Overview

overview

8

Static

static

1

fab822cc1d...00.msi

windows7-x64

8

fab822cc1d...00.msi

windows10-2004-x64

8

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-09-2024 01:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fab822cc1d5b10a959de748250badb0f1244964942814046b74c41b8887c8c00.msi

  • Size

    2.9MB

  • MD5

    305302b116cf1affd6662385b845fad7

  • SHA1

    de4d88c3f376f749b21a8eeb572a80bc481637b0

  • SHA256

    fab822cc1d5b10a959de748250badb0f1244964942814046b74c41b8887c8c00

  • SHA512

    a43452440d5b37176bba6e61c5c58e33dcf881c08cd7275826e6213bb8a39efdff2def3e95770c41ce1445692d55cb8665c0fd00d77808ec99574ba17624725a

  • SSDEEP

    49152:P+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:P+lUlz9FKbsodq0YaH7ZPxMb8tT

Score
8/10
bootkitdiscoverypersistenceprivilege_escalation

Malware Config

Signatures

  • Blocklisted process makes network request 6 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in System32 directory 39 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Executes dropped EXE 48 IoCs
  • Launches sc.exe 3 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Loads dropped DLL 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 20 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Time Discovery 1 TTPs 4 IoCs

    Adversary may gather the system time and/or time zone settings from a local or remote system.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Kills process with taskkill 3 IoCs
    evasion
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 62 IoCs
  • Modifies system certificate store 2 TTPs 5 IoCs
    evasionspywaretrojan
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\fab822cc1d5b10a959de748250badb0f1244964942814046b74c41b8887c8c00.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4280
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1992
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
        PID:1856
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 87401CB93BD8BD95FCF13B6BAA21B14E
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2120
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSIA8F2.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240626156 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
          3⤵
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:2344
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSIAC10.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240626718 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
          3⤵
          • Blocklisted process makes network request
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious use of AdjustPrivilegeToken
          PID:3824
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSIAFCA.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240627687 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
          3⤵
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:1800
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSIBA4E.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240630359 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
          3⤵
          • Blocklisted process makes network request
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:4896
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 39299FDC3F762867D22E9C824D74A8BB E Global\MSI0000
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2232
        • C:\Windows\SysWOW64\NET.exe
          "NET" STOP AteraAgent
          3⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:1076
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 STOP AteraAgent
            4⤵
            • System Location Discovery: System Language Discovery
            PID:4404
        • C:\Windows\SysWOW64\TaskKill.exe
          "TaskKill.exe" /f /im AteraAgent.exe
          3⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:4876
      • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
        "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="[email protected]" /CompanyId="4" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000GIFLyIAP" /AgentId="49004827-0e77-4ba0-a87c-7dd3c3290026"
        2⤵
        • Drops file in System32 directory
        • Executes dropped EXE
        • Modifies data under HKEY_USERS
        PID:2344
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 3915367A8C9F796FBB1E8EBF6E2067FC E Global\MSI0000
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:1868
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSI5CD9.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240672046 37 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
          3⤵
          • Drops file in System32 directory
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:412
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSI5DD4.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240672203 41 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
          3⤵
          • Blocklisted process makes network request
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:5236
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSI6094.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240672937 46 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
          3⤵
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:5928
        • C:\Windows\SysWOW64\NET.exe
          "NET" STOP AteraAgent
          3⤵
          • System Location Discovery: System Language Discovery
          PID:5468
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 STOP AteraAgent
            4⤵
            • System Location Discovery: System Language Discovery
            PID:6004
        • C:\Windows\SysWOW64\TaskKill.exe
          "TaskKill.exe" /f /im AteraAgent.exe
          3⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:5888
        • C:\Windows\syswow64\NET.exe
          "NET" STOP AteraAgent
          3⤵
          • System Location Discovery: System Language Discovery
          PID:5764
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 STOP AteraAgent
            4⤵
            • System Location Discovery: System Language Discovery
            PID:5580
        • C:\Windows\syswow64\TaskKill.exe
          "TaskKill.exe" /f /im AteraAgent.exe
          3⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:3972
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSI7F12.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240680703 84 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
          3⤵
          • Blocklisted process makes network request
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:4280
      • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
        "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /u
        2⤵
        • Drops file in System32 directory
        • Executes dropped EXE
        PID:5300
      • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe
        "C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="" /CompanyId="" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="" /AgentId="9e7d8f7e-d0ce-4ae5-9adc-f8871e726001"
        2⤵
        • Drops file in System32 directory
        • Drops file in Program Files directory
        • Executes dropped EXE
        • Modifies data under HKEY_USERS
        PID:4472
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Checks SCSI registry key(s)
      • Suspicious use of AdjustPrivilegeToken
      PID:4848
    • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
      "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
      1⤵
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Modifies system certificate store
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:4192
      • C:\Windows\System32\sc.exe
        "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
        2⤵
        • Launches sc.exe
        PID:2940
      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 49004827-0e77-4ba0-a87c-7dd3c3290026 "e12ca024-15b4-4f00-8e0b-bccaed8018a9" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000GIFLyIAP
        2⤵
        • Executes dropped EXE
        PID:1704
      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 49004827-0e77-4ba0-a87c-7dd3c3290026 "4730cc70-9bd7-4adb-ae06-783c3a0c9209" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000GIFLyIAP
        2⤵
        • Drops file in System32 directory
        • Executes dropped EXE
        PID:3728
      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 49004827-0e77-4ba0-a87c-7dd3c3290026 "e6f19229-fc31-42c7-9ec6-1f0cedc2c875" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000GIFLyIAP
        2⤵
        • Executes dropped EXE
        PID:1112
      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 49004827-0e77-4ba0-a87c-7dd3c3290026 "e26b9707-6892-4f7a-82de-146701a8c9cb" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q300000GIFLyIAP
        2⤵
        • Executes dropped EXE
        PID:4420
      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 49004827-0e77-4ba0-a87c-7dd3c3290026 "ae032e34-1e4a-4387-a7fe-7fef54a77536" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000GIFLyIAP
        2⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:4044
        • C:\Windows\System32\cmd.exe
          "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:1800
          • C:\Windows\system32\cscript.exe
            cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
            4⤵
            • Modifies data under HKEY_USERS
            PID:3436
      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 49004827-0e77-4ba0-a87c-7dd3c3290026 "7e1f20c4-111f-4d76-8129-886379c6e5a5" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000GIFLyIAP
        2⤵
        • Executes dropped EXE
        • Modifies data under HKEY_USERS
        • Suspicious use of WriteProcessMemory
        PID:4240
        • C:\Windows\System32\cmd.exe
          "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:5060
          • C:\Windows\system32\cscript.exe
            cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
            4⤵
            • Modifies data under HKEY_USERS
