbd3e725bb133dd1383719be4aa7359dda02fdf24492f4ebef63c253f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
442B

MD5
e18bf07cd1980a8154e7ededdfcddd8e

SHA1
d795d4bb203afaa123f36cdc803334b37a141b50

SHA256
84f8620c8d21bba1dad8053c5031e72903613957b93803883159b01a1b97d559

SHA512
9d346a1b95eef31cbd900de23d7f46165b846910d64949c518adfcad01cfa56147109bef1ed3bf9356cb3ef5fb18ae7a6a3500946c90cd85d8f03abf49079723

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6C7B.tmp

Filesize
161KB

MD5
be2bec6e8c5653136d3e72fe53c98aa3

SHA1
a8182d6db17c14671c3d5766c72e58d87c0810de

SHA256
1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

SHA512
0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

Download Submit
C:\Windows\Installer\6c6c2c.msi

Filesize
2.6MB

MD5
f1d3df6ea3509004b975337950e58f93

SHA1
4e725bf1f8fde9efbd8adc7ce4986caee58d074e

SHA256
f9947c5763542b3119788923977153ff8ca807a2e535e6ab28fc42641983aabb

SHA512
eb6eb1daa6d8119ba721cd8f345ab558c41910dc3151879566ec9164fecf37f364adca4d951a034becf7e7c61e19217044680d5160ff108a7dbf60fe402e4a28

Download Submit
C:\Windows\Installer\6c6c43.msi

Filesize
25.7MB

MD5
c91d74f41cd6760829076752ead92560

SHA1
c903dfadf85025b9c02a65b9a4382ea85c5a460a

SHA256
c667c83c12109e96a025d5b1394a1d3cda3df4a520bcc73c7cef373f0e4088e5

SHA512
2520c30df18d63f92b83fbac107109122da81ea0db336a179a6673170e32d840ff67e673119bd2d4c6c86541d646248488d2410f1072ed69f51369ac8a51a918

Download Submit
C:\Windows\Installer\6c6c44.msi

Filesize
804KB

MD5
c6de3476cf791eb894a55334b636763d

SHA1
b2d5ccbe7270378caa69488629df240be84a91de

SHA256
dea630108cd4a2b1a9777b9958c2e4fa7416b315d19646c46195c431c5b432a1

SHA512
50a7c2897975c277b1265c0d7c6419c14cec78e1910374af836550ac5ea064d33507809a11c917d67614ed1234b42b5d860d7ae943b5a3ca11ea8b32f62a221a

Download Submit
C:\Windows\Installer\MSI6A11.tmp-\AlphaControlAgentInstallationDialog.dll

Filesize
6KB

MD5
23b4b8d7a19b6de1bf97308c084a31c6

SHA1
cf8ac83896cfc180fe2f1c3d5db67adb25860038

SHA256
5b47208bdd53b9d55efbb807063a783a992fb4aca3b7da15ac64f30930a4cbc0

SHA512
b1ca3006d9aa1c25efbd84eb67d18dd0b88fd23190e296d0b005364223ef057c18d0ae6253d987fbca3e675646654557e897c9a9e5b354fb5b76d42775480830

Download Submit
C:\Windows\Installer\MSI6A11.tmp-\CustomAction.config

Filesize
1KB

MD5
8c22d283225f3bdb8e36522c359796f9

SHA1
cec5168b62bc7d39930e0843a0a285c3d89ed23e

SHA256
5d6fd5049f33ac6b16ec0431787fa61c66630ba1916bb4c70f3f6b5844b74ecb

SHA512
826550987a6140b870894c02c20f1c890e187c5919fc60f5fe3fe962fc87bfcc3879ee1de6141d679aa85f6cf52f8be88a9b23a8d43b8561b6b70baf138ada3e

Download Submit
C:\Windows\Installer\MSI6A11.tmp-\Microsoft.Deployment.WindowsInstaller.dll

Filesize
179KB

MD5
1a5caea6734fdd07caa514c3f3fb75da

SHA1
f070ac0d91bd337d7952abd1ddf19a737b94510c

SHA256
cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

SHA512
a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

Download Submit
C:\Windows\Installer\MSI6CE9.tmp

Filesize
245KB

MD5
acf29f18088d57d255b2b5c859e6d844

SHA1
cb0260ff6e7dd2189677d1c2afc9d25cd0c6f208

SHA256
767b905a0af875fde991601e1ea86ce40af300e6054ea719cad02fe72df28fd8

SHA512
29fe0a4159a7aabb7886475824c5b23310863304a315cf59b5d6bf44c0dc2c4df36521c38ff97e5336a8c7dda63a3f1b0405b493985c3ee4f308693bed9f638b

