6f91d1278cf86d976c8800a6ae122e8154bb8d7fd71f975fb3894975d1ade18f

Analysis

max time kernel
80s
max time network
153s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
22/10/2023, 12:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

setup_madison_windows.msi
Size

2.6MB
MD5

60c20160ce9aaf007bab367ca7fc3a16
SHA1

21aba7bf178ff5df590e61a66e21b2241d8f1e57
SHA256

6f91d1278cf86d976c8800a6ae122e8154bb8d7fd71f975fb3894975d1ade18f
SHA512

108ee6d8db6456a637bc43181ecdbd98c5c48dcbf670cea4706f509c45a235afad7ca02c98b8a94673255e9af86f7cd0176ce156f6ba02cf3ea8b26cb625fab4
SSDEEP

49152:g51VAM5R2KAHlcp8qFmmzDza2Rqr+kMdPTEe/pjO8xn+ch/TlOFNOnUI:gPCMr2NMRmk/XeM9TEeRvx+ch/TlAr

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 12 IoCs

pid	Process
1676	AteraAgent.exe
1584	AteraAgent.exe
2080	AgentPackageAgentInformation.exe
2208	AgentPackageAgentInformation.exe
1936	AgentPackageMonitoring.exe
1996	AgentPackageSTRemote.exe
2464	AgentPackageProgramManagement.exe
3044	AgentPackageHeartbeat.exe
3024	AgentPackageUpgradeAgent.exe
1656	AgentPackageSystemTools.exe
920	Agent.Package.Availability.exe
2424	AgentPackageRuntimeInstaller.exe

Loads dropped DLL 11 IoCs

pid	Process
2408	MsiExec.exe
1108	rundll32.exe
1108	rundll32.exe
1108	rundll32.exe
1108	rundll32.exe
1108	rundll32.exe
2408	MsiExec.exe
780	MsiExec.exe
780	MsiExec.exe
1936	AgentPackageMonitoring.exe
1584	AteraAgent.exe

Blocklisted process makes network request 3 IoCs

flow	pid	Process
3	2140	msiexec.exe
5	2140	msiexec.exe
7	2140	msiexec.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe

Drops file in System32 directory 17 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141	AteraAgent.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015	AteraAgent.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1	AteraAgent.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1	AteraAgent.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4	AteraAgent.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB	AteraAgent.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141	AteraAgent.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_D6781754937F132531C364D68914BDA9	AteraAgent.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416	AteraAgent.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4	AteraAgent.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB	AteraAgent.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_D6781754937F132531C364D68914BDA9	AteraAgent.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416	AteraAgent.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015	AteraAgent.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357	AteraAgent.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357	AteraAgent.exe
File opened for modification	C:\Windows\system32\InstallUtil.InstallLog	AteraAgent.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote.zip	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe.config	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Threading.ThreadPool.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Tools.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Atera.AgentPackages.ModelsV3.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Threading.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Xml.XmlSerializer.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.InteropServices.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.SecureString.dll	AteraAgent.exe
File opened for modification	C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Atera.Utils.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Microsoft.ApplicationInsights.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Microsoft.Extensions.Configuration.CommandLine.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.TraceSource.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Diagnostics.DiagnosticSource.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe.config	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Newtonsoft.Json.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Microsoft.Extensions.Logging.EventSource.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.NetworkInformation.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ComponentModel.EventBasedAsync.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\information.cch	AgentPackageAgentInformation.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Linq.Queryable.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.WebHeaderCollection.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Collections.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Reflection.Primitives.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\System.Memory.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Threading.Thread.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Memory.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\CommunityToolkit.WinUI.Notifications.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Microsoft.Extensions.Logging.EventLog.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Reflection.Primitives.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll	msiexec.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Buffers.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe.config	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\CommunityToolkit.WinUI.Notifications.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Microsoft.Extensions.Logging.Abstractions.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Runtime.CompilerServices.VisualC.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Linq.Parallel.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Threading.Timer.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\NLog.config	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Diagnostics.Process.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Runtime.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Runtime.CompilerServices.Unsafe.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Newtonsoft.Json.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.IsolatedStorage.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Handles.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingTray.exe.config	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Polly.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Security.Cryptography.Csp.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Dynamic.Runtime.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Microsoft.Extensions.Logging.Debug.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Net.Requests.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.AppContext.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Runtime.Serialization.Formatters.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.MemoryMappedFiles.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\Newtonsoft.Json.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe.config	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\System.Runtime.CompilerServices.Unsafe.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Microsoft.Extensions.Hosting.Abstractions.dll	AteraAgent.exe

Drops file in Windows directory 18 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSI2F0E.tmp-\AlphaControlAgentInstallation.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\MSI4000.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4020.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4226.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.ev1	DrvInst.exe
File created	C:\Windows\Installer\f772da6.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\f772da5.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2F0E.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2F0E.tmp-\CustomAction.config	rundll32.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI40AE.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\f772da6.ipi	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.ev3	DrvInst.exe
File created	C:\Windows\Installer\f772da5.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2F0E.tmp-\Microsoft.Deployment.WindowsInstaller.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\MSI2F0E.tmp-\System.Management.dll	rundll32.exe
File created	C:\Windows\Installer\f772da8.msi	msiexec.exe

Launches sc.exe 1 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
1688	sc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Kills process with taskkill 1 IoCs

evasion

pid	Process
2016	TaskKill.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	AgentPackageMonitoring.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft	cscript.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	AgentPackageAgentInformation.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	AgentPackageAgentInformation.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs	AgentPackageAgentInformation.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	AgentPackageAgentInformation.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	AgentPackageAgentInformation.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	AgentPackageAgentInformation.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	AgentPackageMonitoring.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	AgentPackageAgentInformation.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	AgentPackageAgentInformation.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	AgentPackageMonitoring.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	AgentPackageMonitoring.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	AgentPackageAgentInformation.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	AgentPackageAgentInformation.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	AgentPackageAgentInformation.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	AgentPackageAgentInformation.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	AgentPackageAgentInformation.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	AgentPackageAgentInformation.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs	AgentPackageMonitoring.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	AteraAgent.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "1"	cscript.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	AgentPackageMonitoring.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	AgentPackageMonitoring.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	AgentPackageAgentInformation.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs	AgentPackageAgentInformation.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	AgentPackageAgentInformation.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	AgentPackageMonitoring.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	AgentPackageAgentInformation.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	AteraAgent.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	AgentPackageAgentInformation.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	AgentPackageMonitoring.exe

Modifies registry class 22 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\882A5F5CFF587524FA965D19E026865B\ProductName = "AteraAgent"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\882A5F5CFF587524FA965D19E026865B\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\882A5F5CFF587524FA965D19E026865B\SourceList	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\882A5F5CFF587524FA965D19E026865B\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\882A5F5CFF587524FA965D19E026865B\SourceList\Media	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\882A5F5CFF587524FA965D19E026865B	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\882A5F5CFF587524FA965D19E026865B\PackageCode = "8461E24D8232BC14CB270C3BD27759E8"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\882A5F5CFF587524FA965D19E026865B\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\882A5F5CFF587524FA965D19E026865B\InstanceType = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\25F46F8180ECF4345A1FA7A8935DE9AE	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\882A5F5CFF587524FA965D19E026865B\SourceList\PackageName = "setup_madison_windows.msi"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\882A5F5CFF587524FA965D19E026865B\Clients = 3a0000000000	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\882A5F5CFF587524FA965D19E026865B\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\882A5F5CFF587524FA965D19E026865B\Version = "17301510"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\882A5F5CFF587524FA965D19E026865B\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\882A5F5CFF587524FA965D19E026865B\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\882A5F5CFF587524FA965D19E026865B	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\882A5F5CFF587524FA965D19E026865B\INSTALLFOLDER_files_Feature	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\882A5F5CFF587524FA965D19E026865B\AdvertiseFlags = "388"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\882A5F5CFF587524FA965D19E026865B\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\25F46F8180ECF4345A1FA7A8935DE9AE\882A5F5CFF587524FA965D19E026865B	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\882A5F5CFF587524FA965D19E026865B\SourceList\Media\1 = ";"	msiexec.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e260f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	AteraAgent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	AteraAgent.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	AteraAgent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	AteraAgent.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	AteraAgent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	AteraAgent.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	AteraAgent.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	AteraAgent.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 30 IoCs