            PID:388
      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 49004827-0e77-4ba0-a87c-7dd3c3290026 "d2328f81-aa41-4afe-be5c-47d17d497b58" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000GIFLyIAP
        2⤵
        • Drops file in System32 directory
        • Executes dropped EXE
        • Loads dropped DLL
        PID:4488
      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 49004827-0e77-4ba0-a87c-7dd3c3290026 "3a4cec5e-c755-4d58-9d4b-be97365b090b" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000GIFLyIAP
        2⤵
        • Drops file in System32 directory
        • Executes dropped EXE
        • Loads dropped DLL
        PID:4628
    • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
      "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
      1⤵
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:3348
      • C:\Windows\System32\sc.exe
        "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
        2⤵
        • Launches sc.exe
        PID:2592
      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 49004827-0e77-4ba0-a87c-7dd3c3290026 "d2328f81-aa41-4afe-be5c-47d17d497b58" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000GIFLyIAP
        2⤵
        • Drops file in Program Files directory
        • Executes dropped EXE
        • Loads dropped DLL
        PID:2252
      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 49004827-0e77-4ba0-a87c-7dd3c3290026 "3a4cec5e-c755-4d58-9d4b-be97365b090b" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000GIFLyIAP
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:3636
      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 49004827-0e77-4ba0-a87c-7dd3c3290026 "481487c7-bcf2-4d2a-8ef5-74d259881288" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000GIFLyIAP
        2⤵
        • Executes dropped EXE
        • Modifies data under HKEY_USERS
        PID:1856
        • C:\Windows\System32\cmd.exe
          "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
          3⤵
            PID:3436
            • C:\Windows\system32\cscript.exe
              cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
              4⤵
              • Modifies data under HKEY_USERS
              PID:1076
        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 49004827-0e77-4ba0-a87c-7dd3c3290026 "e0a5c5ac-2a96-448c-b7dc-1aa85b8d23b4" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000GIFLyIAP
          2⤵
          • Writes to the Master Boot Record (MBR)
          • Drops file in Program Files directory
          • Executes dropped EXE
          • Loads dropped DLL
          • Modifies data under HKEY_USERS
          • Suspicious behavior: EnumeratesProcesses
          PID:4720
        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" 49004827-0e77-4ba0-a87c-7dd3c3290026 "80af2551-dc11-4c96-affa-bb4af8056a56" agent-api.atera.com/Production 443 or8ixLi90Mf "probe" 001Q300000GIFLyIAP
          2⤵
          • Drops file in System32 directory
          • Executes dropped EXE
          PID:2616
        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" 49004827-0e77-4ba0-a87c-7dd3c3290026 "ed3b0120-657e-4ce5-a0f2-2a771129fb82" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000GIFLyIAP
          2⤵
          • Drops file in System32 directory
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          PID:3680
          • C:\Windows\SYSTEM32\msiexec.exe
            "msiexec.exe" /i C:\Windows\TEMP\ateraAgentSetup64_1_8_7_2.msi /lv* AteraSetupLog.txt /qn /norestart
            3⤵
            • Modifies data under HKEY_USERS
            • Suspicious behavior: EnumeratesProcesses
            PID:5444
        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe" 49004827-0e77-4ba0-a87c-7dd3c3290026 "d4aecabc-d7d9-4cf0-9fb1-7b80454a2ef9" agent-api.atera.com/Production 443 or8ixLi90Mf "connect" 001Q300000GIFLyIAP
          2⤵
          • Drops file in System32 directory
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          PID:5324
          • C:\Windows\TEMP\Agent.Package.Availability\Agent.Package.Availability.exe
            "C:\Windows\TEMP\Agent.Package.Availability\Agent.Package.Availability.exe" 49004827-0e77-4ba0-a87c-7dd3c3290026 d4aecabc-d7d9-4cf0-9fb1-7b80454a2ef9 agent-api.atera.com/Production 443 or8ixLi90Mf connect 001Q300000GIFLyIAP
            3⤵
            • Executes dropped EXE
            • Suspicious behavior: EnumeratesProcesses
            PID:4900
        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" 49004827-0e77-4ba0-a87c-7dd3c3290026 "3c45e6c0-49d6-4f4b-9f9f-ece5d595d107" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q300000GIFLyIAP
          2⤵
          • Drops file in System32 directory
          • Executes dropped EXE
          • Modifies data under HKEY_USERS
          • Suspicious behavior: EnumeratesProcesses
          PID:5336
        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe" 49004827-0e77-4ba0-a87c-7dd3c3290026 "cbe798cd-4439-4421-be79-96f0f7936a3d" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBZENvbW1hbmRUeXBlIjo1LCJJbnN0YWxsYXRpb25GaWxlVXJsIjoiaHR0cHM6Ly9nZXQuYW55ZGVzay5jb20vOENRc3U5a3YvQW55RGVza19DdXN0b21fQ2xpZW50Lm1zaSIsIkZvcmNlSW5zdGFsbCI6ZmFsc2UsIlRhcmdldFZlcnNpb24iOiIifQ==" 001Q300000GIFLyIAP
          2⤵
          • Drops file in System32 directory
          • Executes dropped EXE
          PID:5432
        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" 49004827-0e77-4ba0-a87c-7dd3c3290026 "feeb9136-c387-4eac-a0ea-299ff5c168dc" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000GIFLyIAP
          2⤵
          • Drops file in System32 directory
          • Executes dropped EXE
          • Modifies registry class
          • Suspicious behavior: EnumeratesProcesses
          PID:5656
        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 49004827-0e77-4ba0-a87c-7dd3c3290026 "5f23295a-4dc9-444e-bc50-40c219f36952" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded" 001Q300000GIFLyIAP
          2⤵
          • Drops file in System32 directory
          • Executes dropped EXE
          PID:6004
        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" 49004827-0e77-4ba0-a87c-7dd3c3290026 "c5b65595-426d-4fe4-9e94-5ab862c226ea" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates" 001Q300000GIFLyIAP
          2⤵
          • Drops file in System32 directory
          • Executes dropped EXE
          PID:6100
        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" 49004827-0e77-4ba0-a87c-7dd3c3290026 "52e4b428-e523-46d6-8d92-bf561f768f9a" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000GIFLyIAP
          2⤵
          • Drops file in System32 directory
          • Executes dropped EXE
          PID:2068
        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe" 49004827-0e77-4ba0-a87c-7dd3c3290026 "7e407cc2-5038-462b-989f-01be1fcec8f8" agent-api.atera.com/Production 443 or8ixLi90Mf "agentprovision" 001Q300000GIFLyIAP
          2⤵
          • Drops file in System32 directory
          • Executes dropped EXE
          PID:5136
        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe" 49004827-0e77-4ba0-a87c-7dd3c3290026 "196c4616-1289-488b-a2de-10372acae3c4" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJDb21tYW5kTmFtZSI6Imluc3RhbGxkb3RuZXQiLCJEb3ROZXRWZXJzaW9uIjoiNi4wLjMyIiwiTWFjQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzNiMTFiZDM4LTU4ZmQtNDc4My05ZDdmLWUxOGUwNDA5ZmU2YS9hM2RmNGM3ZWJmZjhmYzJjNjdkN2M5ZjU1MThmYjdmZC9kb3RuZXQtcnVudGltZS02LjAuMzItb3N4LWFybTY0LnBrZyIsIk1hY1g2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci9hYTBiMWY3MS04ZGZjLTRiMWItOTUyNS0yMjQ5Y2Q0N2NkN2QvZWRkNDJjM2YyYmYxMTEwNjczNTVhZTFkNDU5OGZhNTEvZG90bmV0LXJ1bnRpbWUtNi4wLjMyLW9zeC14NjQucGtnIiwiV2luQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2I2ZGIyMjYxLTQyODgtNDc0Zi04NzYyLTRlZTA2YmNiMTIyNy9lOGIxNDU4ZWE5ZjgyYjkwZTYzYmU4ZmU4YjlmMjc3NS9kb3RuZXQtcnVudGltZS02LjAuMzItd2luLWFybTY0LmV4ZSIsIldpblg2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci80NTE1YWFhYS1jN2Q1LTQwYmYtYjdmZC1mNDc2ZDZlYTNiMWEvYzU0NWVhOTJkYmQ1Mzc3NTNhZWZiOTM3NDc4ZmQ1MzIvZG90bmV0LXJ1bnRpbWUtNi4wLjMyLXdpbi14NjQuZXhlIiwiV2luWDg2RG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzQ4ZWRkZTFlLTFlOGYtNGRiNi1iNGRjLWM4ODI1NTZkZGE0Yi8wODRhZjllNTQ2ODZmNzBhOGRhZWNlYTJkMmZiZTJjYi9kb3RuZXQtcnVudGltZS02LjAuMzItd2luLXg4Ni5leGUiLCJNYWNBUk1DaGVja3N1bSI6ImszRlZuUDdFQ25zUWdITm92ZTBvZmFVNXgzVFVHVDZkOFk3TmFwbTZPZWpuNXBpVXNoZlcwczc1QkJhVUR6T3hrNmxXL01BOFJnM2pqTVFIai9Eb3lRPT0iLCJNYWNYNjRDaGVja3N1bSI6IjZ2bUxDeVFPSnBrUkFtSDMxUnRYZE9tSnFuQkZEXHUwMDJCZ1VGeWxzN3hjSldvWmZcdTAwMkJuc25WWWtRc2JIYWV0TXVUcm8xaWRMcDhSVnl6RjE4NmFLQUNoSkZnUT09IiwiV2luQVJNQ2hlY2tzdW0iOiJ3eG02bWxhZkdzWXpPTmh4WVBLSW85a3RBVkN0WC94MGVua0s0RjAwUHJQMm9FSTI3aXFPNTh2akFEOHpITUMwenRYNnBBWWZNb0hEMXoyczYzcm5SQT09IiwiV2luWDY0Q2hlY2tzdW0iOiI1Ry9MOVhSM2J0R0ZrcGFoaHpTdkVDcVNIb3J1d0FhZTZVdkk4azFNYWFvb3NiRmR5Nk4xU3NHdFB2NEpuSUs4UmxPVUtUSHU2NFZMTHRCb1RWTHFoUT09IiwiV2luWDg2Q2hlY2tzdW0iOiJTZU51SVx1MDAyQkhMaTM0L0JQL1ZKcHFqb2FaeVZDY1ZLVnNhQUdtalc5dWJyeUFrZ3pkZ2wwS2xjNENuT2ljZ01Mb2R4dVNVcU9SeVRJbUdZWmVGSzlMbW1RPT0iLCJXb3Jrc3BhY2VJZCI6ImJmMGNlNDlkLTc3Y2YtNDcyMS1iZjcwLTU3Njg2MzgzYzlhYiIsIkxvZ05hbWUiOiJEb3ROZXRSdW50aW1lSW5zdGFsbGF0aW9uUmVwb3J0IiwiU2hhcmVkS2V5IjoialVJUy9UOUNSVkRlS3hZZzRVcjNhQ2hoV1F1Y1k3UFZ2d2cwekh1cUpzY3JUampRMkx3SzZVamZ1N2NBMk5wckFSMHIvU1JBWEpZWWxkUEtLRnlLS1E9PSJ9" 001Q300000GIFLyIAP
          2⤵
          • Drops file in System32 directory
          • Executes dropped EXE
          PID:5464
          • C:\Windows\SYSTEM32\cmd.exe
            "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
            3⤵
            • System Time Discovery
            PID:5552
            • C:\Program Files\dotnet\dotnet.exe
              dotnet --list-runtimes
              4⤵
              • System Time Discovery
              PID:5216
        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe" 49004827-0e77-4ba0-a87c-7dd3c3290026 "6f9f941a-950d-436f-906f-9dcf58285854" agent-api.atera.com/Production 443 or8ixLi90Mf "syncinstalledapps" 001Q300000GIFLyIAP