Download Submit
C:\Windows\Installer\MSI7A72.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\Installer\MSIADF9.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\Installer\MSID8.tmp

Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\System32\InstallUtil.InstallLog

Filesize
1KB

MD5
bbe625903f24392c2a25bedce9fabd66

SHA1
5980c02f4570b749bcc0bed56ee9ff0dde1b1ec2

SHA256
fac60b5633a0094427f5c5916611912330def57e1418040216be71ee928d69bc

SHA512
480f79d8dfe1555431e2579b8b8fdbdbe5e0f064c316dc5caba50976436850ba6d2b413477096e97f0c5c76a21a6e38eefbf46b6e8e2f08ffe875fa3279062c6

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1

Filesize
1KB

MD5
d91299e84355cd8d5a86795a0118b6e9

SHA1
7b0f360b775f76c94a12ca48445aa2d2a875701c

SHA256
46011ede1c147eb2bc731a539b7c047b7ee93e48b9d3c3ba710ce132bbdfac6b

SHA512
6d11d03f2df2d931fac9f47ceda70d81d51a9116c1ef362d67b7874f91bf20915006f7af8ecebaea59d2dc144536b25ea091cc33c04c9a3808eefdc69c90e816

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4

Filesize
1KB

MD5
78f2fcaa601f2fb4ebc937ba532e7549

SHA1
ddfb16cd4931c973a2037d3fc83a4d7d775d05e4

SHA256
552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988

SHA512
bcad73a7a5afb7120549dd54ba1f15c551ae24c7181f008392065d1ed006e6fa4fa5a60538d52461b15a12f5292049e929cffde15cc400dec9cdfca0b36a68dd

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
af27e107333d7b3c25a543193330119c

SHA1
cddec762a9f67b2e728ced52eb7aa9667d18bea4

SHA256
ca90cdef83b6cac5bf7dcccbd0fa94ae8b44e0e5273dc86110e43fa8d48dab03

SHA512
8b173e2848fd3392186cf5ae460f9e09b0335256c320c423c1365d189901498d8c7413d16302657b0edd30582eb640405472c02ccf7d70ff2117b9be6ee301c7

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
622049eb585e2bd1b03a20f90fccb86b

SHA1
6d88eb82a28e9aa61a7d31f484b0cf67af06635c

SHA256
6f79ed774b6aa5428fdad50d02c6e5b76888d378b856b9da533c55fd53438827

SHA512
0fdd454ceaf61c354480a6a92143abd73c97d976757ff20887ed9a242f64e778485806df0db76054ed0eb3219183fdbd9c8c65e940c67237e857c9a0484d6578

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ded7bdbb6b9234f9d81a10fa1cb6073a

SHA1
c18e43e9ae44e23d998346b0fc905762bc725d04

SHA256
1759e73ba58b2e6528a3036647c6c04f28f767cbab1a9512996834a4daea1811

SHA512
82a7ae86f30cf3fa2deb05aed0c1ea0f0af84cf735072c92d190389003e852bf6f816eb3588e3769b7ac2f2d5cfa2f8f9b31577822e2099f47deeac9da3dd815

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9065ca83261cd06439d7a34ba9aace8a

SHA1
19ad45ed3134d9b308baa56a3086cf1c00a7d19d

SHA256
74e70bb8d1223a0f89bf45a002ef8ed20d8055f309ff10686a679865381429f0

SHA512
4e580c25fd4ffcce8b40bdf11896259d172c504386b74d65e633c89e3d625e49063e9c4938cab80764a2d15e019829e63292f04b46781c4fab5a79af06162d42

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
45b2d74b71ae899e9795c966e1f03e4e

SHA1
c0c07b3a1204efb7d3a0b0ef47029d95368c16c7

SHA256
04cf53005f6f21e8b62f572de4fee1725c7bf6b6f73ed74b26e52ca70ee3bed9

SHA512
27698d9835b2be0a290b18632970f3586d41485f296d889044f1467d0c9d14be07cd879d8e4a359bb68701a02e7dddd8227c332020a043056e5aa2558ac05f19