pid	Process
2076	msiexec.exe
2076	msiexec.exe
1584	AteraAgent.exe
1584	AteraAgent.exe
1584	AteraAgent.exe
1584	AteraAgent.exe
1584	AteraAgent.exe
1584	AteraAgent.exe
1584	AteraAgent.exe
1584	AteraAgent.exe
1584	AteraAgent.exe
1584	AteraAgent.exe
1584	AteraAgent.exe
1584	AteraAgent.exe
1584	AteraAgent.exe
1584	AteraAgent.exe
1584	AteraAgent.exe
1584	AteraAgent.exe
1584	AteraAgent.exe
1584	AteraAgent.exe
1584	AteraAgent.exe
1584	AteraAgent.exe
1584	AteraAgent.exe
1584	AteraAgent.exe
1584	AteraAgent.exe
1584	AteraAgent.exe
1584	AteraAgent.exe
1584	AteraAgent.exe
1584	AteraAgent.exe
1584	AteraAgent.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2140	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2140	msiexec.exe
Token: SeRestorePrivilege	2076	msiexec.exe
Token: SeTakeOwnershipPrivilege	2076	msiexec.exe
Token: SeSecurityPrivilege	2076	msiexec.exe
Token: SeCreateTokenPrivilege	2140	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	2140	msiexec.exe
Token: SeLockMemoryPrivilege	2140	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2140	msiexec.exe
Token: SeMachineAccountPrivilege	2140	msiexec.exe
Token: SeTcbPrivilege	2140	msiexec.exe
Token: SeSecurityPrivilege	2140	msiexec.exe
Token: SeTakeOwnershipPrivilege	2140	msiexec.exe
Token: SeLoadDriverPrivilege	2140	msiexec.exe
Token: SeSystemProfilePrivilege	2140	msiexec.exe
Token: SeSystemtimePrivilege	2140	msiexec.exe
Token: SeProfSingleProcessPrivilege	2140	msiexec.exe
Token: SeIncBasePriorityPrivilege	2140	msiexec.exe
Token: SeCreatePagefilePrivilege	2140	msiexec.exe
Token: SeCreatePermanentPrivilege	2140	msiexec.exe
Token: SeBackupPrivilege	2140	msiexec.exe
Token: SeRestorePrivilege	2140	msiexec.exe
Token: SeShutdownPrivilege	2140	msiexec.exe
Token: SeDebugPrivilege	2140	msiexec.exe
Token: SeAuditPrivilege	2140	msiexec.exe
Token: SeSystemEnvironmentPrivilege	2140	msiexec.exe
Token: SeChangeNotifyPrivilege	2140	msiexec.exe
Token: SeRemoteShutdownPrivilege	2140	msiexec.exe
Token: SeUndockPrivilege	2140	msiexec.exe
Token: SeSyncAgentPrivilege	2140	msiexec.exe
Token: SeEnableDelegationPrivilege	2140	msiexec.exe
Token: SeManageVolumePrivilege	2140	msiexec.exe
Token: SeImpersonatePrivilege	2140	msiexec.exe
Token: SeCreateGlobalPrivilege	2140	msiexec.exe
Token: SeBackupPrivilege	1076	vssvc.exe
Token: SeRestorePrivilege	1076	vssvc.exe
Token: SeAuditPrivilege	1076	vssvc.exe
Token: SeBackupPrivilege	2076	msiexec.exe
Token: SeRestorePrivilege	2076	msiexec.exe
Token: SeRestorePrivilege	2512	DrvInst.exe
Token: SeRestorePrivilege	2512	DrvInst.exe
Token: SeRestorePrivilege	2512	DrvInst.exe
Token: SeRestorePrivilege	2512	DrvInst.exe
Token: SeRestorePrivilege	2512	DrvInst.exe
Token: SeRestorePrivilege	2512	DrvInst.exe
Token: SeRestorePrivilege	2512	DrvInst.exe
Token: SeLoadDriverPrivilege	2512	DrvInst.exe
Token: SeLoadDriverPrivilege	2512	DrvInst.exe
Token: SeLoadDriverPrivilege	2512	DrvInst.exe
Token: SeRestorePrivilege	2076	msiexec.exe
Token: SeTakeOwnershipPrivilege	2076	msiexec.exe
Token: SeRestorePrivilege	2076	msiexec.exe
Token: SeTakeOwnershipPrivilege	2076	msiexec.exe
Token: SeRestorePrivilege	2076	msiexec.exe
Token: SeTakeOwnershipPrivilege	2076	msiexec.exe
Token: SeRestorePrivilege	2076	msiexec.exe
Token: SeTakeOwnershipPrivilege	2076	msiexec.exe
Token: SeRestorePrivilege	2076	msiexec.exe
Token: SeTakeOwnershipPrivilege	2076	msiexec.exe
Token: SeRestorePrivilege	2076	msiexec.exe
Token: SeTakeOwnershipPrivilege	2076	msiexec.exe
Token: SeRestorePrivilege	2076	msiexec.exe
Token: SeTakeOwnershipPrivilege	2076	msiexec.exe
Token: SeDebugPrivilege	2016	TaskKill.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2140	msiexec.exe
2140	msiexec.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 2408	2076	msiexec.exe	34
PID 2076 wrote to memory of 2408	2076	msiexec.exe	34
PID 2076 wrote to memory of 2408	2076	msiexec.exe	34
PID 2076 wrote to memory of 2408	2076	msiexec.exe	34
PID 2076 wrote to memory of 2408	2076	msiexec.exe	34
PID 2076 wrote to memory of 2408	2076	msiexec.exe	34
PID 2076 wrote to memory of 2408	2076	msiexec.exe	34
PID 2408 wrote to memory of 1108	2408	MsiExec.exe	35
PID 2408 wrote to memory of 1108	2408	MsiExec.exe	35
PID 2408 wrote to memory of 1108	2408	MsiExec.exe	35
PID 2408 wrote to memory of 1108	2408	MsiExec.exe	35
PID 2408 wrote to memory of 1108	2408	MsiExec.exe	35
PID 2408 wrote to memory of 1108	2408	MsiExec.exe	35
PID 2408 wrote to memory of 1108	2408	MsiExec.exe	35
PID 2076 wrote to memory of 780	2076	msiexec.exe	37
PID 2076 wrote to memory of 780	2076	msiexec.exe	37
PID 2076 wrote to memory of 780	2076	msiexec.exe	37
PID 2076 wrote to memory of 780	2076	msiexec.exe	37
PID 2076 wrote to memory of 780	2076	msiexec.exe	37
PID 2076 wrote to memory of 780	2076	msiexec.exe	37
PID 2076 wrote to memory of 780	2076	msiexec.exe	37
PID 780 wrote to memory of 2348	780	MsiExec.exe	38
PID 780 wrote to memory of 2348	780	MsiExec.exe	38
PID 780 wrote to memory of 2348	780	MsiExec.exe	38
PID 780 wrote to memory of 2348	780	MsiExec.exe	38
PID 2348 wrote to memory of 1232	2348	NET.exe	40
PID 2348 wrote to memory of 1232	2348	NET.exe	40
PID 2348 wrote to memory of 1232	2348	NET.exe	40
PID 2348 wrote to memory of 1232	2348	NET.exe	40
PID 780 wrote to memory of 2016	780	MsiExec.exe	41
PID 780 wrote to memory of 2016	780	MsiExec.exe	41
PID 780 wrote to memory of 2016	780	MsiExec.exe	41
PID 780 wrote to memory of 2016	780	MsiExec.exe	41
PID 2076 wrote to memory of 1676	2076	msiexec.exe	43
PID 2076 wrote to memory of 1676	2076	msiexec.exe	43
PID 2076 wrote to memory of 1676	2076	msiexec.exe	43
PID 1584 wrote to memory of 1688	1584	AteraAgent.exe	46
PID 1584 wrote to memory of 1688	1584	AteraAgent.exe	46
PID 1584 wrote to memory of 1688	1584	AteraAgent.exe	46
PID 1584 wrote to memory of 2080	1584	AteraAgent.exe	47
PID 1584 wrote to memory of 2080	1584	AteraAgent.exe	47
PID 1584 wrote to memory of 2080	1584	AteraAgent.exe	47
PID 1584 wrote to memory of 2208	1584	AteraAgent.exe	49
PID 1584 wrote to memory of 2208	1584	AteraAgent.exe	49
PID 1584 wrote to memory of 2208	1584	AteraAgent.exe	49
PID 1584 wrote to memory of 1936	1584	AteraAgent.exe	51
PID 1584 wrote to memory of 1936	1584	AteraAgent.exe	51
PID 1584 wrote to memory of 1936	1584	AteraAgent.exe	51
PID 2208 wrote to memory of 2688	2208	AgentPackageAgentInformation.exe	53
PID 2208 wrote to memory of 2688	2208	AgentPackageAgentInformation.exe	53
PID 2208 wrote to memory of 2688	2208	AgentPackageAgentInformation.exe	53
PID 2688 wrote to memory of 1552	2688	cmd.exe	55
PID 2688 wrote to memory of 1552	2688	cmd.exe	55
PID 2688 wrote to memory of 1552	2688	cmd.exe	55
PID 1584 wrote to memory of 1996	1584	AteraAgent.exe	59
PID 1584 wrote to memory of 1996	1584	AteraAgent.exe	59
PID 1584 wrote to memory of 1996	1584	AteraAgent.exe	59
PID 1584 wrote to memory of 2464	1584	AteraAgent.exe	61
PID 1584 wrote to memory of 2464	1584	AteraAgent.exe	61
PID 1584 wrote to memory of 2464	1584	AteraAgent.exe	61
PID 1584 wrote to memory of 3044	1584	AteraAgent.exe	62
PID 1584 wrote to memory of 3044	1584	AteraAgent.exe	62
PID 1584 wrote to memory of 3044	1584	AteraAgent.exe	62
PID 1584 wrote to memory of 3024	1584	AteraAgent.exe	65

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\setup_madison_windows.msi
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2140

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 56B629EDA0F5AD1CDBF3246EF1C0D9C1
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2408
- - C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe "C:\Windows\Installer\MSI2F0E.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259469957 1 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
    3⤵
    - Loads dropped DLL
    - Drops file in Windows directory
    PID:1108
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding E9D06024863C4E17A74C27C17AB2D0D9 M Global\MSI0000
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:780
- - C:\Windows\syswow64\NET.exe
    "NET" STOP AteraAgent
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2348
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 STOP AteraAgent
      4⤵
      PID:1232
- - C:\Windows\syswow64\TaskKill.exe
    "TaskKill.exe" /f /im AteraAgent.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2016
- C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
  "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="[email protected]" /CompanyId="33" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="0013z00002TrmjNAAR"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Modifies data under HKEY_USERS
  PID:1676
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 89A1035CC42744275152D0514DFC22FC M Global\MSI0000
  2⤵
  PID:1792

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1076

C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000002AC" "00000000000003B8"
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2512

C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
"C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies data under HKEY_USERS
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1584
- C:\Windows\System32\sc.exe
  "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
  2⤵
  - Launches sc.exe
  PID:1688
- C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" d0094917-189f-4795-bd06-a06e2e2b51ea "5c9b426e-69fd-4acb-9788-1dc4e5f9f481" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification"
  2⤵
  - Executes dropped EXE
  - Modifies data under HKEY_USERS
  PID:2080
- C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" d0094917-189f-4795-bd06-a06e2e2b51ea "4aec2753-0810-4c23-8e71-f70df07ddea2" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Modifies data under HKEY_USERS
  - Suspicious use of WriteProcessMemory
  PID:2208
- - C:\Windows\System32\cmd.exe
    "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office14\ospp.vbs" /dstatus
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2688
  - - C:\Windows\system32\cscript.exe
      cscript "C:\Program Files (x86)\Microsoft Office\Office14\ospp.vbs" /dstatus
      4⤵
      Modifies data under HKEY_USERS
      PID:1552
- C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" d0094917-189f-4795-bd06-a06e2e2b51ea "4cbc0f5f-41a3-47f1-8f8c-f80eaac68a86" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies data under HKEY_USERS
  PID:1936
- C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" d0094917-189f-4795-bd06-a06e2e2b51ea "207149e8-9def-415e-a0e1-8df27d4e4e1d" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded"
  2⤵
  - Executes dropped EXE
  PID:1996
- - C:\Windows\TEMP\SplashtopStreamer.exe
    "C:\Windows\TEMP\SplashtopStreamer.exe" prevercheck /s /i sec_opt=0,confirm_d=0,hidewindow=1
    3⤵
    PID:1688
  - - C:\Windows\Temp\unpack\PreVerCheck.exe
      "C:\Windows\Temp\unpack\PreVerCheck.exe" /s /i sec_opt=0,confirm_d=0,hidewindow=1
      4⤵
      PID:2280
    - - C:\Windows\SysWOW64\msiexec.exe
        
        msiexec /norestart /i "setup.msi" /qn /l*v "C:\Windows\TEMP\PreVer.log.txt" CA_EXTPATH=1 USERINFO="sec_opt=0,confirm_d=0,hidewindow=1"
        5⤵
        