          2⤵
          • Drops file in System32 directory
          • Drops file in Program Files directory
          • Executes dropped EXE
          PID:5648
        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe" 49004827-0e77-4ba0-a87c-7dd3c3290026 "eb9fa76b-6e1b-4a77-8375-220b9887ac3f" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIybWFpbnRlbmFuY2VcdTAwMjIsXHUwMDIyRW5hYmxlZFx1MDAyMjp0cnVlLFx1MDAyMlJlcGVhdEludGVydmFsTWludXRlc1x1MDAyMjoxMCxcdTAwMjJEYXlzSW50ZXJ2YWxcdTAwMjI6MSxcdTAwMjJSZXBlYXREdXJhdGlvbkRheXNcdTAwMjI6MX0ifQ==" 001Q300000GIFLyIAP
          2⤵
          • Executes dropped EXE
          PID:5704
      • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe
        "C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe"
        1⤵
        • Drops file in Program Files directory
        • Executes dropped EXE
        • Modifies data under HKEY_USERS
        PID:1704
        • C:\Windows\System32\sc.exe
          "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
          2⤵
          • Launches sc.exe
          PID:4064
        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
          "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe" 49004827-0e77-4ba0-a87c-7dd3c3290026 "da321936-22e4-4b50-9a9d-ad01d848e02a" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBZENvbW1hbmRUeXBlIjo1LCJJbnN0YWxsYXRpb25GaWxlVXJsIjoiaHR0cHM6Ly9nZXQuYW55ZGVzay5jb20vOENRc3U5a3YvQW55RGVza19DdXN0b21fQ2xpZW50Lm1zaSIsIkZvcmNlSW5zdGFsbCI6ZmFsc2UsIlRhcmdldFZlcnNpb24iOiIifQ==" 001Q300000GIFLyIAP
          2⤵
          • Executes dropped EXE
          PID:5828
        • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
          "C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe" 49004827-0e77-4ba0-a87c-7dd3c3290026 "d2688639-815b-41c9-84fd-2c7a7a902d78" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIybWFpbnRlbmFuY2VcdTAwMjIsXHUwMDIyRW5hYmxlZFx1MDAyMjp0cnVlLFx1MDAyMlJlcGVhdEludGVydmFsTWludXRlc1x1MDAyMjoxMCxcdTAwMjJEYXlzSW50ZXJ2YWxcdTAwMjI6MSxcdTAwMjJSZXBlYXREdXJhdGlvbkRheXNcdTAwMjI6MX0ifQ==" 001Q300000GIFLyIAP
          2⤵
          • Executes dropped EXE
          PID:4004
        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
          "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 49004827-0e77-4ba0-a87c-7dd3c3290026 "974d1e07-f75e-49ca-8961-1a6b2cfe8339" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000GIFLyIAP
          2⤵
          • Executes dropped EXE
          PID:1808
          • C:\Windows\System32\cmd.exe
            "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
            3⤵
              PID:4512
              • C:\Windows\system32\cscript.exe
                cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                4⤵
                • Modifies data under HKEY_USERS
                PID:6020
          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
            "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" 49004827-0e77-4ba0-a87c-7dd3c3290026 "1c4a283c-0882-438f-8dad-4c046cbf6e5b" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000GIFLyIAP
            2⤵
            • Executes dropped EXE
            PID:5508
          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
            "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" 49004827-0e77-4ba0-a87c-7dd3c3290026 "4ad28005-250d-4dd3-a92c-8423147d407c" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q300000GIFLyIAP
            2⤵
            • Executes dropped EXE
            PID:4520
          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
            "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe" 49004827-0e77-4ba0-a87c-7dd3c3290026 "12da5927-e6ff-4217-ae73-039b10f4fb4b" agent-api.atera.com/Production 443 or8ixLi90Mf "agentprovision" 001Q300000GIFLyIAP
            2⤵
            • Executes dropped EXE
            • Modifies data under HKEY_USERS
            PID:920
          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
            "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 49004827-0e77-4ba0-a87c-7dd3c3290026 "02ada66e-bc0c-42d5-b688-ff116ea8b90f" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000GIFLyIAP
            2⤵
            • Writes to the Master Boot Record (MBR)
            • Executes dropped EXE
            PID:5288
          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
            "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" 49004827-0e77-4ba0-a87c-7dd3c3290026 "9e939cb4-a306-44aa-9556-ab4539ea108b" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates" 001Q300000GIFLyIAP
            2⤵
            • Executes dropped EXE
            PID:5064
          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
            "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe" 49004827-0e77-4ba0-a87c-7dd3c3290026 "1c25e8eb-0774-481d-8b44-eb6ece863232" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJDb21tYW5kTmFtZSI6Imluc3RhbGxkb3RuZXQiLCJEb3ROZXRWZXJzaW9uIjoiNi4wLjMyIiwiTWFjQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzNiMTFiZDM4LTU4ZmQtNDc4My05ZDdmLWUxOGUwNDA5ZmU2YS9hM2RmNGM3ZWJmZjhmYzJjNjdkN2M5ZjU1MThmYjdmZC9kb3RuZXQtcnVudGltZS02LjAuMzItb3N4LWFybTY0LnBrZyIsIk1hY1g2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci9hYTBiMWY3MS04ZGZjLTRiMWItOTUyNS0yMjQ5Y2Q0N2NkN2QvZWRkNDJjM2YyYmYxMTEwNjczNTVhZTFkNDU5OGZhNTEvZG90bmV0LXJ1bnRpbWUtNi4wLjMyLW9zeC14NjQucGtnIiwiV2luQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2I2ZGIyMjYxLTQyODgtNDc0Zi04NzYyLTRlZTA2YmNiMTIyNy9lOGIxNDU4ZWE5ZjgyYjkwZTYzYmU4ZmU4YjlmMjc3NS9kb3RuZXQtcnVudGltZS02LjAuMzItd2luLWFybTY0LmV4ZSIsIldpblg2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci80NTE1YWFhYS1jN2Q1LTQwYmYtYjdmZC1mNDc2ZDZlYTNiMWEvYzU0NWVhOTJkYmQ1Mzc3NTNhZWZiOTM3NDc4ZmQ1MzIvZG90bmV0LXJ1bnRpbWUtNi4wLjMyLXdpbi14NjQuZXhlIiwiV2luWDg2RG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzQ4ZWRkZTFlLTFlOGYtNGRiNi1iNGRjLWM4ODI1NTZkZGE0Yi8wODRhZjllNTQ2ODZmNzBhOGRhZWNlYTJkMmZiZTJjYi9kb3RuZXQtcnVudGltZS02LjAuMzItd2luLXg4Ni5leGUiLCJNYWNBUk1DaGVja3N1bSI6ImszRlZuUDdFQ25zUWdITm92ZTBvZmFVNXgzVFVHVDZkOFk3TmFwbTZPZWpuNXBpVXNoZlcwczc1QkJhVUR6T3hrNmxXL01BOFJnM2pqTVFIai9Eb3lRPT0iLCJNYWNYNjRDaGVja3N1bSI6IjZ2bUxDeVFPSnBrUkFtSDMxUnRYZE9tSnFuQkZEXHUwMDJCZ1VGeWxzN3hjSldvWmZcdTAwMkJuc25WWWtRc2JIYWV0TXVUcm8xaWRMcDhSVnl6RjE4NmFLQUNoSkZnUT09IiwiV2luQVJNQ2hlY2tzdW0iOiJ3eG02bWxhZkdzWXpPTmh4WVBLSW85a3RBVkN0WC94MGVua0s0RjAwUHJQMm9FSTI3aXFPNTh2akFEOHpITUMwenRYNnBBWWZNb0hEMXoyczYzcm5SQT09IiwiV2luWDY0Q2hlY2tzdW0iOiI1Ry9MOVhSM2J0R0ZrcGFoaHpTdkVDcVNIb3J1d0FhZTZVdkk4azFNYWFvb3NiRmR5Nk4xU3NHdFB2NEpuSUs4UmxPVUtUSHU2NFZMTHRCb1RWTHFoUT09IiwiV2luWDg2Q2hlY2tzdW0iOiJTZU51SVx1MDAyQkhMaTM0L0JQL1ZKcHFqb2FaeVZDY1ZLVnNhQUdtalc5dWJyeUFrZ3pkZ2wwS2xjNENuT2ljZ01Mb2R4dVNVcU9SeVRJbUdZWmVGSzlMbW1RPT0iLCJXb3Jrc3BhY2VJZCI6ImJmMGNlNDlkLTc3Y2YtNDcyMS1iZjcwLTU3Njg2MzgzYzlhYiIsIkxvZ05hbWUiOiJEb3ROZXRSdW50aW1lSW5zdGFsbGF0aW9uUmVwb3J0IiwiU2hhcmVkS2V5IjoialVJUy9UOUNSVkRlS3hZZzRVcjNhQ2hoV1F1Y1k3UFZ2d2cwekh1cUpzY3JUampRMkx3SzZVamZ1N2NBMk5wckFSMHIvU1JBWEpZWWxkUEtLRnlLS1E9PSJ9" 001Q300000GIFLyIAP
            2⤵
            • Executes dropped EXE
            • Modifies data under HKEY_USERS
            PID:3848
            • C:\Windows\SYSTEM32\cmd.exe
              "cmd.exe" /K "cd /d C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
              3⤵
              • System Time Discovery
              PID:5544
              • C:\Program Files\dotnet\dotnet.exe
                dotnet --list-runtimes
                4⤵
                • System Time Discovery
                PID:3004
          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
            "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" 49004827-0e77-4ba0-a87c-7dd3c3290026 "d1419905-4332-4dfe-b689-38e13f5b2256" agent-api.atera.com/Production 443 or8ixLi90Mf "probe" 001Q300000GIFLyIAP
            2⤵
            • Executes dropped EXE
            PID:4356
          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
            "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe" 49004827-0e77-4ba0-a87c-7dd3c3290026 "3e60387e-ec1a-4934-a390-2444ef6ab492" agent-api.atera.com/Production 443 or8ixLi90Mf "syncinstalledapps" 001Q300000GIFLyIAP
            2⤵
            • Executes dropped EXE
            PID:5664
          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
            "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 49004827-0e77-4ba0-a87c-7dd3c3290026 "d110af32-8e60-4f67-b5a8-93e922dd8eaa" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded" 001Q300000GIFLyIAP
            2⤵
            • Executes dropped EXE
            PID:6128
          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
            "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" 49004827-0e77-4ba0-a87c-7dd3c3290026 "14d40b3f-86c3-4fb5-b32e-6656cafea901" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000GIFLyIAP
            2⤵
            • Executes dropped EXE
            • Modifies registry class
            PID:4864
          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
            "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" 49004827-0e77-4ba0-a87c-7dd3c3290026 "b4246552-ac85-46c9-80a5-8869baa6207b" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000GIFLyIAP
            2⤵
            • Executes dropped EXE
            PID:2272
            • C:\Windows\TEMP\AteraUpgradeAgentPackage\AgentPackageUpgradeAgent.exe
              "C:\Windows\TEMP\AteraUpgradeAgentPackage\AgentPackageUpgradeAgent.exe" "49004827-0e77-4ba0-a87c-7dd3c3290026" "b4246552-ac85-46c9-80a5-8869baa6207b" "agent-api.atera.com/Production" "443" "or8ixLi90Mf" "checkforupdates" "001Q300000GIFLyIAP"
              3⤵
              • Executes dropped EXE
              PID:5624
          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
            "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" 49004827-0e77-4ba0-a87c-7dd3c3290026 "1c4a283c-0882-438f-8dad-4c046cbf6e5b" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000GIFLyIAP
            2⤵
            • Executes dropped EXE
            PID:5768