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9e861db75487c4d713da03580a3168ff

SHA1
775ee13ed1e915cc8dd3e3912d33a10f64734d75

SHA256
f81f6c209b3aa716d9398511c8b6a18f25006d1265e9232688d5699d69dc922c

SHA512
636738a2731a17f78a4a0b3a7c25e554da5f6fa72a6d02a6ef57fa6fe1b0a34a85299d6da020197a47a3df034c0de4aea4eb461ba73648111fee0754fced5906

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
de3d1bb8af0dd323029c3063aa53cab9

SHA1
798f2c109fe03dee8be6a1e35bc7c9121c643cbc

SHA256
ca6ebca03eea759d775135875b7206447788862400f09ac8d18b58d2f4488532

SHA512
f832c861f3b9787df1942d76fbd83f20b6e86b3f71f27f7a53a327c005235c53411df14d720ca88c89829f8b6a73c9b7c42c12817c7d01796c46faf43d8653a8

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
51a0876bcef2c0c61bfcbec418f7e105

SHA1
06f100f7470db609ee04bd4cbf47f0a0920382ae

SHA256
eebb154611b75f1e73db41a00afb5c89c00d2f9f26ee21d330391b9db24460a5

SHA512
041dcf19c22d4694e46b9dbc1f336d1a0100a790470cbad2bccf9929359dd57f7124272c0a44a18231e29b122a899649be2c8e8bc10a545e544797ed80005d3c

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ab034095a595e8ef45875d683193e370

SHA1
b6881d65e6e4da5cefa911943a283382400bd821

SHA256
c0e49209c7530a59ebe4b4e1c5fbf1d8e1d15a7155f7e533e51d524efc6c2624

SHA512
5c1eba2e3417b8e3ee57d5792a18a9c89e5882c2af8b4b2b4ff6303dc8d941d18de4216753f0d3f33663ce16c85967a33aec0504fc04319947cfa0e612201043

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d915718215dd4381daa0e6d9961e0f59

SHA1
5cd97f2c47562190ce39892d801355866c5268f9

SHA256
383b528dcb3fda36d4aa9cc0c98343bcbcf39cafb902b3237c29d0e3ed1261b8

SHA512
c3ef9edee6ebf91973f16f510a4b6228783e318e5367da726885aa81b87d9e0945dcba90cd391362785afdddb892c615c6ee7f8599e9e923aa1330b2b1178c88

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
96c3d45f4bf8cb680459f146ede93dc9

SHA1
49660634848f7c40c5bd53df4f12cebcfea7332c

SHA256
f98d3169ae378334675111e6819501ea034fcb9a03167fe32ec3c019bf61eba4

SHA512
aa46221f23de1eb0c3fca04480702d293fa4dd955e010ffefd8dbc8ce507c18317c9f522b5011a4dcd95aad536e3d6c5fcd8d453b08edb440903d6501d6603b5

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e1e8b07f5ac3d1d6632f98e6d9d7764

SHA1
584ade305a134e5c47d40562231e95f15e3dd6ee

SHA256
62829b437c15c24437e20f8d54d67d96351a7e915916eb2bdab1fe2749038b30

SHA512
480e96cb37e67f83a78948ad055c2f9c1d6868e412dc9c74d39ff1d6254f0d120bc85b1b7ac1b2eae79e793b831f6603c657dbae4463bc4b79b8a1b9769353bd

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
928abb65de756d658f61accd08e21b15

SHA1
0ac4c51d0a88bb028ffa86b2f0ad55c7b5760d1a

SHA256
2b655fd224ba44f042509bdb2bb708bec05ce161092517016e802ff9af73e744

SHA512
a4104be8822b19ef06032f749b2ddf7836248d899870429ed9b113d19d0e4be31dcd4d2677e653fb2faba62f5e3e6cc90c240ef3d052c9eff0a6d5a1ba2e0fb0

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
85ef2a6dc12c82f2d3c5dc6ce883fe21

SHA1
d098329254a7b74453d8f75d8c7522f78ca37131

SHA256
d7321326501fc52058d0014686d887af7f7464867db59850d9feb7a1a6aa0ecb

SHA512
5f319fd9354ffe60d8ea929a39288affc23ac5f1dbd7b3cce279ae3256c7a41ef3d167846e3f722c2a8fb4d2eb1f8a9bd2cb5f15fb0cc4ecbc70bc12f3ac3760