        PID:2032
- C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe" d0094917-189f-4795-bd06-a06e2e2b51ea "64a8b878-a426-4472-b5f3-7538ff0d8902" agent-api.atera.com/Production 443 or8ixLi90Mf "syncinstalledapps"
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" d0094917-189f-4795-bd06-a06e2e2b51ea "03035f63-7b59-4e50-aabc-898691244cff" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat"
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" d0094917-189f-4795-bd06-a06e2e2b51ea "92de0bf9-7b5b-4caf-ad3c-44a76c93034d" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates"
  2⤵
  - Executes dropped EXE
  PID:3024
- - C:\Windows\TEMP\AteraUpgradeAgentPackage\AgentPackageUpgradeAgent.exe
    "C:\Windows\TEMP\AteraUpgradeAgentPackage\AgentPackageUpgradeAgent.exe" "d0094917-189f-4795-bd06-a06e2e2b51ea" "92de0bf9-7b5b-4caf-ad3c-44a76c93034d" "agent-api.atera.com/Production" "443" "or8ixLi90Mf" "checkforupdates"
    3⤵
    PID:1516
- C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe" d0094917-189f-4795-bd06-a06e2e2b51ea "aee671ad-53f5-4f03-a162-9c409a422769" agent-api.atera.com/Production 443 or8ixLi90Mf "connect"
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe" d0094917-189f-4795-bd06-a06e2e2b51ea "07743469-81ae-4332-82b9-6807305a3101" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJDb21tYW5kTmFtZSI6Imluc3RhbGxkb3RuZXQiLCJEb3ROZXRWZXJzaW9uIjoiNi4wLjEzIiwiTWFjQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2FhM2IzMTUwLTgwY2ItNGQzMC04N2Y4LWRjMzZmYTFkY2YyNi84ZWM5ZmY2ODM2ODI4MTc1ZjFhNmE2MGFlZmQ0ZTYzYi9kb3RuZXQtcnVudGltZS02LjAuMTMtb3N4LWFybTY0LnBrZyIsIk1hY1g2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci8yZWYxMjM1Ny00OTliLTRhNWItYTQ4OC1kYTQ1YTVmMzEwZTYvZmJlMzVjMzU0YmZiNTA5MzRhOTc2ZmM5MWM2ZDhkODEvZG90bmV0LXJ1bnRpbWUtNi4wLjEzLW9zeC14NjQucGtnIiwiV2luQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzVmZTE3M2VhLTRjNTgtNGE4ZC1iOGU1LTVjN2VhN2M1OTAxMS9hMTkzNmUxMjM5ZTU5ZGM0ZGY1OGExYmMzZGI1MjdjMy9kb3RuZXQtcnVudGltZS02LjAuMTMtd2luLWFybTY0LmV4ZSIsIldpblg2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci80MzZiY2U2YS1mM2U3LTQ0OGUtOTI3OS1kNThmMWUzOWFiOGEvOWY1YzdlZDM3NzI5NGNjOGUwMjhlOTAwNTQwNjMyZDUvZG90bmV0LXJ1bnRpbWUtNi4wLjEzLXdpbi14NjQuZXhlIiwiV2luWDg2RG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzVmMDk1Y2JiLWFmNmMtNGQyMC05MDlkLTg3ZGI1Mzg3OTM3MC9kNGM2ZjM4MGE5YTY4ZmM4NTNiZDg5MTE4OWYzYzk3NS9kb3RuZXQtcnVudGltZS02LjAuMTMtd2luLXg4Ni5leGUiLCJNYWNBUk1DaGVja3N1bSI6IlM1WTRyU0syVmtpbWcyd01pSEVGZUI2N2U5YTBIZG9ocE13TkZ1TEVJTGpXaVNQVnpYXHUwMDJCSjNPUFJ5aUVZQmlmdkZcdTAwMkI0bnN4aTVcdTAwMkJzSG4wMGN0cU13UTZBPT0iLCJNYWNYNjRDaGVja3N1bSI6IjRqSVl1dGhzTDU4dnV0cWlkZHNGMk1pQ3NcdTAwMkJBRTBUN2FWMVgwXHUwMDJCMk1FWFNSQ0xXdGdqM0x0MklldmVxZ2l1UUVsU2VxNVF1TGJybkRjSHBRbEVpd0N3QT09IiwiV2luQVJNQ2hlY2tzdW0iOiJkLzBlWkR4L0VTSE92dUM1RURKdU4yOTFqckllYnVKTXdjdUxsV2RLOGp0Ym1kbVNYUGNhVzBpOFx1MDAyQk9kdGJwcC9SaG9TMXk3SC9mOVlTTWd6aFVPY3NBPT0iLCJXaW5YNjRDaGVja3N1bSI6InNQdmlCM3VQQVpXRG53YVZoM3YwVEpjYWRUMmNLa0d0MXVNQUM5YzBwTXNNYnduZ01IUkN3ZmxjZTlxUWNjSzJNXHUwMDJCb1BSM2t6NVpNZmh1MlA1SmdvVWc9PSIsIldpblg4NkNoZWNrc3VtIjoicTE2UjdyUzZpcjR3RW1YMTZIQVJhUThtWDByNDNhek9IODZKOXpISkNpVzlmWklhS2VYL1hvbUJrQ2xocXZxSzhIeDVuNTA2R0k4MTBPakRmbG50Y3c9PSIsIldvcmtzcGFjZUlkIjoiYmYwY2U0OWQtNzdjZi00NzIxLWJmNzAtNTc2ODYzODNjOWFiIiwiTG9nTmFtZSI6IkRvdE5ldFJ1bnRpbWVJbnN0YWxsYXRpb25SZXBvcnQiLCJTaGFyZWRLZXkiOiJqVUlTL1Q5Q1JWRGVLeFlnNFVyM2FDaGhXUXVjWTdQVnZ3ZzB6SHVxSnNjclRqalEyTHdLNlVqZnU3Y0EyTnByQVIwci9TUkFYSllZbGRQS0tGeUtLUT09In0="
  2⤵
  - Executes dropped EXE
  PID:2424
- - C:\Windows\system32\cmd.exe
    "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
    3⤵
    PID:1012
- C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" d0094917-189f-4795-bd06-a06e2e2b51ea "f2619c40-bc40-45db-8b9b-d5bcd07fcd10" agent-api.atera.com/Production 443 or8ixLi90Mf "probe"
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe" d0094917-189f-4795-bd06-a06e2e2b51ea "d21d06a6-7003-4b8b-8bf7-c28262af509f" agent-api.atera.com/Production 443 or8ixLi90Mf "agentprovision"
  2⤵
  PID:860
- C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" d0094917-189f-4795-bd06-a06e2e2b51ea "1dfffa8c-5f35-4c44-b3be-a435240ac40d" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll"
  2⤵
  PID:1460
- C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe" d0094917-189f-4795-bd06-a06e2e2b51ea "ad322d6e-c13c-4b71-9f3c-0809514bf481" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBZENvbW1hbmRUeXBlIjo1LCJJbnN0YWxsYXRpb25GaWxlVXJsIjpudWxsfQ=="
  2⤵
  PID:2916
- C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" d0094917-189f-4795-bd06-a06e2e2b51ea "44b5ba03-5ed2-40f2-80d0-212c1191f2c8" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain"
  2⤵
  PID:2412
- C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" d0094917-189f-4795-bd06-a06e2e2b51ea "264ea2aa-7058-40d3-bc7c-d0a98a04f586" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates"
  2⤵
  PID:2332
- C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" d0094917-189f-4795-bd06-a06e2e2b51ea "13c3dc8b-11b0-4d05-b6b6-6de3e8279429" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor"
  2⤵
  PID:2268
- C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" d0094917-189f-4795-bd06-a06e2e2b51ea "03035f63-7b59-4e50-aabc-898691244cff" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat"
  2⤵
  PID:2368
- C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe" d0094917-189f-4795-bd06-a06e2e2b51ea "aee671ad-53f5-4f03-a162-9c409a422769" agent-api.atera.com/Production 443 or8ixLi90Mf "connect"
  2⤵
  PID:1384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\f772da7.rbs

Filesize
8KB

MD5
a85e2fe39ff3275311d11b523edd33ae

SHA1
9bd52a89b56f3f1e90e4225857a93d30cbcb5200

SHA256
f4248cdd1a84ec7df0dc8fa28e7a14adfe8039b8f2cdb496e3baaa624facc14e

SHA512
06546acaf027376a4171eac2d928fd1ea00884ecb05377933824d7121d081a39edfc8633f372bc0da63dd77375c9da0187d978221d7da3d3352ecd19eacb7fb6

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog

Filesize
753B

MD5
8298451e4dee214334dd2e22b8996bdc

SHA1
bc429029cc6b42c59c417773ea5df8ae54dbb971

SHA256
6fbf5845a6738e2dc2aa67dd5f78da2c8f8cb41d866bbba10e5336787c731b25

SHA512
cda4ffd7d6c6dff90521c6a67a3dba27bf172cc87cee2986ae46dccd02f771d7e784dcad8aea0ad10decf46a1c8ae1041c184206ec2796e54756e49b9217d7ba

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

Filesize
140KB

MD5
2899046a979bf463b612b5a80defe438

SHA1
21feaa6f3fbb1afa7096c155d6b1908abf4ea3b9

SHA256
486b2c2b0ca934ab63a9cf9f4b660768ad34c8df85e6f070aec0b6a63f09b0d8

SHA512
8c60eb0d9e82326543f2fbcd08783e041a7f5598723666b1c9ea5df7808d0c4947e8e64c2dcd46331bc3dbc38c6ec8b85ed2fcc5b97eaf0465ea624167829368

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

Filesize
140KB

MD5
2899046a979bf463b612b5a80defe438

SHA1
21feaa6f3fbb1afa7096c155d6b1908abf4ea3b9

SHA256
486b2c2b0ca934ab63a9cf9f4b660768ad34c8df85e6f070aec0b6a63f09b0d8

SHA512
8c60eb0d9e82326543f2fbcd08783e041a7f5598723666b1c9ea5df7808d0c4947e8e64c2dcd46331bc3dbc38c6ec8b85ed2fcc5b97eaf0465ea624167829368

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

Filesize
140KB

MD5
2899046a979bf463b612b5a80defe438

SHA1
21feaa6f3fbb1afa7096c155d6b1908abf4ea3b9

SHA256
486b2c2b0ca934ab63a9cf9f4b660768ad34c8df85e6f070aec0b6a63f09b0d8

SHA512
8c60eb0d9e82326543f2fbcd08783e041a7f5598723666b1c9ea5df7808d0c4947e8e64c2dcd46331bc3dbc38c6ec8b85ed2fcc5b97eaf0465ea624167829368

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config

Filesize
1KB

MD5
b3bb71f9bb4de4236c26578a8fae2dcd

SHA1
1ad6a034ccfdce5e3a3ced93068aa216bd0c6e0e

SHA256
e505b08308622ad12d98e1c7a07e5dc619a2a00bcd4a5cbe04fe8b078bcf94a2

SHA512
fb6a46708d048a8f964839a514315b9c76659c8e1ab2cd8c5c5d8f312aa4fb628ab3ce5d23a793c41c13a2aa6a95106a47964dad72a5ecb8d035106fc5b7ba71