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Config.Msi\e57a876.rbs
          Filesize

          8KB

          MD5

          960819e61f178872a0aa9ed52345cd43

          SHA1

          4fae376683ee55601e7ad62501b208cae71ffff1

          SHA256

          f56012e78791cee2e815697e32b5232ae89b27e267bb9c2165c44fd120aa9852

          SHA512

          90aac030f72ac8adff9bfafdcd3feee2d427929b30a200118445afa28b0c321e8baf1076c320e8038baa0bcb5d395dd7ae7bdc1068165f6edd55dc0dadab480c

          Download Submit

        • C:\Config.Msi\e57a87d.rbs
          Filesize

          9KB

          MD5

          8c841980c5cb5da46762f3e03d98c17f

          SHA1

          852c30d6b2463624ac7dccb470df05304ba963c5

          SHA256

          cf93ccb548956c49d28f78ec7f9051fe53c34b6c0e20bb5175e26f0bb7f19ee1

          SHA512

          a6d139bb3204000574a073fc0baacfd53e50fc44b55ab9ba3055e549dff595c5b1acc08279ba46cab12a8a4d808c5f374a509e166088e3d737806444d46f3321

          Download Submit

        • C:\Config.Msi\e57a885.rbs
          Filesize

          8KB

          MD5

          1c32b6384b27719375d6d3d386153153

          SHA1

          9d94f936d3aa1df5a0187c3636f447308640bda8

          SHA256

          dfdfede7d672fa52016e19d9821dd416805492fc31cf501afbf1d983f140e0b7

          SHA512

          74fc6eccc43c6dadf190c6a9610c28a1a4accf00cb6777b5f4fed64ed1da05ba118dbd295f8136823c1e00a882fdb2108d6d1ea626902235e2f4cef682068508

          Download Submit

        • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
          Filesize

          1KB

          MD5

          3840b31c383fdf49bfd6740d945c9032

          SHA1

          a6f50164a69718bcef4664d7c47534f0d721866a

          SHA256

          1f119f4fda8028b420e70ee1637c65e2b4198b41eb3eb44d911afa6f1a0bbc64

          SHA512

          f5315421d4bc5f08fef4e1449e5799ddf311f08eda317a9eaad8c88c2e7b7c26182bd586c0221ffe5f4112e5d6e05f5d45d2d0382b0ed51ca25aa94d4d95a84d

          Download Submit

        • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
          Filesize

          753B

          MD5

          8298451e4dee214334dd2e22b8996bdc

          SHA1

          bc429029cc6b42c59c417773ea5df8ae54dbb971

          SHA256

          6fbf5845a6738e2dc2aa67dd5f78da2c8f8cb41d866bbba10e5336787c731b25

          SHA512

          cda4ffd7d6c6dff90521c6a67a3dba27bf172cc87cee2986ae46dccd02f771d7e784dcad8aea0ad10decf46a1c8ae1041c184206ec2796e54756e49b9217d7ba

          Download Submit

        • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
          Filesize

          142KB

          MD5

          477293f80461713d51a98a24023d45e8

          SHA1

          e9aa4e6c514ee951665a7cd6f0b4a4c49146241d

          SHA256

          a96a0ba7998a6956c8073b6eff9306398cc03fb9866e4cabf0810a69bb2a43b2

          SHA512

          23f3bd44a5fb66be7fea3f7d6440742b657e4050b565c1f8f4684722502d46b68c9e54dcc2486e7de441482fcc6aa4ad54e94b1d73992eb5d070e2a17f35de2f

          Download Submit

        • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config
          Filesize

          1KB

          MD5

          b3bb71f9bb4de4236c26578a8fae2dcd

          SHA1

          1ad6a034ccfdce5e3a3ced93068aa216bd0c6e0e

          SHA256

          e505b08308622ad12d98e1c7a07e5dc619a2a00bcd4a5cbe04fe8b078bcf94a2

          SHA512

          fb6a46708d048a8f964839a514315b9c76659c8e1ab2cd8c5c5d8f312aa4fb628ab3ce5d23a793c41c13a2aa6a95106a47964dad72a5ecb8d035106fc5b7ba71

          Download Submit

        • C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll
          Filesize

          210KB

          MD5

          c106df1b5b43af3b937ace19d92b42f3

          SHA1

          7670fc4b6369e3fb705200050618acaa5213637f

          SHA256

          2b5b7a2afbc88a4f674e1d7836119b57e65fae6863f4be6832c38e08341f2d68

          SHA512

          616e45e1f15486787418a2b2b8eca50cacac6145d353ff66bf2c13839cd3db6592953bf6feed1469db7ddf2f223416d5651cd013fb32f64dc6c72561ab2449ae