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
097a55a79794cfa64b519943a114b103

SHA1
2effc0aa1d080828c2813d57fd16e9f79c9a922f

SHA256
57a07387cd33d5fdd15e48d3ea1f486147f41c9416504ff448b97780634a87ea

SHA512
a96d9982c58aacace7374d77ec575ff657670064599cb00eac8b8b2aae4bca8930d5da5ff773354556175b0a9e1ac8f36acd91cd0383343493f89d8181be3b5e

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
edb584ee674ad76382f23dedf0d4f56d

SHA1
1415514dd577b00a56bdfd377f6d76d7aba3f129

SHA256
2ee2b0db2f331d50cf979ab3542f85decdd4cd9da816286fd0d2b4691e462088

SHA512
ecd7511f9304949bb659715b850159e03e6fd1232fea7229ac89aaf319360ef5b508ea240b6b215f1e890c119d0d3f684ce0f84f19adad13faf789282b1021e4

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
008babe88a52514339f5e6f760f91520

SHA1
3e60b693cd64bdf73f811c9d734eb56d6524241c

SHA256
0d69aad8e3f781caa3fcdc693201bd4f772fceab67a367389409a1ed4b2bf6fe

SHA512
bf1db1191b10c193bae4e59a834cb3982bd6e1fcb336cd70471e3409e7ad41640e59081a8cbeb1d58483a2c257178c5a9dc46f8b83d1b400ee63cd0930155633

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
81bba584b37477bd52299fe0b234b0bf

SHA1
d9e75a1bb1e57175ac28ff2dcbad612896eca3fd

SHA256
0684edb0426e995b125ecf294ef1bb39c1d548af3f58f7eef346f5148fae08b6

SHA512
dd00ea869a0e7ca9d326f944a4197bf58f03dc7f51be4ea3b959c8e59a0cf265f7cab4e3abf34ac23362688102d787ef521f82cb2422ee5f09196f0faf871251

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c09b538e49179afec166479e09af4a2b

SHA1
cbc7fcc57f02be05ada7f8794c5db7205b3b551d

SHA256
c7e47f57fcfda4ce004e291fcacbc9c170c39248c849a44ab4d28d9669ab9bc5

SHA512
827f4ac487f2fe7ab808f5ac13d4b3d902d1df5226bb6be51f45e02239b32812719fa49a9f18df8701fdf984758ae068d45ccf4020160b2061c691a5fef0ae55

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8ee90fba50c1cd6da11669caf9460662

SHA1
168c493c09fc49b32aa98f279e4ab3d77eac828b

SHA256
b93cd879ca07ac094527d233c1bbecb46444cf3e789fbd744dde51a01e298796

SHA512
c4e3d359b08b7c535c6b3f7ad8be691aa533b26b116a5f4da334541336577c4ea2b19dcdeeebac0dcf6be98f21fbe49082323186f5f038890e9cf9bc3b432e54

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1

Filesize
308B

MD5
3990c6580a90a67646b1c25444f42a15

SHA1
e46fc8164afc2d5b9b5f5478d553dc3472c8f85d

SHA256
97683fb253a0e5c10ffb86ed7bc4b4812a134899f431182feaa82664c0eca1a1

SHA512
7e0782503a073e49f244fa968a549200f70b8fd299bdc19b452809807644406f5d6d28b2e77f0ee73cfaabc6a921a67b6c43428038c021474f4d49b51d6798e3

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
c7c8f67cbe3b67be05d6044ec1a6e2b0

SHA1
8ff03846463cb1f56fdfaa8a44d03941056c8b14

SHA256
c23f3156535ddf4b70aae0c464e0e08c7cd91d49f0d08861b8650b72a5804588

SHA512
ba256a2b41d098fc21c27de87b1757f35e5ab19748904edaccc3746562c3737c374a62557ab1e698d4fe6de6a5d3cb6c23312e63a0209cf25aaaec85a816995e

Download Submit
C:\Windows\Temp\CabB31A.tmp

Filesize
29KB

MD5
d59a6b36c5a94916241a3ead50222b6f

SHA1
e274e9486d318c383bc4b9812844ba56f0cff3c6

SHA256
a38d01d3f024e626d579cf052ac3bd4260bb00c34bc6085977a5f4135ab09b53

SHA512
17012307955fef045e7c13bf0613bd40df27c29778ba6572640b76c18d379e02dc478e855c9276737363d0ad09b9a94f2adaa85da9c77ebb3c2d427aa68e2489