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll

Filesize
209KB

MD5
a41c23558b3c07f8c749844bb553d545

SHA1
8473013cf5f2be8158c13f1056675d1cbd10586f

SHA256
a6193fc0a09ad7145fe38494bcf67fecbc10c07a5f3936e419895b018e85a766

SHA512
5930f14f3be4aed70a1ff93dbb75022c2d947a0a2344031992167d72192e0a51d207fc2255cb0ca1fb21b20b1277a528bbf739bbdf8676f7a0786efd132b436f

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll

Filesize
693KB

MD5
64e122b28a1e548c1cca376e32cdd248

SHA1
4506de40b8422c9be58333f35325a86674ca650c

SHA256
0ee2dd095b1cc4c3cda44a237a188e16c8614c107ad9d37ad8a581473ad42215

SHA512
36fc7dd056303822b23f9173b43522dee23431a419bdbae43a850e87f37b936b34ed2ef5013997d6d8b59d74627d55b0cc622da751d3ed828c850c7982a0d8fa

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe

Filesize
154KB

MD5
e3ca6ba742fba06522ab0fe063c620de

SHA1
58f1e87ae1ac14cf043c1af4c21d00e4197c712b

SHA256
f03771bab23cb012beb6bce3618a45fa6d06e3783a67f5f78bf0d9f41a198079

SHA512
2de5d08a4a33c03f828244705e4dd25a39d7d56a82c5fb1e5512d10d133d30a6cfeb2dde182f13288e5e0bcab181d9b4636d65db2cf1cc54c834080af0348bcc

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe

Filesize
46KB

MD5
1b692438393f8223bf90256abb3587d0

SHA1
5fd99d9db4757224da3fb8a8cac9d1f1632c47a8

SHA256
8296ecf5e781a1b6889ee7f278a31acdb70897f2d862a7b53e58a4edb34d71a6

SHA512
6d98fc4da030b884bf3b7fed9d7e026f8210b38cc1e4f96d36bd85067de6dd9286f0e8ac3715a187b595a8f7ae709fc19daa572ff83bc26802287292f8503bd7

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.INI

Filesize
12B

MD5
d8f9f68980c4da708195fa812519ad2f

SHA1
8f0066a77634e4108c20e226a5c6ba712e5a7fed

SHA256
dd8a6863451545d7ed0bab6e0e279968b2c0541c20b0a4ce7ab3054f03c54cf6

SHA512
7d3d15d3885ab1058efed06cb05dc8e713e71a3b70f3fb380657e802c362f222f23c44dc36af14089cf2c8a323a3ac07a172c1d8bb72de80eab78a66ef71e068

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe

Filesize
161KB

MD5
cdd68c74f07104e58c977bf652d0f26c

SHA1
af9da361479c19f9f943bf786f945f386f770032

SHA256
0a1e649d900d89ca206b946b28d111d0abb3db3e2f17c1913d5918fa21ebd7f7

SHA512
2d135a12f8325e1db334172c4c6e8f05d9a03b94a2eee72f8ee09dabd07a9c7eb173de176725be2ba0beac52b5895d7901a38649d92da3edc82a7da4430d79c9

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe

Filesize
161KB

MD5
cdd68c74f07104e58c977bf652d0f26c

SHA1
af9da361479c19f9f943bf786f945f386f770032

SHA256
0a1e649d900d89ca206b946b28d111d0abb3db3e2f17c1913d5918fa21ebd7f7

SHA512
2d135a12f8325e1db334172c4c6e8f05d9a03b94a2eee72f8ee09dabd07a9c7eb173de176725be2ba0beac52b5895d7901a38649d92da3edc82a7da4430d79c9

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe

Filesize
161KB

MD5
cdd68c74f07104e58c977bf652d0f26c

SHA1
af9da361479c19f9f943bf786f945f386f770032

SHA256
0a1e649d900d89ca206b946b28d111d0abb3db3e2f17c1913d5918fa21ebd7f7

SHA512
2d135a12f8325e1db334172c4c6e8f05d9a03b94a2eee72f8ee09dabd07a9c7eb173de176725be2ba0beac52b5895d7901a38649d92da3edc82a7da4430d79c9

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe

Filesize
161KB

MD5
cdd68c74f07104e58c977bf652d0f26c

SHA1
af9da361479c19f9f943bf786f945f386f770032

SHA256
0a1e649d900d89ca206b946b28d111d0abb3db3e2f17c1913d5918fa21ebd7f7

SHA512
2d135a12f8325e1db334172c4c6e8f05d9a03b94a2eee72f8ee09dabd07a9c7eb173de176725be2ba0beac52b5895d7901a38649d92da3edc82a7da4430d79c9

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config

Filesize
546B

MD5
158fb7d9323c6ce69d4fce11486a40a1

SHA1
29ab26f5728f6ba6f0e5636bf47149bd9851f532

SHA256
5e38ef232f42f9b0474f8ce937a478200f7a8926b90e45cb375ffda339ec3c21

SHA512
7eefcc5e65ab4110655e71bc282587e88242c15292d9c670885f0daae30fa19a4b059390eb8e934607b8b14105e3e25d7c5c1b926b6f93bdd40cbd284aaa3ceb

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll

Filesize
94KB

MD5
aa3bcb58a6c8dd0839e6b803ba1087b9

SHA1
0198a9c644d74712c34a3a67f460a02d77005321

SHA256
8dca6c1eb1557365e065931c992de88b075b4931fa574e8f1db5805e3a03388b

SHA512
620adc1a4cf614664975a8d778efd7cabdb1feb0df0074be8c182888f12d61918c8e7521735a624a5aec97f02ec973125cd5de7e03a02e15c8b87884ba4a70a1

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll

Filesize
687KB

MD5
0e7f80a7f2777f811f5bf04633ca1fd1

SHA1
8d767ef46f230a99a4d59c943eb88b5b02d4cf43

SHA256
f8054be7979b255589590fa0497e242b6294752a85795c8ee775835ef22f7a18

SHA512
d19d50879cfaa0a524be1359372014f67e4f1670e9443f393082fa5fc9c0a20d4d85d812641813b621ac3489ea07a86faf0d7e317e2cbd0fb42ddebc568a9e9e

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe

Filesize
25KB

MD5
fd9e8a53114dba71999e09386fb6ff83

SHA1
8b24a77a7f8cb1070a8207ff9abb9b8b7fe8a679

SHA256
4a7d1e7fac5578c585f0d5598f37245bf8288ca654f4d8bfe9935376256b3dbe

SHA512
4412e7b8feafbc140a74ff431557e4755fb5a0da15de85666e58a414f378d13a9a23f7e84f7167663e00d95cedddea425af96f63be0a13dec8bc704f71fa7d0b

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe

Filesize
25KB

MD5
fd9e8a53114dba71999e09386fb6ff83

SHA1
8b24a77a7f8cb1070a8207ff9abb9b8b7fe8a679

SHA256
4a7d1e7fac5578c585f0d5598f37245bf8288ca654f4d8bfe9935376256b3dbe

SHA512
4412e7b8feafbc140a74ff431557e4755fb5a0da15de85666e58a414f378d13a9a23f7e84f7167663e00d95cedddea425af96f63be0a13dec8bc704f71fa7d0b

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe

Filesize
25KB

MD5
fd9e8a53114dba71999e09386fb6ff83

SHA1
8b24a77a7f8cb1070a8207ff9abb9b8b7fe8a679

SHA256
4a7d1e7fac5578c585f0d5598f37245bf8288ca654f4d8bfe9935376256b3dbe

SHA512
4412e7b8feafbc140a74ff431557e4755fb5a0da15de85666e58a414f378d13a9a23f7e84f7167663e00d95cedddea425af96f63be0a13dec8bc704f71fa7d0b

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe.config

Filesize
187B

MD5
3f9b7c50015ca8be5ec84127bb37e2cb

SHA1
07fa0b2f00ba82a440bfeacafd8b0b8d1b3e4ee7

SHA256
c66e1ba36e874342cd570cf5bdd3d8b73864a4c9e9d802398be7f46fe39a8532

SHA512
db5713dda4ecac0a1201add7d5d1a55bdbfc9e373b2277661869f7de9e8ba593f44bdafa6c8dbeba09df158b2dfdd1875c26c047f50597185f1f2f5612fc87b9

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe

Filesize
212KB

MD5
e984f3c76408989e897cd4068ed5b7d1

SHA1
4318e3da5a0b29afd848f51223612720844475e9

SHA256
934c361171019fa200b2687de918dc842eb4967f76a5055e17352158f0d6ce17

SHA512
811b51b2deb2b5ce8fb8e49cc82e3625c6508c94773273e27b5385e86ec5317fad1f42bb1753c104d125ed647461e9d9902d5648ed64e4199f1c3839b6117ddd

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe

Filesize
31KB

MD5
5c33b399551c1ff47d5486c6556121bb

SHA1
74d49780496b0ed524442aa95f6eb69bc83ded18

SHA256
aad2956ff675d736d2d98f79aefe3f5fab742846a7f7eac0b796dbab69acd3b9

SHA512
6f9c4fa63fb157248a1483869e2c4fd071926a08b396df163db6d53f637c1a0dcb7e4c1315f3bafa438f75a08084ca8cfd7d5fb485316b19eede00814393e74c

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.INI

Filesize
12B

MD5
2ac603632d63084b620ed0d20b9644e4

SHA1
512f4351b0dd00cf8c42b092bd5831ab518e0a04

SHA256
2aa0848587e15d854e70a79fcc4fb53cdef784d01ae5f4bb469bc03a68adbae5

SHA512
7cb05c224dce8254d8d44ef4f4597dcc420fc2515f167a0fd208fe2be2579fd8b9f4837edcd419d0b874f686f39767fb51c44d6b25e94f91ecc185891f6ca878

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe

Filesize
398KB

MD5
afc3ae9a606716f85a6ed31ffaf1ae60

SHA1
c5e334c0f2d3e1abe5759a3108b0c437ff90d632

SHA256
707240901c7399eb1c849f3e36c6d2056df33a3d7f846c748320d629c44e7b61

SHA512
400e28455d31eddd1b4baca9c5ccb754e5596b7937b06447360438fb1eb07322d4dbdda893c259411f138249cc3454ac20e076791231200a25dbe35bc0d802bd

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe

Filesize
398KB

MD5
afc3ae9a606716f85a6ed31ffaf1ae60

SHA1
c5e334c0f2d3e1abe5759a3108b0c437ff90d632

SHA256
707240901c7399eb1c849f3e36c6d2056df33a3d7f846c748320d629c44e7b61

SHA512
400e28455d31eddd1b4baca9c5ccb754e5596b7937b06447360438fb1eb07322d4dbdda893c259411f138249cc3454ac20e076791231200a25dbe35bc0d802bd

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe

Filesize
398KB

MD5
afc3ae9a606716f85a6ed31ffaf1ae60

SHA1
c5e334c0f2d3e1abe5759a3108b0c437ff90d632

SHA256
707240901c7399eb1c849f3e36c6d2056df33a3d7f846c748320d629c44e7b61

SHA512
400e28455d31eddd1b4baca9c5ccb754e5596b7937b06447360438fb1eb07322d4dbdda893c259411f138249cc3454ac20e076791231200a25dbe35bc0d802bd