          Download Submit

        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll
          Filesize

          693KB

          MD5

          2c4d25b7fbd1adfd4471052fa482af72

          SHA1

          fd6cd773d241b581e3c856f9e6cd06cb31a01407

          SHA256

          2a7a84768cc09a15362878b270371daad9872caacbbeebe7f30c4a7ed6c03ca7

          SHA512

          f7f94ec00435466db2fb535a490162b906d60a3cfa531a36c4c552183d62d58ccc9a6bb8bbfe39815844b0c3a861d3e1f1178e29dbcb6c09fa2e6ebbb7ab943a

          Download Submit

        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
          Filesize

          156KB

          MD5

          eeb8806784553b29f5e8ce3f3566c452

          SHA1

          588702edd2cae4fb11558e967ba88f1d4aa0b92e

          SHA256

          aa2322e40481d38df9976c34a564932262ee08e72fd76465adbcc04545beeb8f

          SHA512

          88378e2190d813e788121db814ac9b49ff12e489780cf46cda770794d3edf64075e1c73f2c1efd29265ee71fdcb13a06a0de0c29747773636fd3de28ada6e2d1

          Download Submit

        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\data\iot_conf.json
          Filesize

          189B

          MD5

          4755d302dac15184b549a5738b17aaa9

          SHA1

          8f59046c99623fb5ad1436fb26a949d5a4589dac

          SHA256

          82bbc68f71e2ed3d7704e48741a26646ca01def4cd418b52b70ad02cf7fbf40a

          SHA512

          bd975bd4b4bb5fa0f1836d8eb9942e9a89d5787a981967e39f7f82ab769d81df07b0f88670547d0a6c09f2b9ac86f038a66d9e5af37ac3d694bb3547954d04d8

          Download Submit

        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
          Filesize

          156KB

          MD5

          0b7534a49a757d7525f7fc966d6caf5f

          SHA1

          2548a8d4bfe81d194a42a6df1761ab910deccbca

          SHA256

          312755b522a3cb212a2d5e0df2888699c35de233a2dc198c37475e2bf414b0a1

          SHA512

          4d3105e7669093df8364543571d839d0fd573153eed27d82860984797fb30853c3f5fb7707bf97442d4ab71783012fbbb3d9ab1a2d6acbea335f06b756fd4796

          Download Submit

        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
          Filesize

          51KB

          MD5

          3180c705182447f4bcc7ce8e2820b25d

          SHA1

          ad6486557819a33d3f29b18d92b43b11707aae6e

          SHA256

          5b536eda4bff1fdb5b1db4987e66da88c6c0e1d919777623344cd064d5c9ba22

          SHA512

          228149e1915d8375aa93a0aff8c5a1d3417df41b46f5a6d9a7052715dbb93e1e0a034a63f0faad98d4067bcfe86edb5eb1ddf750c341607d33931526c784eb35

          Download Submit

        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.INI
          Filesize

          12B

          MD5

          5114ae785bdc99e7a17bf2cda7d29a72

          SHA1

          3de3b2f755c832b8d5e6c0ec409448e2f559ffd6

          SHA256

          69dffbbca4b0d194104af8f2e0fcf2b8019be844149151b35ac0777a26fda2db

          SHA512

          87243f0b4b8e45408b39d209fa7aaff2a844d58e73c431f7887c90b000fd19b12048987218598945d4faa0fa75fdaea83fc50583175143df737134a2bdd27d03

          Download Submit

        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
          Filesize

          172KB

          MD5

          acce8b17de63299aa4d5cb7d709beedc

          SHA1

          f0ec4bb9be94ee250ed38e88a87b65e727a9a058

          SHA256

          c46a613d72f89b5886a79b742aa845152505734642188ea710716f63fb775c77

          SHA512

          1fd0eadd36d9058e7bc4ac06108b0430abd5d43bc14100593352fd2f5639547b92bd7ae9691e219a26a90a80e4427dae687a2312dca0a48f71dd3acff9494752

          Download Submit

        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config
          Filesize

          546B

          MD5

          158fb7d9323c6ce69d4fce11486a40a1

          SHA1

          29ab26f5728f6ba6f0e5636bf47149bd9851f532

          SHA256

          5e38ef232f42f9b0474f8ce937a478200f7a8926b90e45cb375ffda339ec3c21

          SHA512

          7eefcc5e65ab4110655e71bc282587e88242c15292d9c670885f0daae30fa19a4b059390eb8e934607b8b14105e3e25d7c5c1b926b6f93bdd40cbd284aaa3ceb

          Download Submit

        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll
          Filesize

          94KB

          MD5

          ddc6b969b5db1626766381ff12340fa1

          SHA1

          6aaa12b989edaad22e1db21127ddcffd8951930a

          SHA256

          cebe42fbee50769c3cf9ce1adeb4fa85046802b7a298bdeaac3278cf4b653525

          SHA512

          b86d9c2e1234960f6614b6e6d790eeafb093db4cc1c9a2c4fe55ef0d4496d79b673f1b373bedb036d23246fe1d3b7370fc0a195f59508a0566bf101401480f6e

          Download Submit

        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll
          Filesize

          688KB

          MD5

          6eb75a19a6ab8f9de3886261b399a8f7

          SHA1

          7fe98ddec3faa1362167be26b5455283e7777881

          SHA256

          d1a4d5fb2b89a96a3effc149d0a32b72182d37b59414aaf78e202d91cf408a68

          SHA512

          383c477438a3654dcf5eb984626715d14ad6c771692b28326ee2212034f8b70d4430aeae677532c66619883cbe86456602e544f2e0f0a98770f69be3956504c1

          Download Submit

        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
          Filesize

          27KB

          MD5

          797c9554ec56fd72ebb3f6f6bef67fb5

          SHA1

          40af8f7e72222ba9ec2ea2dd1e42ff51dc2eb1bb

          SHA256

          7138b6beda7a3f640871e232d93b4307065ab3cd9cfac1bd7964a6bec9e60f49

          SHA512

          4f461a8a25da59f47ced0c0dbf59318ddb30c21758037e22bbaa3b03d08ff769bfd1bfc7f43f0e020df8ae4668355ab4b9e42950dca25435c2dd3e9a341c4a08

          Download Submit

        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
          Filesize

          214KB

          MD5

          01807774f043028ec29982a62fa75941

          SHA1

          afc25cf6a7a90f908c0a77f2519744f75b3140d4

          SHA256

          9d4727352bf6d1cca9cba16953ebd1be360b9df570fd7ba022172780179c251e

          SHA512

          33bd2b21db275dc8411da6a1c78effa6f43b34afd2f57959e2931aa966edea46c78d7b11729955879889cbe8b81a8e3fb9d3f7e4988e3b7f309cbd1037e0dc02

          Download Submit

        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
          Filesize

          37KB

          MD5

          601e661fd5917647d8932600560e6a27

          SHA1

          c259050d22ddfccd00434fbdf4660668e45a1d45

          SHA256

          0f1a1f5c257aa061caef7faa224959f60f8e257a5a56ecd02bb9e8be25ea093a

          SHA512

          8a3822fb7a1fa5c08f9ffaa7f3fa91fff2db795ca17d259d3c51264434d86325e20e8398d4e3785e143aee7430a35287112c52a876e163f5ac8fca414e27fbfb

          Download Submit

        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring.zip
          Filesize

          3.4MB

          MD5

          25ee719e8a32a0c5dfc57a5923fe32f2

          SHA1

          f48e0549f5f05476eb780e78f7840a98b4375193

          SHA256

          a5ceb8392d19691cfc565d6de595d829d474b9b095557a55c1d11ba475e82836

          SHA512

          a7483cdd47e71ae7570aff30d2ec9e8017dfe5ba6488a8e14b538912a0e3ab286baf764a13553d30170d874c5f14ea524c5d878131304c74838aa8e0952a2831

          Download Submit

        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
          Filesize

          387KB

          MD5

          b50005a1a62afa85240d1f65165856eb

          SHA1

          eec370fa998afcd06227dcb1bd5e6e2d36073693

          SHA256

          1867cf4fcb38f7e7fc98ddad180c26a717360df688a8eabd9f325fde3c16f5bd

          SHA512

          63e664a8c12f27ef4c273330a8ce322ceacf12649c2bf61617ed8e394c43bf2ccaf1c2a14e2ce8807c11ce5edd653fc7f942d0f4919923b37e1174a67393dbc4

          Download Submit

        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.ini
          Filesize

          12B

          MD5

          72133f8b7a6b747d14ad3d4bff8ca002

          SHA1

          476623d1ca063e5f7836dec97384f79e9dd04786

          SHA256

          531efe3fb7cacbc23b12fbef7b426a3eef4b4aca64c20df7637f4abd46cf1fc1

          SHA512

          4292c7513f4843543fdda960271e060648c7690ab48477fce27c00220f5216fc813114078e64886aadcdd5fd42ad96db447856c11fd5954d6b1596b744cd5f2c