Download Submit
C:\Windows\Temp\PreVer.log

Filesize
2KB

MD5
cb14772c9a9b93f5524cb2f386765c4f

SHA1
3afa37e062f851e6f965f161b5e4e9f9591b6182

SHA256
740c308400dba58c9463853b186042a37b883adcf1a197794cd28b3cd5e1d08d

SHA512
4f7dec22cc4a44cebe22cbfbd75da4aa2e90eb9f3546206e2f4b1dfb6555396d58a3397267165340092b0730a4792e2873224eac70edca264b51648d4516e06b

Download Submit
C:\Windows\Temp\TarB32D.tmp

Filesize
81KB

MD5
b13f51572f55a2d31ed9f266d581e9ea

SHA1
7eef3111b878e159e520f34410ad87adecf0ca92

SHA256
725980edc240c928bec5a5f743fdabeee1692144da7091cf836dc7d0997cef15

SHA512
f437202723b2817f2fef64b53d4eb67f782bdc61884c0c1890b46deca7ca63313ee2ad093428481f94edfcecd9c77da6e72b604998f7d551af959dbd6915809c

Download Submit
C:\Windows\Temp\{D75D9687-4F47-4803-B1FC-BD859538E466}\.ba\bg.png

Filesize
4KB

MD5
9eb0320dfbf2bd541e6a55c01ddc9f20

SHA1
eb282a66d29594346531b1ff886d455e1dcd6d99

SHA256
9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79

SHA512
9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

Download Submit
C:\Windows\Temp\{D75D9687-4F47-4803-B1FC-BD859538E466}\.be\dotnet-runtime-6.0.13-win-x64.exe

Filesize
609KB

MD5
7fc7feff419ae763ddee6799c273f627

SHA1
95a73d59edd7bf46a188675c27dfc6706a978c8a

SHA256
d40e53e227fd65afd42c5178ea75737b6082763773a48fd4ce79a296c366a288

SHA512
f3514ceee0b72c00ebd13f28bb4db5e7db231153cb894cd04039857d30ff04ad6934c1ecc26c872af55951588b27f5a4e71139c479a659ea5516213ba0613f04

Download Submit
\Windows\Installer\MSI6CE9.tmp

Filesize
245KB

MD5
acf29f18088d57d255b2b5c859e6d844

SHA1
cb0260ff6e7dd2189677d1c2afc9d25cd0c6f208

SHA256
767b905a0af875fde991601e1ea86ce40af300e6054ea719cad02fe72df28fd8

SHA512
29fe0a4159a7aabb7886475824c5b23310863304a315cf59b5d6bf44c0dc2c4df36521c38ff97e5336a8c7dda63a3f1b0405b493985c3ee4f308693bed9f638b

Download Submit
\Windows\Installer\MSI6CE9.tmp

Filesize
245KB

MD5
acf29f18088d57d255b2b5c859e6d844

SHA1
cb0260ff6e7dd2189677d1c2afc9d25cd0c6f208

SHA256
767b905a0af875fde991601e1ea86ce40af300e6054ea719cad02fe72df28fd8

SHA512
29fe0a4159a7aabb7886475824c5b23310863304a315cf59b5d6bf44c0dc2c4df36521c38ff97e5336a8c7dda63a3f1b0405b493985c3ee4f308693bed9f638b

Download Submit
\Windows\Installer\MSI6CE9.tmp-\AlphaControlAgentInstallationDialog.dll

Filesize
6KB

MD5
23b4b8d7a19b6de1bf97308c084a31c6

SHA1
cf8ac83896cfc180fe2f1c3d5db67adb25860038

SHA256
5b47208bdd53b9d55efbb807063a783a992fb4aca3b7da15ac64f30930a4cbc0

SHA512
b1ca3006d9aa1c25efbd84eb67d18dd0b88fd23190e296d0b005364223ef057c18d0ae6253d987fbca3e675646654557e897c9a9e5b354fb5b76d42775480830

Download Submit
\Windows\Installer\MSI6CE9.tmp-\AlphaControlAgentInstallationDialog.dll