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe.config

Filesize
1KB

MD5
c6ecf24757926eba64e674bff8b747d1

SHA1
3a46083826c20e8e085c42bbfdfeef4f9e2b90d9

SHA256
c3ec04142c15b0a237e72ce1c3c85d19cd1231b9824f7a9854e7909a74b7becc

SHA512
efabb9883adb098a90115e8938c92b76bbb8d2eb5de170ecfa205ee949a2d722e0f97f6e01f9a71ac8b5fa2108b9ff82fa0171759d50e30d0ab5fc1948bdce15

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.CommonLib.dll

Filesize
92KB

MD5
e8aec68514a9da7c4f45e9c6923fee16

SHA1
8c7064c90455939d28d964f55226115f9c469d46

SHA256
8f898d59d3bac46f9fecc64be8cbe5c95c20a83b5b0650dac4d11d5ce280c566

SHA512
2854e5619018413a922f2788a5c9b9dc040de39b82bf5e07ae20d542fee881f0b899a49f1d67fcb22fb24e8e94501fa94fb0d96c3f3048ff69da093a4a6b1193

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Dapper.dll

Filesize
151KB

MD5
8374648179aac70c96d2687dab10251b

SHA1
b219d48d19b564acb40b3b3e89abf95bd18539b2

SHA256
4dbc5f7d8d55730f56d8cf511744c759f585166bc37443b38a06933b6b316425

SHA512
bc66282ee7c148288f8e1c499a3b348f3b53afd190bedbf0be1d90866c8273c609f6ef6c5f15bd82fdac7f2387ef85f5e441730626ccf1ecd9e056997a122829

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\LiteDB.dll

Filesize
484KB

MD5
8e2e3aa42a0118fbf137cca90138674d

SHA1
9aa8295c40263f5c83d49d26e22b6d91dee2841a

SHA256
30068aa5ac74f2b52321ce1bced62d57c4626364795868c79fef0cce80a4f892

SHA512
13dc084cb712537b77baef7ced5dbca070479bf494ab622ed3cc693bc8a36a4392ace0e7c7dcdb6dfdf0ad923ab895c64b002a27de5fcabb56fa4b76190fa6c2

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\NLog.dll

Filesize
862KB

MD5
98012e051dc0be69a36b09015194c9d9

SHA1
2198595169a6eb5229369b80cf6744595597904c

SHA256
9ad3a0da80975de4b9910000d5a3ed6c3e6d5f093e1b0abb3abc4ad6a6b11277

SHA512
e2dd224caec0aea4eb1d1013e88e1d2b9580e9486cd66931daa7b53ddd8ed552c7968224dec9516fc0dc1f0c2c4e5a86fb211c727f8be91b1dafccfa6bb4be01

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Newtonsoft.Json.dll

Filesize
693KB

MD5
a3eec40b8c60fc340af128694a295a25

SHA1
d1831616f92f2764c91e4616af376b2ccf7f3305

SHA256
b0096d572a48181b11b581f661f39494c62aa70ec1b19204e8aaea78a6505b0b

SHA512
bc0acc2da7b3da7df6ec48677ce7fa0135f8ef85533160284fb353dc6baefad086c761c91cabd6382075f62590a07d4daa22400f45bed1dc78e0343e678d51d1

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\OpenHardwareMonitorLib.dll

Filesize
286KB

MD5
9af0c528119c170fbfa6524412f9c92a

SHA1
728953f0b47702132625f9d9dcd2ef44151a5f1d

SHA256
2fb6b43181e2198d2ebe9a7aa7e74efb3a73a854912178f67bd7c4097aaec961

SHA512
4628b2bf878c82f3948f05904aee9808151383696642b8259e3e95b4f82db034c42cb8e647f27987e537c91024fa0e3263529d6ac5e783ca24b89bd9faa03760

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Polly.dll

Filesize
270KB

MD5
9e0e2757020e2c97e432f8af43d6892c

SHA1
0cf64f560df99680dc1fef13e89eda83382d3987

SHA256
fdac3ba71e775db0d3bcfcb60e30c3d9a698dcd456c41dfa2131cc21002f2bb0

SHA512
7cdbe49638278e4681133381d0c9d6feff606fdf2151ff53e99e19965386686b3431f5d2086aa8ae688be9787bf1e1eeeee7d08e2070ac09a318f8b790f0b1fc

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\StructureMap.dll

Filesize
277KB

MD5
af5167da2d151444a04c92006f10cab5

SHA1
8b5ff7524f2552521651719187220cbb19f26f8e

SHA256
2fd46dc44f2ec231f1d6a658e606b69466cc0c864e169cbba2456ab2d90b4b06

SHA512
23e190e24494b19ea452989431ca32f1962cb8391ba0c2515ef279c7377f34ed70d7fe2a98f924bd03b75ea6acf873db92160d5afeaf2ddf3e1209c3e3552576

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Data.SQLite.dll

Filesize
399KB

MD5
2c000d3f0d4fd7d2eddf2353a0d8cde4

SHA1
72aa05192d7f178d930fef81f1fcc983b5bca557

SHA256
1cc902827c6c062ed94931affc177174a084e607be331f4cc8ad4ce30d62c393

SHA512
2ae85b3bb23733f0ed68cae7247b1503db175d6bf67bc72a3edcf730c1d0a0c478006be3f30b8febbac78063f6c4a616df90491912e5780c77393ef6baa63449

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\x64\SQLite.Interop.dll

Filesize
1.7MB

MD5
1114cce4371541b5efa3152cb5cb5bc5

SHA1
8187bd09fd7826e5e4ffe570131b86104beef912

SHA256
d12baff5f0e7d1fb0b3f956ff17d5d1f281f7ca6c45b3195280ad09389b0a35d

SHA512
45d8128eee8cdfb4586285116083480ff66de81f23f69823655006b904647aae15da40ce31be8118e27c72c14aa4a9de512ccfcd09a0572423e8433fa74e4ed7

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe

Filesize
188KB

MD5
7122a8acddee274f03e8eff915953eae

SHA1
5be51b43c1e59459707486e4eac0668acd603420

SHA256
d534b2ad9791b4ba80141398e7aa4d0e85c4f7fa72c580ab46f096985403ddaf

SHA512
b2ab136f1cded923c70019febe1ef37386e2bbaf175d6138589375dffea11f96391e1127970ed37be83376e4936c45b66a3cfc08be5b0d704c5078c88e241bbe

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.INI

Filesize
12B

MD5
1e7f47bc15b23c7ecf9e885ef67038f7

SHA1
5c79a779f9705f1549bc5431630a3517360430a8

SHA256
fa5ef118370c40b28cf76bac7b1509b28f3fe172449ee110ae69a88b9c675c9d

SHA512
d68aef4ab7c86455e1c0e0e1497d4063b5167ccca942e07865b280fe17bc96e04e9051c1054037a557de597e21e2d2581acb35541d863f0edff533c930d2ce07

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe

Filesize
47KB

MD5
bd468d5f91fe98ce84710a0750676064

SHA1
e213c1ee6041f6523727b3ad2449aac603f65595

SHA256
8f1069fd3fcbe1f9abcac5667a0d2099ec79a7a611ac74e09d687aecb18e07b5

SHA512
cd6c484d71d3f6f4a92ca85d4c26ed71f861d26fd3b5bd700e596833f80705ffde03d4d9b247634ebfd56d4ccc84f374c9ff4ae2beaa216642f15e1a702b9e63

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe

Filesize
47KB

MD5
bd468d5f91fe98ce84710a0750676064

SHA1
e213c1ee6041f6523727b3ad2449aac603f65595

SHA256
8f1069fd3fcbe1f9abcac5667a0d2099ec79a7a611ac74e09d687aecb18e07b5

SHA512
cd6c484d71d3f6f4a92ca85d4c26ed71f861d26fd3b5bd700e596833f80705ffde03d4d9b247634ebfd56d4ccc84f374c9ff4ae2beaa216642f15e1a702b9e63

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe

Filesize
47KB

MD5
bd468d5f91fe98ce84710a0750676064

SHA1
e213c1ee6041f6523727b3ad2449aac603f65595

SHA256
8f1069fd3fcbe1f9abcac5667a0d2099ec79a7a611ac74e09d687aecb18e07b5

SHA512
cd6c484d71d3f6f4a92ca85d4c26ed71f861d26fd3b5bd700e596833f80705ffde03d4d9b247634ebfd56d4ccc84f374c9ff4ae2beaa216642f15e1a702b9e63

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe.config

Filesize
776B

MD5
336caa70d9ef388edf8b234e5fc40cee

SHA1
864ccb7643fc99313e5acbeb59d608cd179e01bb

SHA256
9bb07566c5ceaf46cfc1164a63553bb3c00ad8a04138211c6eba81b60f4fe355

SHA512
eb037ff55c7d61a4170a9143b7ba40cc43ddbc9e8df673d7af03548c27c4410f53a5cdfafe8942559b9e5061419512f3c8faa5a6d32ed147dd33f832cf43e637

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\ThirdPartyPackageManager.dll

Filesize
47KB

MD5
5b0b64a2e4dbb0da2a64372d1f487b6a

SHA1
5e54a79f74efc58fbf73d9e4a114a44d2f6da5d4

SHA256
b9599f8e4b09cee9dc43e8612351ead57d804b2ac7ba9ce0dc7615379de804dc

SHA512
f609671ad876b64a4e2e646d53dde5fec0def93384b39f544cec6f3f09de41031b31133f197cacaa7af60c89cb953a8ef08f1c039d5fc013d35ee2dc3afcb2d0

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe

Filesize
53KB

MD5
b7aca4b1a547ca9ba8931fb2f3a8ffe4

SHA1
ade0df9aa1b3419b1f5dca663a5ba86221fca0b9

SHA256
bec6398691bd7290f2b504fffe3271275816af6cb4a481dcecb8325f497a4d80

SHA512
7344734e229ab95bd5764523ab8db72760f71c50e947547daa4dc5668a97f257022f8f864fda38e26f922df3ef16856979bab3785164dc4a3a661e25a2706735

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.INI

Filesize
12B

MD5
20f7dee705a4f03baeffa9b658fee625

SHA1
aff7da269b24cd1c37e5b13f9395564d0fdf6d5b

SHA256
aa29d45c1bdce17624bc9a2c57f89bd7b36e1f68e44ce763879cf44d977a82d6

SHA512
56068a5026fcbed08eb8d0c4fb82198d7b3eef4857aae0ca3dbb9b1fa0fe8772a930bb544bdac435c47fd612d5bcaade4bc7ba8360575769abdb3aa818bf98b3

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe

Filesize
65KB

MD5
15133bbe13e21b1c50d447c64463f772

SHA1
3dd21da8e2efd3e448fa336477700f733875cdae

SHA256
433e39d42fda59df6107cb02895950cdcf3bb96325a72e081dbba0cd79e6fdec

SHA512
54c3e5ebf34ce2b117ac88272fc40c712248df9aa11682f48b3d930dcf8b669ff8220fbcd203230a46722f5643f8a61f3ea6bf4dbc0d7a51c0355cc209dc44db