          Download Submit

        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
          Filesize

          64KB

          MD5

          7943db68511c01861ace4845bfa5e7ec

          SHA1

          6afe7dc996937662826edcce445279c9639a0bbb

          SHA256

          30af6292b09dd3eec10dd036fc76a8dc3b8e57bb80482ff45758d7cd41590ed4

          SHA512

          4d8a86fde708db1b31cbc434500f72f392a44d5f6c4a0acef1060815cdb31cac0f6bcdd029297154b65a813ed2f3e7fef073bf3a5d142af0011b937f5a5129db

          Download Submit

        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
          Filesize

          193KB

          MD5

          c0c8815acf3a7bd323512dfea1b0abf0

          SHA1

          31c42681964ba6e24578105b30c3a3947641c669

          SHA256

          fb33c644cb11c8a0522e7ecec9c529eabdc1080d68bd3c21a6eeb3f6fe2fc425

          SHA512

          47beaa98df6cf7403e9bce455964b5c378d303b959b17253104344fc48e14a09ad5889b20d4aac06c4c1c57f42f5b826e0b71c10f1825fbfffeeb81d36d247fc

          Download Submit

        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
          Filesize

          52KB

          MD5

          6e034c46991a649567d61b8124d6e59f

          SHA1

          521e87bf75e0e17f6f9ad7805c1babb0c546b97c

          SHA256

          be13a7f910f96b492c76a52ccf52e1d800bbda00236827dcb946759427650254

          SHA512

          c8b5b78674250b1935e8c9bfacfb58318c7541601bdd8da64a388775c743c107900c8699b21838e87b323aba5d2451f94255ca11fb26b5d23c74289e89fe7520

          Download Submit

        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\config\chocolatey.config
          Filesize

          9KB

          MD5

          9d1528a2ce17522f6de064ae2c2b608e

          SHA1

          2f1ce8b589e57ab300bb93dde176689689f75114

          SHA256

          11c9ad150a0d6c391c96e2b7f8ad20e774bdd4e622fcdfbf4f36b6593a736311

          SHA512

          a19b54ed24a2605691997d5293901b52b42f6af7d6f6fda20b9434c9243cc47870ec3ae2b72bdea0e615f4e98c09532cb3b87f20c4257163e782c7ab76245e94

          Download Submit

        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\config\chocolatey.config.5648.update
          Filesize

          9KB

          MD5

          14ffcf07375b3952bd3f2fe52bb63c14

          SHA1

          ab2eadde4c614eb8f1f2cae09d989c5746796166

          SHA256

          6ccfdb5979e715d12e597b47e1d56db94cf6d3a105b94c6e5f4dd8bab28ef5ed

          SHA512

          14a32151f7f7c45971b4c1adfb61f6af5136b1db93b50d00c6e1e3171e25b19749817b4e916d023ee1822caee64961911103087ca516cf6a0eafce1d17641fc4

          Download Submit

        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\logs\chocolatey.log
          Filesize

          8KB

          MD5

          d7bbd0f7845c0d7f2b5eddbca18f1dd8

          SHA1

          061c529da7736b96be15c545b7835fd44cb2675d

          SHA256

          b4ede87c93452cc5d3593a654bb859c8ccdc06445d422d763a4cdb1950eddb87

          SHA512

          4f38e4de71e943f72938f70e688574e621e72c87277ac95ccc431a5dacb3b5322e24f2ea16175c69b905d2b74839b7e2bcd75a230a94197afb7803b30a1fcfaf

          Download Submit

        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\redirects\cpush.exe.ignore
          Filesize

          2B

          MD5

          81051bcc2cf1bedf378224b0a93e2877

          SHA1

          ba8ab5a0280b953aa97435ff8946cbcbb2755a27

          SHA256

          7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6

          SHA512

          1b302a2f1e624a5fb5ad94ddc4e5f8bfd74d26fa37512d0e5face303d8c40eee0d0ffa3649f5da43f439914d128166cb6c4774a7caa3b174d7535451eb697b5d

          Download Submit

        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
          Filesize

          54KB

          MD5

          77c613ffadf1f4b2f50d31eeec83af30

          SHA1

          76a6bfd488e73630632cc7bd0c9f51d5d0b71b4c

          SHA256

          2a0ead6e9f424cbc26ef8a27c1eed1a3d0e2df6419e7f5f10aa787377a28d7cf

          SHA512

          29c8ae60d195d525650574933bad59b98cf8438d47f33edf80bbdf0c79b32d78f0c0febe69c9c98c156f52219ecd58d7e5e669ae39d912abe53638092ed8b6c3

          Download Submit

        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
          Filesize

          71KB

          MD5

          00a4d22d776d110adcc63f0c567131c6

          SHA1

          88ebb71c2ddb4733f10107b35aaaa3fbcfa52473

          SHA256

          01dc7b7f54222fa9494bb76a61d81a793a232a39ab2c07e2f0bd12152441f5c0

          SHA512

          b80264cf36b749985e3f03ffb5bc47c07342bea27d547aeed28999d0d6e4f9a207dfbfb0dd2806d5f483a857ea9076a07bf51ee6d87144b6fb4347a829e5de78

          Download Submit

        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
          Filesize

          50KB

          MD5

          26e9cce4bd85a1fcacbf03a8c3f3ddca

          SHA1

          3f78c454cc72d4c5b2a0f295530391904ec87948

          SHA256

          50f399a3867deab18530f8f3e72d489a15f62d6e250f4f795c7bb735f9522899

          SHA512

          d57c6a799c01a3f67afb3ddedddbd49ecfc17c2347bec24ed85207a846547f6288d2023961edcab67dfc512e0b1da187c475a7d01bb1005a61d337ec4fea0fe0

          Download Submit

        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
          Filesize

          32KB

          MD5

          38d0c4b048371940f8091f7237a4cafc

          SHA1

          cb6a1ae8a140f9065b587e2e6b140a206eb9f3c5

          SHA256

          b995fec42a185da67cdd84cecd2156d7d35624792e849b0032cd98f23e605717

          SHA512

          ef3c2eab28b55fd893b12a2de7db7f76bf5cc8417e2b0ff3d547439bdd96e0dcfc7e58a5e584aa12f5353a96e72f664e4e00ed422309f91499f43d9372af1813

          Download Submit

        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
          Filesize

          51KB

          MD5

          6095b43fa565da44e7a818cfb4bacba2

          SHA1

          0613cab68ffb3903a18ed5f4967d52b4815d2499

          SHA256

          9fbc99e85f5fa709d0d21854d4fe1fd420c7dec8ec1f7105be74eeb282effc8c

          SHA512

          d0a27917f420968355af04d572d597f83d8011a86e9c32546c0a7be493556ae0618894dda04cadc935a16264d7685823425d1e57f1a0873f0119a74664f88956

          Download Submit

        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll
          Filesize

          588KB

          MD5

          17d74c03b6bcbcd88b46fcc58fc79a0d

          SHA1

          bc0316e11c119806907c058d62513eb8ce32288c

          SHA256

          13774cc16c1254752ea801538bfb9a9d1328f8b4dd3ff41760ac492a245fbb15

          SHA512

          f1457a8596a4d4f9b98a7dcb79f79885fa28bd7fc09a606ad3cd6f37d732ec7e334a64458e51e65d839ddfcdf20b8b5676267aa8ced0080e8cf81a1b2291f030

          Download Submit

        • C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt
          Filesize

          215B

          MD5

          e81724a8c2c7ceb73cf55ed13caec47f

          SHA1

          55c48513dcaba3bc22bc7d5dde4f5a174ad9070f

          SHA256

          339bb3d125752e113744a0ccc4536f841e86516228fd0f443fd202a311a3d1af

          SHA512

          470c4e6d12f5548fa79d26ac3d3d38d5d1729076ccf6aa8355b50fcc58623196776354b0f92dfe30bac005477663ca5159c7f76ad71de5362503b321223cf4db

          Download Submit

        • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallLog
          Filesize

          287B

          MD5

          fcad4da5d24f95ebf38031673ddbcdb8

          SHA1

          3f68c81b47e6b4aebd08100c97de739c98f57deb

          SHA256

          7e1def23e5ab80fea0688c3f9dbe81c0ab4ec9e7bdbcc0a4f9cd413832755e63

          SHA512

          1694957720b7a2137f5c96874b1eb814725bdba1f60b0106073fa921da00038a532764ec9a5501b6ffb9904ee485ce42ff2a61c41f88b5ff9b0afde93d6f7f3d

          Download Submit

        • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallState
          Filesize

          7KB

          MD5

          362ce475f5d1e84641bad999c16727a0

          SHA1

          6b613c73acb58d259c6379bd820cca6f785cc812

          SHA256

          1f78f1056761c6ebd8965ed2c06295bafa704b253aff56c492b93151ab642899

          SHA512

          7630e1629cf4abecd9d3ddea58227b232d5c775cb480967762a6a6466be872e1d57123b08a6179fe1cfbc09403117d0f81bc13724f259a1d25c1325f1eac645b