Filesize
6KB

MD5
23b4b8d7a19b6de1bf97308c084a31c6

SHA1
cf8ac83896cfc180fe2f1c3d5db67adb25860038

SHA256
5b47208bdd53b9d55efbb807063a783a992fb4aca3b7da15ac64f30930a4cbc0

SHA512
b1ca3006d9aa1c25efbd84eb67d18dd0b88fd23190e296d0b005364223ef057c18d0ae6253d987fbca3e675646654557e897c9a9e5b354fb5b76d42775480830

Download Submit
\Windows\Installer\MSI6CE9.tmp-\Microsoft.Deployment.WindowsInstaller.dll

Filesize
179KB

MD5
1a5caea6734fdd07caa514c3f3fb75da

SHA1
f070ac0d91bd337d7952abd1ddf19a737b94510c

SHA256
cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

SHA512
a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

Download Submit
\Windows\Installer\MSI6CE9.tmp-\Microsoft.Deployment.WindowsInstaller.dll

Filesize
179KB

MD5
1a5caea6734fdd07caa514c3f3fb75da

SHA1
f070ac0d91bd337d7952abd1ddf19a737b94510c

SHA256
cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

SHA512
a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

Download Submit
\Windows\Installer\MSI7A72.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
memory/972-1983-0x0000000000C60000-0x0000000000C70000-memory.dmp