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe

Filesize
65KB

MD5
15133bbe13e21b1c50d447c64463f772

SHA1
3dd21da8e2efd3e448fa336477700f733875cdae

SHA256
433e39d42fda59df6107cb02895950cdcf3bb96325a72e081dbba0cd79e6fdec

SHA512
54c3e5ebf34ce2b117ac88272fc40c712248df9aa11682f48b3d930dcf8b669ff8220fbcd203230a46722f5643f8a61f3ea6bf4dbc0d7a51c0355cc209dc44db

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe

Filesize
65KB

MD5
15133bbe13e21b1c50d447c64463f772

SHA1
3dd21da8e2efd3e448fa336477700f733875cdae

SHA256
433e39d42fda59df6107cb02895950cdcf3bb96325a72e081dbba0cd79e6fdec

SHA512
54c3e5ebf34ce2b117ac88272fc40c712248df9aa11682f48b3d930dcf8b669ff8220fbcd203230a46722f5643f8a61f3ea6bf4dbc0d7a51c0355cc209dc44db

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe.config

Filesize
541B

MD5
d0efb0a6d260dbe5d8c91d94b77d7acd

SHA1
e33a8c642d2a4b3af77e0c79671eab5200a45613

SHA256
7d38534766a52326a04972a47caca9c05e95169725d59ab4a995f8a498678102

SHA512
a3f1cff570201b8944780cf475b58969332c6af9bea0a6231e59443b05fc96df06a005ff05f78954dbe2fec42da207f6d26025aa558d0a30a36f0df23a44a35c

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\Atera.AgentPackage.Common.dll

Filesize
94KB

MD5
e182b5896e44abee3a33adf7faef38dd

SHA1
d30d7146e03035da47dd3b7b50c08cdfa022aa35

SHA256
0d335ea84f9295e7882c358a923d265b6e0bc536a5fdd22da5931d9204b06467

SHA512
e467f383f576daf785dd728add510fa5d604a954ca4a2d7cee5bb6b8f14be8ea89219d181ae8da81510defb778b23c5c500e3d8c738f9b26d63bac8122036ef5

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\Newtonsoft.Json.dll

Filesize
693KB

MD5
b11c285aeb968434de2031c5451a267d

SHA1
92942073ae71b2d287767bf678a33db5718c603f

SHA256
f599fbd82e65a0feda9c19bca49f0db3324dcd4aa6251d40e1729765fecf9000

SHA512
bcccec3a4d2b26b02db11d2f6e4bfef9c9aa4153a7a5dcfc62b2276af50ccba3e060a5501d2aa9833c23f3821639d9715012925026e8ce53922f8a5452f83413

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe

Filesize
43KB

MD5
f0c3af895ad50d448c4746353896d1ca

SHA1
c55513edf0c17c0bb4be4c3e09e5f8752eeddbd6

SHA256
214ff5144ef7a275a74b431de78c80f3c27d234dbeccf1931540cefa99a93929

SHA512
3132347381689b34faf9a7b6230cddfa3310b15764a3f2a1828ff588cba42b557904daf0cb857863d4b1c2856195aa8bf15c9e75b5bcbf73317c5e3e2251bb2a

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe

Filesize
30KB

MD5
ee564070a011f3cc31f846040d93c5ca

SHA1
b498078df5739008d80a6e7624352313439546ed

SHA256
0f631801a8ee3bf167fc76b50ca05aae4cb6533cdbe7b2f1261e8c590bc80c57

SHA512
ec2b86564326d112f37cec79f4809f655d4074dab596c79820d1f186b0ab020b178815b986bd957475fbd129e3ea932d77fb1ad19804baf34d6ca45923ad9b6c

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe

Filesize
50KB

MD5
953e52ff73e83b5b07a6c4a89a281ee6

SHA1
9a2a24d55926ca9739c8aee411d3d23e290191bf

SHA256
71b287bb826d8abf546a647825532f6a2dee8e32fec04a1c5d766d497e02025a

SHA512
fd4a48921667b1039af4f3d74a4525cbd42a02af8e3fefe5e24102c9576dddf4ecb08f7beabb546fe8f5210007abbe69ce31acc9ee86bec48bd308c56ca3de09

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll

Filesize
588KB

MD5
82b17dc9838e1e21e5c6f53d2867e94a

SHA1
a09bfe6582bff9193337cc7dbab79d0b6b723205

SHA256
8e7210c1cd0955aeb4cbbdce362d4c450e0bf1be47bdf263fbf2789a4d98fd00

SHA512
c1b259655e2514449366f2d150d020a1eabb0e67af29c5e26c3a00f1d84d805216016c306d48e37354de09d4a056dc071c0d0d0d36f8ec9775843e6ae2712430

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt

Filesize
168B

MD5
78a4f019ed02337665220ef1567afa3c

SHA1
510536c97bbf42b8a55f330eb511f3bd5d4d4cbf

SHA256
8ab5b4331fcbea7dec9a424858ed0dc76fbe8127daaa7371c5b2f07028613f84

SHA512
1a6531480fd51bd271628f4f04b8cbb19c89d171a251791df55a5c5457f3422d43fceba55be3a58288cc202c5e2387b65679aa1c7ddde569166cdd84559a1fee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
471B

MD5
8d73977a4f13991fb4d44e3ab5c60980

SHA1
93b411e267318cf9b6bbbf134f071ad3a0bbc074

SHA256
4fdcc9952477541166c0c436b124ac86467effa04b0675cf53d67cb632aed884

SHA512
2ebc463ed707bbf400d5ac7212371fe1017e8d97fc69c4c2ef22344cddf58969f7221b8032f3e6a20286e4af5e75d4cfce5400a705ff217d19b79dea241f5000

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_D6781754937F132531C364D68914BDA9

Filesize
727B

MD5
37dd90c2d9505f80dbb219767e8b046d

SHA1
a724a38fb9fa27397a93b8793046e5b98718f5c5

SHA256
919facb27dd032f276e4dfac472b39eb5f18fd999985d8accfa7d7ba1ee35fd5

SHA512
6e3078f9647ab03703cbeac84dbb060d802b28cafe8cf6c7695a44f2f5995c0bf23f236928186c9a61431f239d3bcff9cee0b558887c9c5f39156f8a09b2fa18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
727B

MD5
d27bd216a97d88e036de0611db096ed0

SHA1
673333c7819386d77b478a669704dbeb50600930

SHA256
e7b868496dbca103ba27c3ee69b6f4cc4c11c8b0f8eb6995e629c96f3c3ab127

SHA512
f8342c496d469bf4ffbef68453822a746775656dcae84eafd29398b75715591262f28f1a5a7a95511b38fe8fac91593c505ec8e856ecd39380dd1f5abef2b940

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
400B

MD5
979a891e169b82990e2ffc8b38928644

SHA1
fd56e4594198e6c703fd9ed39feca872bfda737c

SHA256
2f9b81310c21bce48b0939cef6376362f8fbd272188abf1351b5e28e825e50a3

SHA512
d2d9b42175508162e9bc92224bcd7d4cf932ef5568def2930f3daad16b37206a9b393151f7f928b2e2b3671702559536f86e1703f9c729ea3a857d29781bc6c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_D6781754937F132531C364D68914BDA9

Filesize
408B

MD5
ad8ee15ec8352d2e73488f1b0001de18

SHA1
af4748aeb8c0cac47d92e21844b8481f46eb112e

SHA256
dfd14e55153847ba0f5e93a30ecaa34d57eaea3ce2aebb1e2c46e069edc8936c

SHA512
2dd522f443e778bdb80fdcc31eb955c880e1406d0a6056a28b0528db8e44213c965e17b577d9c54354923f2471411545e9a14d7fc244153e1144d78c68150fd1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4d094d28641a8af27283b7aa4035f5c7

SHA1
dee4fdccd85a7f16416a29c70763cc31fa6a96be

SHA256
4e2002510d85c1eba70500d03481c20e05c0ba183bed6894a8f39b00107858f9

SHA512
d6f4749f4b7c027a6e2049e48f95c645153e47c94ff1c5855682a52ca6d46554745eb9c15bc888857d4798c209b8469deb428ee6205b785087957dfcb1af6b12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
412B

MD5
2e7d92fd070241bb28d3ac2fb6f86dc0

SHA1
75259bfaaa89bd3832ffb1783409dbae39762cb8

SHA256
4efa7f510cc1bef795a61ab479aed126dd8c9bce50aca733e7f80c34611cb954

SHA512
f916a3bb27a18e46a99395bb7c2061d037b819cdbf28edc1f3b586c781f9c786d3606c59f191bbe96a3b9588bc2950ee1f7f936bf0ba60ec73ae1fe91ce37182

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabBCDB.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarBE45.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit
C:\Windows\Installer\MSI2F0E.tmp

Filesize
275KB

MD5
672e03b9d7a2d50f3e935909a198928b

SHA1
6cc8a45126243c6ad8a6336ef1789e6a8b5dd33f

SHA256
c4772f8a8761f052bd0336923539699ba2f358ac203beb197cda576146e05a0d

SHA512
bf5833ea48942319d560fb4dad62997fa5495e0d9c634361d919d3328364d0f4a999dfb56590d48227c3690d8a867b022f6d5fd01c46f27d2ad6421d88380372

Download Submit
C:\Windows\Installer\MSI4020.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\Installer\MSI40AE.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\Installer\MSI4226.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\Installer\MSI4226.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\Installer\f772da5.msi

Filesize
2.6MB

MD5
60c20160ce9aaf007bab367ca7fc3a16

SHA1
21aba7bf178ff5df590e61a66e21b2241d8f1e57

SHA256
6f91d1278cf86d976c8800a6ae122e8154bb8d7fd71f975fb3894975d1ade18f

SHA512
108ee6d8db6456a637bc43181ecdbd98c5c48dcbf670cea4706f509c45a235afad7ca02c98b8a94673255e9af86f7cd0176ce156f6ba02cf3ea8b26cb625fab4

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1

Filesize
1KB

MD5
d91299e84355cd8d5a86795a0118b6e9

SHA1
7b0f360b775f76c94a12ca48445aa2d2a875701c

SHA256
46011ede1c147eb2bc731a539b7c047b7ee93e48b9d3c3ba710ce132bbdfac6b

SHA512
6d11d03f2df2d931fac9f47ceda70d81d51a9116c1ef362d67b7874f91bf20915006f7af8ecebaea59d2dc144536b25ea091cc33c04c9a3808eefdc69c90e816

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4

Filesize
1KB

MD5
78f2fcaa601f2fb4ebc937ba532e7549

SHA1
ddfb16cd4931c973a2037d3fc83a4d7d775d05e4

SHA256
552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988

SHA512
bcad73a7a5afb7120549dd54ba1f15c551ae24c7181f008392065d1ed006e6fa4fa5a60538d52461b15a12f5292049e929cffde15cc400dec9cdfca0b36a68dd