          Download Submit

        • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog.zip
          Filesize

          1.9MB

          MD5

          b110ba42ca8d339b18293ac3f1e94f03

          SHA1

          e21ac41d052159076b34823d2653db0decdf7f8c

          SHA256

          c860712a06a55cdddfed7a9f86f0df36da1e475b9901148d07d5b02331ba0f77

          SHA512

          d81efa032f3ff5edc247440cff1e911a82230b757c02534209fead7ecf630fe5308f9a32a78cc229f175cb447735d539eb61039bfb4ff9f8e77b8dbccda2b0ba

          Download Submit

        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote.zip
          Filesize

          1.1MB

          MD5

          9a9b1fd85b5f1dcd568a521399a0d057

          SHA1

          34ed149b290a3a94260d889ba50cb286f1795fa6

          SHA256

          88d5a5a4a1b56963d509989b9be1a914afe3e9ee25c2d786328df85da4a7820d

          SHA512

          7c1259dddff406fdaadb236bf4c7dfb734c9da34fd7bad9994839772e298ebf3f19f02eb0655e773ba82702aa9175337ba4416c561dc2cb604d08e271cc74776

          Download Submit

        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation.zip
          Filesize

          375KB

          MD5

          62ba835da9186b6f9aba75db02bda457

          SHA1

          73cf400d8ca1e32dc336344778e43ba5f077659a

          SHA256

          3f7e666c873a00e2fc36561ca3c6554d64ee592ca6d7aae44c1d578a4ba952c0

          SHA512

          ad12ddcf069b1e41895c6fe95b4206afd5e41fc36078323b0cf5084a90322106366b1058fd19f4a7a2e3298b59ee06cf8db75dfcedac3377211216a81dd86cd9

          Download Submit

        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat.zip
          Filesize

          321KB

          MD5

          d3901e62166e9c42864fe3062cb4d8d5

          SHA1

          c9c19eec0fa04514f2f8b20f075d8f31b78bae70

          SHA256

          dbc0e52e6de93a0567a61c7b1e86daa51fbef725a4a31eef4c9bbff86f43671c

          SHA512

          ae33e57759e573773b9bb79944b09251f0dc4e07cdb8f373ec06963abfc1e6a6326df7f3b5fecf90bd2b060e3cb5a48b913b745cc853ac32d2558a8651c76111

          Download Submit

        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller.zip
          Filesize

          814KB

          MD5

          9b1f97a41bfb95f148868b49460d9d04

          SHA1

          768031d5e877e347a249dfdeab7c725df941324b

          SHA256

          09491858d849212847e4718d6cc8f2b1bc3caa671ceb165cf522290b960262e4

          SHA512

          9c8929a78cb459f519ace48db494d710efd588a19a7dbea84f46d02563cc9615db8aa78a020f08eca6fa2b99473d15c8192a513b4df8073aef595040d8962ae4

          Download Submit

        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace.zip
          Filesize

          1.2MB

          MD5

          de647c2003b0af989d2e87782cbddcd4

          SHA1

          bedc6201c49e8b26af38d4a81af7545abe4e27cd

          SHA256

          74732e18b4d2e436952d9bf13affb854d570e2e7bd25f5ae6884195a4343a697

          SHA512

          34438f6376d283b6e5d1d2e60b2a2a8411641e2eb89acc173d0db409645fa37d1d67ed47899ada434e9bebf054867d8eaef14beafabc116e30a76622d2796a4e

          Download Submit

        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
          Filesize

          48KB

          MD5

          3094a694adb5f0e929fb51ef7f42a162

          SHA1

          449a39d4da4ba03cfbf1cc862613aba535971b32

          SHA256

          3f08d39a2f4517daf28e79e522f5289f6ffc69d97ef6dd730a2569018a17527b

          SHA512

          132aa1aeb94b7fb8a88ea7ffaabb5fcc7be4f3f6da9ad399c0d35d7ddb6b052456de0a9b3fd78358b69f4d3a6f79376626d8c13a723b1e1d7327c8490b79a9c0

          Download Submit

        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
          Filesize

          48KB

          MD5

          46933e0e2f89b839c7d8208f8ddb4d22

          SHA1

          d2d091dc6463e69e3bf07b9bf2b1a992ea786ba9

          SHA256

          914b50f2a7dfcc739370709c4e67301d88f031c9427e29b28af13ad87309754e

          SHA512

          fa15ae2bd411f046f4bc860a96d35a74f9709fa5c9f2379b9ed26660f4b1f23264ec1435b0ef4e985800965184f050c340c69f04ec9ee66507eb591ece0642ba

          Download Submit

        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates.zip
          Filesize

          2.8MB

          MD5

          19873920e6979231111e46dd7499f174

          SHA1

          02141edab9cb1332950818e4f70adf5af4a8885b

          SHA256

          5e63eca0e9b28edf89b1243cbe91d0581ec54312f9cefe24f2d503cdde53bffc

          SHA512

          76f7ef080d0fefe0495ad97cc98e83daee63eba76de5440491dcaa388c8ebe3098babfe6293bae4c18bdaed981f2da3d79c66258820c206e554da882cb3917e4

          Download Submit

        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement.zip
          Filesize

          2.6MB

          MD5

          87e0691d3b8dcb446aff3c1a43bf53f1

          SHA1

          572385f4de28c78487811fc20dbb1ddb95dd7d49

          SHA256

          3e9f7558b5671e5125da7c6c1975e49c907df16518d899afa7fb111526b2da3e

          SHA512

          70d8184657e4172c64d6d876d2c99553a8bfed0ba5f25c3f5ad3a381d509a4c6f75bb95f1973b91d3b2e387d7af615acc2930a23842ee90180b5eccaaf74fdd9

          Download Submit

        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller.zip
          Filesize

          1.1MB

          MD5

          6c6f85e896655a6eb726482f04c49086

          SHA1

          2e0c55cd4894117428b34d21a1d53738fce4b02c

          SHA256

          e109400a93fede90201bbf37c1868c789888bce9d03a4ae5b46c48599939c34e

          SHA512

          b58303c149deffc9e374d5ba42a8a73b7ce890d35f9589fe0b09acec541a21d589d49fa5086b965277fa22dfe308357505124f13a6ff1e0de415ebc40ce61e15

          Download Submit

        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote.zip
          Filesize

          334KB

          MD5

          e27812c62b44d50108046aed9727ca73

          SHA1

          8b8b8b6d7408f90276d316c6ee87c8c3d4709d60

          SHA256

          9ebc30153a86eed1f8785709b941b6141aea67f7e2483cbf2abbee556e873203

          SHA512

          89636345624539c81394694f3acfc308ed97a5331abf1035e4ac983dbac18414151d6346171ca7fb0fecd1a53f16e0a7b66ceaaf9736c30475b1ce98a0d2d402

          Download Submit

        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools.zip
          Filesize

          623KB

          MD5

          767d5dd4ad2d6a3e0ff3e45db47a9657

          SHA1

          982a2af2c94ae33cfb240a30a1c6433e5e5689df

          SHA256

          156218f309caf003096cb28c2ffcd74a0989e4fd0207e485a3292a4d8d1c48ed

          SHA512

          e8104b3622bf07059131f3f0a8dc9ea44c7b0e32213f534aeae229f000b01425b72955197dc776f1b5750fae2beaae888a2ea1d62b1630d3fc5d79b4c57317d2

          Download Submit

        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.ini
          Filesize

          12B

          MD5

          b1de0ef19266a86b8f7a2bcd03ecd23b

          SHA1

          ab91c344bfecef0cdb73119d4c5c72baa8cd21e7

          SHA256

          50578eb887b529fb77afaa4f3a888eca57e2d640f4789bbee470f1eff04deb7f

          SHA512

          656c69ff2c62f2704ac409aa3b04cb78b9767fe908bd0be4c6977a469b68d7c5f83b786ee915becf5244e70892a48a92b9d0ca9a767ea329b63a6ead98f9f274

          Download Submit

        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing.zip
          Filesize

          3.1MB

          MD5

          b839d30f8183b3b4f2cdee659c675f7b

          SHA1

          fa25990ccd7456f679fac2a97a7bd5010f27e4df

          SHA256

          d7e6ac84b1533fd85c9394b1c37e14a49c0040647511783cff0ebf0b3aaa5a6a

          SHA512

          5f0af1aec2c5a76b87482bf7512fb504e8e94a4ed99cbb47eb69bfd4d4b82424d2fbbce790cc1e95b92a71b35adf61d1257e1375e95441784b509301ddbbecb9