Filesize
64KB

Download
memory/1508-134-0x0000000002180000-0x00000000021C0000-memory.dmp

Filesize
256KB

Download
memory/1508-132-0x0000000002180000-0x00000000021C0000-memory.dmp

Filesize
256KB

Download
memory/1508-127-0x0000000001DA0000-0x0000000001DCE000-memory.dmp

Filesize
184KB

Download
memory/1508-133-0x0000000002180000-0x00000000021C0000-memory.dmp

Filesize
256KB

Download
memory/1508-131-0x0000000001D10000-0x0000000001D18000-memory.dmp

Filesize
32KB

Download
memory/1528-2012-0x0000000000AF0000-0x0000000000B38000-memory.dmp

Filesize
288KB

Download
memory/1528-2001-0x00000000001B0000-0x00000000001CC000-memory.dmp

Filesize
112KB

Download
memory/1528-1992-0x0000000000030000-0x000000000008E000-memory.dmp

Filesize
376KB

Download
memory/1528-1997-0x0000000000650000-0x000000000069A000-memory.dmp

Filesize
296KB

Download
memory/1528-2008-0x00000000006A0000-0x00000000006F2000-memory.dmp

Filesize
328KB

Download
memory/1528-2015-0x00000000001F0000-0x00000000001F8000-memory.dmp

Filesize
32KB

Download
memory/1588-174-0x0000000002120000-0x00000000021B8000-memory.dmp

Filesize
608KB

Download
memory/1588-178-0x0000000000920000-0x00000000009A0000-memory.dmp

Filesize
512KB

Download
memory/1588-162-0x00000000009C0000-0x00000000009E6000-memory.dmp

Filesize
152KB

Download
memory/1720-223-0x000000001A790000-0x000000001A842000-memory.dmp

Filesize
712KB

Download
memory/1720-221-0x0000000019E80000-0x0000000019F00000-memory.dmp

Filesize
512KB

Download
memory/1720-498-0x0000000019E80000-0x0000000019F00000-memory.dmp

Filesize
512KB

Download
memory/1720-510-0x0000000000970000-0x00000000009A8000-memory.dmp

Filesize
224KB

Download
memory/2080-1784-0x00000000004F0000-0x0000000000508000-memory.dmp

Filesize
96KB

Download
memory/2080-1770-0x0000000001140000-0x000000000114A000-memory.dmp

Filesize
40KB

Download
memory/2080-1844-0x0000000000CE0000-0x0000000000D66000-memory.dmp

Filesize
536KB

Download
memory/2140-1889-0x0000000000120000-0x0000000000130000-memory.dmp

Filesize
64KB

Download
memory/2140-1890-0x0000000000980000-0x000000000099C000-memory.dmp

Filesize
112KB

Download
memory/2140-1953-0x00000000009A0000-0x0000000000A26000-memory.dmp

Filesize
536KB

Download
memory/2344-1776-0x0000000000BF0000-0x0000000000BFA000-memory.dmp

Filesize
40KB

Download
memory/2344-1783-0x0000000000B20000-0x0000000000BA6000-memory.dmp

Filesize
536KB

Download
memory/2344-1996-0x00000000004B0000-0x00000000004B8000-memory.dmp

Filesize
32KB

Download
memory/2344-1862-0x0000000019C00000-0x0000000019C80000-memory.dmp

Filesize
512KB

Download
memory/2536-1999-0x0000000019970000-0x00000000199F6000-memory.dmp

Filesize
536KB

Download
memory/2536-1985-0x0000000000A40000-0x0000000000A78000-memory.dmp

Filesize
224KB

Download
memory/2536-2018-0x0000000000D10000-0x0000000000D18000-memory.dmp

Filesize
32KB

Download
memory/2536-2016-0x0000000000A80000-0x0000000000A88000-memory.dmp

Filesize
32KB

Download
memory/2536-2013-0x00000000004C0000-0x00000000004CA000-memory.dmp

Filesize
40KB

Download
memory/2536-2011-0x0000000000470000-0x00000000004B8000-memory.dmp

Filesize
288KB

Download
memory/2560-1788-0x0000000000270000-0x0000000000280000-memory.dmp

Filesize
64KB

Download
memory/2560-1786-0x0000000000AC0000-0x0000000000B46000-memory.dmp

Filesize
536KB

Download
memory/2560-1755-0x0000000001050000-0x0000000001062000-memory.dmp

Filesize
72KB

Download
memory/2720-1866-0x0000000019D80000-0x0000000019E00000-memory.dmp

Filesize
512KB

Download
memory/2720-1794-0x0000000000370000-0x0000000000388000-memory.dmp

Filesize
96KB

Download
memory/2720-1792-0x0000000000A90000-0x0000000000B40000-memory.dmp

Filesize
704KB

Download
memory/2720-1777-0x0000000000B60000-0x0000000000B8C000-memory.dmp

Filesize
176KB

Download
memory/2736-2000-0x0000000000280000-0x000000000029C000-memory.dmp

Filesize
112KB

Download
memory/2736-1993-0x00000000009C0000-0x0000000000A0A000-memory.dmp

Filesize
296KB

Download
memory/2736-1989-0x0000000000820000-0x000000000082C000-memory.dmp

Filesize
48KB

Download
memory/2832-1858-0x0000000000560000-0x00000000005AA000-memory.dmp

Filesize
296KB

Download
memory/2832-2004-0x0000000019390000-0x0000000019410000-memory.dmp

Filesize
512KB

Download
memory/2832-2020-0x0000000019240000-0x000000001931C000-memory.dmp

Filesize
880KB

Download
memory/2832-1864-0x0000000000910000-0x0000000000922000-memory.dmp

Filesize
72KB

Download
memory/2832-1860-0x00000000005B0000-0x00000000005CA000-memory.dmp

Filesize
104KB

Download
memory/2832-1851-0x0000000000930000-0x000000000093E000-memory.dmp

Filesize
56KB

Download
memory/2896-2014-0x0000000000AD0000-0x0000000000AE8000-memory.dmp

Filesize
96KB

Download
memory/2896-1995-0x0000000000C70000-0x0000000000CA2000-memory.dmp

Filesize
200KB

Download
memory/2896-2019-0x0000000000B90000-0x0000000000BA2000-memory.dmp

Filesize
72KB

Download
memory/2896-2017-0x0000000000AF0000-0x0000000000AFA000-memory.dmp

Filesize
40KB

Download
memory/2896-2010-0x0000000000AB0000-0x0000000000ACA000-memory.dmp

Filesize
104KB

Download
memory/2896-2002-0x0000000000A60000-0x0000000000AAA000-memory.dmp

Filesize
296KB

Download
memory/2916-2005-0x0000000019220000-0x00000000192A0000-memory.dmp

Filesize
512KB

Download
memory/2916-1853-0x00000000000D0000-0x00000000000DE000-memory.dmp

Filesize
56KB

Download
memory/2916-1865-0x0000000000A60000-0x0000000000A7A000-memory.dmp

Filesize
104KB

Download
memory/2916-1876-0x0000000000C30000-0x0000000000CB6000-memory.dmp

Filesize
536KB

Download
memory/2928-1994-0x0000000000D30000-0x0000000000D42000-memory.dmp

Filesize
72KB

Download
memory/2928-2009-0x00000000004E0000-0x00000000004FC000-memory.dmp

Filesize
112KB

Download
memory/2928-2003-0x0000000000490000-0x00000000004DA000-memory.dmp

Filesize
296KB

Download