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
69eafbca022881cf2a00225b3b138e1c

SHA1
69d334a7c5684837badb3046be5b50abf2a1d8c9

SHA256
456bde280ce35b0b834738e59e7edf3628005337cd8c24cf68a5e6058b8fd842

SHA512
b4e8969b74c3168841787520071a1bcc005690fa6782d38c3fc1d12c8c1ae020588179243fd8d2fc6dad8e0150a035a8a47a39d677c6f94ba160103359c6804b

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
938bcd93563f003daa26ecade4c15c0b

SHA1
466b7b92a856a0d518433c4ac8975e26a5199be8

SHA256
3b9540926bcc4b2341f6b9319767cdb2a2e4824c6cff1f0ff9621ea9aa10eae4

SHA512
f5f1d216743689d5335bf8253d689adf05b57ec766f5f022475cf0ee81822c39e0d6f67d7a9d9b8824cb97d1748570ff6c1764bf35f538be74220d81adc7e702

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
938bcd93563f003daa26ecade4c15c0b

SHA1
466b7b92a856a0d518433c4ac8975e26a5199be8

SHA256
3b9540926bcc4b2341f6b9319767cdb2a2e4824c6cff1f0ff9621ea9aa10eae4

SHA512
f5f1d216743689d5335bf8253d689adf05b57ec766f5f022475cf0ee81822c39e0d6f67d7a9d9b8824cb97d1748570ff6c1764bf35f538be74220d81adc7e702

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f99765e5b5e6eb8d87ce4f0a8b13b06d

SHA1
cecb97774a6d2ff46f3a8039b6a5453c61ac2ecc

SHA256
3128ff5c427b1f97d664cf43be76d86318505c8a7b432f800a48831cda05928b

SHA512
6df7a7526622125804fe220eed0f33e314d6be5099a94322979e09486de9f219cf73c18f0c67ffa37972ceb8aa72e341aa9047b7c83445a05dc27ba8b24ba3a3

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
da99b8a12cebc638fa4a9fb7b8710c2b

SHA1
caef253914b6df309f2b96a44cf6cfa4ab56a243

SHA256
1916ae18768906d828f1d1d915718d728385ad5e0a180b9d3cbc663ff883501e

SHA512
5dc3bb18d88b402528d7aa77cd879e1aea9e12a1084e4a55da5364536afed6162350e3cfabb38534ccdd5cfaee0e23aff52d6466b3d3d4b25360845364bee922

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3faf86d748b4d03df4d743c15d11a309

SHA1
2764a5401fd64df5236bd5867e50e783b3d61397

SHA256
9fb71a6c572809d8e8d73ab844137a67147be5bb7b2e967e33fe6076a6eb46b4

SHA512
3e1c40b65876875bc37199c2da01ddf43bca9299de04e84b7b60d183a286105e496a14585ccabf903da28e68419fcb6931aae6623c4d9d34c92e09b3e33d5025

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e0f8f858b99fb25d595ab53bdd12a629

SHA1
1fc7b9e7d6014077feea4f61affd39395fed8a49

SHA256
fc4731749557039ad904371820bfa0b0c199d9b0be2a256043faa58cd2b54c3a

SHA512
563f47882a4570afa86da7efa6ab178ee0d97632ecc5464cdcb9eddcb7a7f70d1e32602a03a0c612a3743b48c41d66e156e53023abc556778dfcc1fb5b01aeb7

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7b95492525de11133ced2d46067634fc

SHA1
64b1dde32bde0f66ba7bb49b4802c839e57b07b1

SHA256
aa617bc5bb0ee1c27849aa27e23e0872c442c8ab8fb3b3bd5b1109777a6b014b

SHA512
12dee7e27a50c5e64ae7ab4cb6667fe4e467fa7e0952566ca8135ecbaaf60976ee603da2f4e7e4a788a8ac88c345aeaf33d2a602a0907d2041b3e66e49babca9

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
91e156af1f46a72d0d554f8cb841aaf0

SHA1
e42254af05b39226b63b1b8ac6bfe35727c697cd

SHA256
3e511cb759e8e7c89947732647ba37a4743e172587f6632de87d97dab00238c9

SHA512
06576590b0e1bf84b445cd19135bace066b5237d808a35818839850afbc423d2ef543a4addeea34f950da9bbe8445a81ebb910b18896af27a36ae383aa51fe23

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c20187e9498f2ed2e3002d3e0a08a5cc

SHA1
344f63e151f0b7e61d15ba4a7250be80d4371651

SHA256
980950967c4ca399ed0e1077fa6a5b43cb9ed058ba4dae3c4697f94f3d3b3918

SHA512
1f96fb361374b38633235b104c5267748e857ecc87e59fd9e33b9ce289db694abc152323961c36027aca7e9ad226f292cbdc5bfd86939bd1f735acf2ad88663a

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7017b30e25e7c6ffab9dd79e8bac9066

SHA1
47a0dd6d09a8f7f585294de11932c9eae9ba2896

SHA256
9e89b49bd2881b24216b2507ae5a947a6ed4df11b4331c4381e148ca95a06638

SHA512
917a7f27987c6dfda01818fbfdcf70c3e9532e5c391c4aea64e6d311e7a17881d199618b9bedf07a69b227795c32e14a1b0d01136cbec811e1562dc4766b69c3

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef7eb41d2ed0d5340ae39b929b1c30cf

SHA1
3e1ba6a31a4ee02e8fba01f755d8811b0dbf41d6

SHA256
00d88224b6738b9ce74c25bd07d6a07cf96cdccfeeab3351a894e46ebb2910f2

SHA512
5eba67ef267e574b3f9cdf1e121d17ff42badf2d25acf292b453f52aa9f8c86081a3c2ed1ed0419953e2016382e61aefdebb26ee16a40776ed262cf7e56719f0

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1

Filesize
308B

MD5
f659333ea573653831a124303caa4146

SHA1
b99ad5efe9f971c1139a2db82728f5c529ce704d

SHA256
38e458033e72a4a64286e86a3617765622338cb0f1d7d2f361de7f0c97154e5b

SHA512
90a7e6560e161fc6c899a3aedc2b0fedbe60bb14d09d37b734b2ae2ecde1e06a5b73ed542df824aa6c0004b96a55af72d58fd03389112dd2a95868fcf0b13f66

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
7197cea4c7737b2c69211dd2f919dba5

SHA1
9e4b473177ff93155738e68ac3c3261cd68f828a

SHA256
18f66c0aa518cf22eb817434e8bab203d009c2a8e6dcc6b1c45b75962e959a9f

SHA512
8f3c3a27405f93abf7a6cf0c6078a83d3e575bac5946e91378a1cb7ad485351ffbaa16f1a717253115e83988d51d4557a0cf36af1eb66ebabafbadb4de374b3c

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4

Filesize
254B

MD5
56d7e685b3a47c79438322827fe1cee0

SHA1
1879e14caf5f84f3116f4770d33db2f934d49176

SHA256
136a69e5552a216eeb897b6320ddfe337e6ffb2eeaab7d0da5ad4dc2cb9a2620

SHA512
0d933fe74c5a616558861ba9f64cf6c18e3ee5662d9e44c8f2bafbcbcd034bf8d791e3f51a7fe8000418df050ecf81a78a3f2e868e36344639bae526a187ed88

Download Submit
C:\Windows\Temp\Cab7742.tmp

Filesize
29KB

MD5
d59a6b36c5a94916241a3ead50222b6f

SHA1
e274e9486d318c383bc4b9812844ba56f0cff3c6

SHA256
a38d01d3f024e626d579cf052ac3bd4260bb00c34bc6085977a5f4135ab09b53

SHA512
17012307955fef045e7c13bf0613bd40df27c29778ba6572640b76c18d379e02dc478e855c9276737363d0ad09b9a94f2adaa85da9c77ebb3c2d427aa68e2489

Download Submit
C:\Windows\Temp\PreVer.log

Filesize
2KB

MD5
048d761a25a6e115246ed93a24446c2f

SHA1
e33e4e160d239b7e8b71e3fae9578b5dcbaaba3e

SHA256
e297ef4cdc0811a652e138a54c384b5c296ba1dfeae10d3d022d7409f5e7c079

SHA512
e0a920188df58ed8e4590c9a134bab50645c7a64fa09699e1d4fec673dd7645579f6de76a15832980e9ac738432a34bcfd638232356d041053593c18f2343069

Download Submit
C:\Windows\Temp\Tar7755.tmp

Filesize
81KB

MD5
b13f51572f55a2d31ed9f266d581e9ea

SHA1
7eef3111b878e159e520f34410ad87adecf0ca92

SHA256
725980edc240c928bec5a5f743fdabeee1692144da7091cf836dc7d0997cef15

SHA512
f437202723b2817f2fef64b53d4eb67f782bdc61884c0c1890b46deca7ca63313ee2ad093428481f94edfcecd9c77da6e72b604998f7d551af959dbd6915809c

Download Submit
C:\Windows\Temp\unpack.log

Filesize
1KB

MD5
d49c677496df8a9332c8e83d907c86ba

SHA1
8a8eade4e099809135c8fba6e6017f55f3791d14

SHA256
bcd1698ce7e4504f84810602ea4db4d35b03a9b9e8d36a1fe0510c352434c44a

SHA512
56c18b5f0e9e66a582c03736a38344016cf5c831edfa2385678aa66b6e8da6be4c79edf4dda0a1184f0664d45d52761ee3f104761d5cbcd3fbe8b3aa7e3047bb

Download Submit
C:\Windows\Temp\unpack.log

Filesize
4KB

MD5
27d2d999a7f5015e43d3db1b4f2d2bcc

SHA1
23e23f4b78132527fd8f0883e3cdd070b977bf5f

SHA256
81b35a8a9de1c890c42733dc4d7246c57527a92962babf8619f763ad764641f5

SHA512
5692cf3b007f71b9c93985ba4bceeecf074097179e61b1a364bb5ac2c109d605378202053d7269a35f5327badfbac92298fabb1687463e8438d6a384b88879ac

Download Submit
C:\Windows\Temp\unpack.log

Filesize
4KB

MD5
27d2d999a7f5015e43d3db1b4f2d2bcc

SHA1
23e23f4b78132527fd8f0883e3cdd070b977bf5f

SHA256
81b35a8a9de1c890c42733dc4d7246c57527a92962babf8619f763ad764641f5

SHA512
5692cf3b007f71b9c93985ba4bceeecf074097179e61b1a364bb5ac2c109d605378202053d7269a35f5327badfbac92298fabb1687463e8438d6a384b88879ac

Download Submit
\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\x64\SQLite.Interop.dll

Filesize
1.7MB

MD5
1114cce4371541b5efa3152cb5cb5bc5

SHA1
8187bd09fd7826e5e4ffe570131b86104beef912

SHA256
d12baff5f0e7d1fb0b3f956ff17d5d1f281f7ca6c45b3195280ad09389b0a35d

SHA512
45d8128eee8cdfb4586285116083480ff66de81f23f69823655006b904647aae15da40ce31be8118e27c72c14aa4a9de512ccfcd09a0572423e8433fa74e4ed7

Download Submit
\Windows\Installer\MSI2F0E.tmp

Filesize
275KB

MD5
672e03b9d7a2d50f3e935909a198928b

SHA1
6cc8a45126243c6ad8a6336ef1789e6a8b5dd33f

SHA256
c4772f8a8761f052bd0336923539699ba2f358ac203beb197cda576146e05a0d

SHA512
bf5833ea48942319d560fb4dad62997fa5495e0d9c634361d919d3328364d0f4a999dfb56590d48227c3690d8a867b022f6d5fd01c46f27d2ad6421d88380372

Download Submit
\Windows\Installer\MSI2F0E.tmp

Filesize
275KB

MD5
672e03b9d7a2d50f3e935909a198928b

SHA1
6cc8a45126243c6ad8a6336ef1789e6a8b5dd33f

SHA256
c4772f8a8761f052bd0336923539699ba2f358ac203beb197cda576146e05a0d

SHA512
bf5833ea48942319d560fb4dad62997fa5495e0d9c634361d919d3328364d0f4a999dfb56590d48227c3690d8a867b022f6d5fd01c46f27d2ad6421d88380372

Download Submit
\Windows\Installer\MSI2F0E.tmp-\AlphaControlAgentInstallation.dll

Filesize
19KB

MD5
4db38e9e80632af71e1842422d4b1873

SHA1
84fe0d85c263168487b4125e70cd698920f44c53

SHA256
4924aad650fa0f88c6fc6ca77068d73f70f0d0866a98212b615290ffb0b04efa

SHA512
9ce1e75b11e43369fe2320cf52bef856170385a8e898a934c735cb92a8399e5e612a54b248579687c372dae58e47e05d9095116313aea9555cf2358944252d77

Download Submit
\Windows\Installer\MSI2F0E.tmp-\AlphaControlAgentInstallation.dll

Filesize
19KB

MD5
4db38e9e80632af71e1842422d4b1873

SHA1
84fe0d85c263168487b4125e70cd698920f44c53

SHA256
4924aad650fa0f88c6fc6ca77068d73f70f0d0866a98212b615290ffb0b04efa

SHA512
9ce1e75b11e43369fe2320cf52bef856170385a8e898a934c735cb92a8399e5e612a54b248579687c372dae58e47e05d9095116313aea9555cf2358944252d77

Download Submit
\Windows\Installer\MSI2F0E.tmp-\Microsoft.Deployment.WindowsInstaller.dll

Filesize
179KB

MD5
1a5caea6734fdd07caa514c3f3fb75da

SHA1
f070ac0d91bd337d7952abd1ddf19a737b94510c

SHA256
cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

SHA512
a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

Download Submit
\Windows\Installer\MSI2F0E.tmp-\Microsoft.Deployment.WindowsInstaller.dll

Filesize
179KB

MD5
1a5caea6734fdd07caa514c3f3fb75da

SHA1
f070ac0d91bd337d7952abd1ddf19a737b94510c

SHA256
cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

SHA512
a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

Download Submit
\Windows\Installer\MSI4020.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
\Windows\Installer\MSI40AE.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
\Windows\Installer\MSI4226.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
memory/1108-68-0x0000000073830000-0x0000000073F1E000-memory.dmp

Filesize
6.9MB

Download
memory/1108-87-0x0000000073830000-0x0000000073F1E000-memory.dmp

Filesize
6.9MB

Download
memory/1108-78-0x0000000001DB0000-0x0000000001DBC000-memory.dmp

Filesize
48KB

Download
memory/1108-74-0x00000000048A0000-0x00000000048E0000-memory.dmp

Filesize
256KB

Download
memory/1108-73-0x00000000006F0000-0x000000000071E000-memory.dmp

Filesize
184KB

Download
memory/1584-272-0x0000000000C50000-0x0000000000CD0000-memory.dmp

Filesize
512KB

Download
memory/1584-363-0x00000000011A0000-0x00000000011D8000-memory.dmp

Filesize
224KB

Download
memory/1584-179-0x000000001A660000-0x000000001A712000-memory.dmp

Filesize
712KB

Download
memory/1584-180-0x000007FEF4CD0000-0x000007FEF56BC000-memory.dmp

Filesize
9.9MB

Download
memory/1584-164-0x0000000000C50000-0x0000000000CD0000-memory.dmp

Filesize
512KB

Download
memory/1584-163-0x000007FEF4CD0000-0x000007FEF56BC000-memory.dmp

Filesize
9.9MB

Download
memory/1676-117-0x000007FEF4CD0000-0x000007FEF56BC000-memory.dmp

Filesize
9.9MB

Download
memory/1676-130-0x0000000000B20000-0x0000000000BB8000-memory.dmp

Filesize
608KB

Download
memory/1676-118-0x00000000002E0000-0x0000000000360000-memory.dmp

Filesize
512KB

Download
memory/1676-116-0x0000000001210000-0x0000000001236000-memory.dmp

Filesize
152KB

Download
memory/1676-165-0x000007FEF4CD0000-0x000007FEF56BC000-memory.dmp

Filesize
9.9MB

Download
memory/1936-703-0x000000001A0B0000-0x000000001A118000-memory.dmp

Filesize
416KB

Download
memory/1936-686-0x0000000000B10000-0x0000000000B5C000-memory.dmp

Filesize
304KB

Download
memory/1936-739-0x0000000019E30000-0x0000000019EB0000-memory.dmp

Filesize
512KB

Download
memory/1936-738-0x000007FEF4CD0000-0x000007FEF56BC000-memory.dmp

Filesize
9.9MB

Download
memory/1936-708-0x0000000019DF0000-0x0000000019E15000-memory.dmp

Filesize
148KB

Download
memory/1936-705-0x0000000000D50000-0x0000000000D7A000-memory.dmp

Filesize
168KB

Download
memory/1936-700-0x0000000000D40000-0x0000000000D48000-memory.dmp

Filesize
32KB

Download
memory/1936-677-0x0000000000DB0000-0x0000000000E18000-memory.dmp

Filesize
416KB

Download
memory/1936-699-0x0000000000F30000-0x0000000000FAE000-memory.dmp

Filesize
504KB

Download
memory/1936-680-0x000007FEF4CD0000-0x000007FEF56BC000-memory.dmp

Filesize
9.9MB

Download
memory/1936-697-0x0000000019C40000-0x0000000019CF2000-memory.dmp

Filesize
712KB

Download
memory/1936-681-0x00000000005E0000-0x000000000062A000-memory.dmp

Filesize
296KB

Download
memory/1936-695-0x0000000000660000-0x0000000000668000-memory.dmp

Filesize
32KB

Download
memory/1936-694-0x0000000000640000-0x0000000000648000-memory.dmp

Filesize
32KB

Download
memory/1936-683-0x0000000000320000-0x000000000033C000-memory.dmp

Filesize
112KB

Download
memory/1936-684-0x0000000019E30000-0x0000000019EB0000-memory.dmp

Filesize
512KB

Download
memory/1936-786-0x000007FEF4CD0000-0x000007FEF56BC000-memory.dmp

Filesize
9.9MB

Download
memory/1936-688-0x0000000000C00000-0x0000000000C48000-memory.dmp

Filesize
288KB

Download
memory/1936-692-0x0000000019D10000-0x0000000019DEC000-memory.dmp

Filesize
880KB

Download
memory/1936-690-0x0000000000630000-0x000000000063A000-memory.dmp

Filesize
40KB

Download
memory/1936-689-0x0000000000350000-0x0000000000358000-memory.dmp

Filesize
32KB

Download
memory/1996-1722-0x00000000197D0000-0x0000000019850000-memory.dmp

Filesize
512KB

Download
memory/1996-1712-0x0000000000A60000-0x0000000000A7C000-memory.dmp

Filesize
112KB

Download
memory/1996-1681-0x0000000000B30000-0x0000000000BE2000-memory.dmp

Filesize
712KB

Download
memory/1996-1584-0x000007FEF4CD0000-0x000007FEF56BC000-memory.dmp

Filesize
9.9MB

Download
memory/1996-1557-0x0000000000CF0000-0x0000000000D04000-memory.dmp

Filesize
80KB

Download
memory/2080-460-0x0000000000E20000-0x0000000000E4C000-memory.dmp

Filesize
176KB

Download
memory/2080-463-0x000007FEF4CD0000-0x000007FEF56BC000-memory.dmp

Filesize
9.9MB

Download
memory/2080-464-0x0000000000E50000-0x0000000000F00000-memory.dmp

Filesize
704KB

Download
memory/2080-466-0x00000000005B0000-0x00000000005CC000-memory.dmp

Filesize
112KB

Download
memory/2080-467-0x0000000019990000-0x0000000019A10000-memory.dmp

Filesize
512KB

Download
memory/2080-468-0x000007FEF4CD0000-0x000007FEF56BC000-memory.dmp

Filesize
9.9MB

Download
memory/2208-548-0x00000000003E0000-0x00000000003FC000-memory.dmp

Filesize
112KB

Download
memory/2208-701-0x0000000019EE0000-0x0000000019F60000-memory.dmp

Filesize
512KB

Download
memory/2208-550-0x0000000019EE0000-0x0000000019F60000-memory.dmp

Filesize
512KB

Download
memory/2208-549-0x000007FEF4CD0000-0x000007FEF56BC000-memory.dmp

Filesize
9.9MB

Download
memory/2208-693-0x000007FEF4CD0000-0x000007FEF56BC000-memory.dmp

Filesize
9.9MB

Download
memory/2208-547-0x0000000000BB0000-0x0000000000C60000-memory.dmp

Filesize
704KB

Download
memory/2208-546-0x0000000001230000-0x000000000125C000-memory.dmp

Filesize
176KB

Download
memory/2464-1844-0x0000000000A70000-0x0000000000A80000-memory.dmp

Filesize
64KB

Download
memory/2464-2013-0x0000000019A10000-0x0000000019AC2000-memory.dmp

Filesize
712KB

Download
memory/2464-1910-0x0000000000150000-0x0000000000160000-memory.dmp

Filesize
64KB

Download
memory/2464-1867-0x000007FEF4CD0000-0x000007FEF56BC000-memory.dmp

Filesize
9.9MB

Download
memory/3044-1911-0x000007FEF4CD0000-0x000007FEF56BC000-memory.dmp

Filesize
9.9MB

Download
memory/3044-1909-0x0000000000420000-0x0000000000438000-memory.dmp

Filesize
96KB

Download
memory/3044-1856-0x0000000000820000-0x000000000082A000-memory.dmp

Filesize
40KB

Download
memory/3044-1992-0x0000000000D60000-0x0000000000DE6000-memory.dmp

Filesize
536KB

Download
memory/3044-1959-0x00000000007A0000-0x0000000000820000-memory.dmp

Filesize
512KB

Download