          Download Submit

        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent.zip
          Filesize

          568KB

          MD5

          8c3a8b04727329ae1b41873e81f360ed

          SHA1

          ef4647dab3a94ef49769fc35ded7c9dd2e506a8f

          SHA256

          ef5e5d94d5eacdcede92fb99fc3439edd44fe53e352abe058fbb46e43066ab6d

          SHA512

          a47d96a9c97c6c6a5972182c5797c0b1b6a15b9dc7017cfe7798061540c5c686426473ba502b2949d0aa16547d92758e735bcf8cda1c09a0326b14479239a6bb

          Download Submit

        • C:\ProgramData\chocolatey\config\chocolatey.config
          Filesize

          809B

          MD5

          8b6737800745d3b99886d013b3392ac3

          SHA1

          bb94da3f294922d9e8d31879f2d145586a182e19

          SHA256

          86f10504ca147d13a157944f926141fe164a89fa8a71847458bda7102abb6594

          SHA512

          654dda9b645b4900ac6e5bb226494921194dab7de71d75806f645d9b94ed820055914073ef9a5407e468089c0b2ee4d021f03c2ea61e73889b553895e79713df

          Download Submit

        • C:\ProgramData\chocolatey\logs\chocolatey.log
          Filesize

          12KB

          MD5

          ac395cb086bb2c65ee176d4e3e7fd95c

          SHA1

          db70f7ba51336f85dbc254fc9040ecbf04a873b2

          SHA256

          1c8d953aff18879e259bddea85b780411929bfa0a85fd0d03585d3f60e21622f

          SHA512

          0c56aa29fc5061fe7754fd4f9109480360699874343d84be2284cec7f3ac8f1946894f67d3cb00fdb3add775cea427d5f366d136e3d3e7a6a8bd96901ec13a85

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
          Filesize

          471B

          MD5

          20069500756a1a645a477c9e9d57e4d0

          SHA1

          7d5d14a9feec763954a936318f1d9890b728622a

          SHA256

          0b9c59cbdac33da5e2b39a0be1bf9d5861e0188c0442cf300fcdc70cbf9a3cb7

          SHA512

          29ee4033c4552dde83f70d5038593efb9eb5f1afd19edbf003d3996f0615552189f9f9d08ad36628a0da1e82a10efc82233f543a0bc4d622923632228854f91a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
          Filesize

          727B

          MD5

          b92aa610f8c73ca117e1d577a237542a

          SHA1

          e68b161005cc00daba683e3fecfdc20162619e3e

          SHA256

          84acb90a50b5e306d45da36c0f242e0614b4a7b376253895b5af76da64ddb782

          SHA512

          3fa3aa2d085a87da60d05a5986126d942cf82725681dc06fe611a8e0f4e6984984feb40b1ba60f8ba4b9f88fac370ae75f6da5e194e4d0315e163ec8428f7056

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
          Filesize

          727B

          MD5

          c210f6689aca680446c0d8ecdef2e46b

          SHA1

          66cba496d984f92fed05f77101c45734f193e211

          SHA256

          8f8540c24fcc6ddfddbcabf8f028f8052addf41601d5226ffe378a6e7d4caf5d

          SHA512

          9c62a6b2a129a50e2094566d88acd7c25ee29600ed1596e6972f684edd48d11366605dca0d90133d489b51eb38bbb6c1a5ad68d0ec9f81c8d23055d03e9540b3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
          Filesize

          400B

          MD5

          811cb1d6206917ab59bb2c493cdbaaf6

          SHA1

          80d7799b60f21a07b951c54b5dc3dc500e802ff4

          SHA256

          292d7d79e7a20c1904b668b5b35e13c726b004f12992bc9ab6fda3998e1b6ed9

          SHA512

          7c8d02e413845ec38beeb7ad2f0311801ff35c4080e57fce864d5ba7c50bf61af1c20a66acd6f7d38ff6f966a2185ee8ab291c03783a5f5bc6cc5be411bf5940

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
          Filesize

          404B

          MD5

          e82181bcb49319b9bed1d2812062a00b

          SHA1

          93001214e930cc0309cae585633e3cb3d86088b0

          SHA256

          51d2cce4c891eb307a2d45ba6bffbe666a9fd6786ca7a23d6c61f6d1b53bc4f9

          SHA512

          3a2932cbc7ac86aa013c89aa881526a63641002c676dc5930baa0de2167e35ab2dda5524ee7ac921a8cac232498f6d6590b13e59a771c76c2cdf003a9e1ad70b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
          Filesize

          412B

          MD5

          f9be9a0d4bf75d83e715d1eceebdb100

          SHA1

          42ecce3f86d4eabe79a1a61096cf1b69638a8e75

          SHA256

          614b5c6aba1a6e66c30c1f7a824340db9e12f31ae4a331d036c92079175cdbe3

          SHA512

          39c43bca609a4616d67cf19847bf4708bfde3df3b48b1e1442023ec396d04a163172a689f99553729f1adecc366de1f0827f6dac80e93dfaa903705e2296db1d

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log
          Filesize

          651B

          MD5

          9bbfe11735bac43a2ed1be18d0655fe2

          SHA1

          61141928bb248fd6e9cd5084a9db05a9b980fb3a

          SHA256

          549953bd4fc8acc868a9374ec684ebd9e7b23939adf551016f3433b642697b74

          SHA512

          a78c52b2ddc057dabf260eeb744b9f55eab3374ad96e1938a291d2b17f204a0d6e1aa02802de75f0b2cd6d156540d2ddee15e889b89d5e619207054df4c1d483

          Download Submit

        • C:\Windows\Installer\MSI5CD9.tmp-\System.Management.dll
          Filesize

          60KB

          MD5

          878e361c41c05c0519bfc72c7d6e141c

          SHA1

          432ef61862d3c7a95ab42df36a7caf27d08dc98f

          SHA256

          24de61b5cab2e3495fe8d817fb6e80094662846f976cf38997987270f8bbae40

          SHA512

          59a7cbb9224ee28a0f3d88e5f0c518b248768ff0013189c954a3012463e5c0ba63a7297497131c9c0306332646af935dd3a1acf0d3e4e449351c28ec9f1be1fa

          Download Submit

        • C:\Windows\Installer\MSIA8F2.tmp
          Filesize

          509KB

          MD5

          88d29734f37bdcffd202eafcdd082f9d

          SHA1

          823b40d05a1cab06b857ed87451bf683fdd56a5e

          SHA256

          87c97269e2b68898be87b884cd6a21880e6f15336b1194713e12a2db45f1dccf

          SHA512

          1343ed80dccf0fa4e7ae837b68926619d734bc52785b586a4f4102d205497d2715f951d9acacc8c3e5434a94837820493173040dc90fb7339a34b6f3ef0288d0

          Download Submit

        • C:\Windows\Installer\MSIA8F2.tmp-\AlphaControlAgentInstallation.dll
          Filesize

          25KB

          MD5

          aa1b9c5c685173fad2dabebeb3171f01

          SHA1

          ed756b1760e563ce888276ff248c734b7dd851fb

          SHA256

          e44a6582cd3f84f4255d3c230e0a2c284e0cffa0ca5e62e4d749e089555494c7

          SHA512

          d3bfb4bd7e7fdb7159fbfc14056067c813ce52cdd91e885bdaac36820b5385fb70077bf58ec434d31a5a48245eb62b6794794618c73fe7953f79a4fc26592334

          Download Submit

        • C:\Windows\Installer\MSIA8F2.tmp-\Microsoft.Deployment.WindowsInstaller.dll
          Filesize

          179KB

          MD5

          1a5caea6734fdd07caa514c3f3fb75da

          SHA1

          f070ac0d91bd337d7952abd1ddf19a737b94510c

          SHA256

          cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

          SHA512

          a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

          Download Submit

        • C:\Windows\Installer\MSIAC10.tmp-\CustomAction.config
          Filesize

          1KB

          MD5

          bc17e956cde8dd5425f2b2a68ed919f8

          SHA1

          5e3736331e9e2f6bf851e3355f31006ccd8caa99

          SHA256

          e4ff538599c2d8e898d7f90ccf74081192d5afa8040e6b6c180f3aa0f46ad2c5

          SHA512

          02090daf1d5226b33edaae80263431a7a5b35a2ece97f74f494cc138002211e71498d42c260395ed40aee8e4a40474b395690b8b24e4aee19f0231da7377a940

          Download Submit

        • C:\Windows\Installer\MSIAC10.tmp-\Newtonsoft.Json.dll
          Filesize

          695KB

          MD5

          715a1fbee4665e99e859eda667fe8034

          SHA1

          e13c6e4210043c4976dcdc447ea2b32854f70cc6

          SHA256

          c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

          SHA512

          bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

          Download Submit

        • C:\Windows\Installer\MSIB133.tmp
          Filesize

          211KB

          MD5

          a3ae5d86ecf38db9427359ea37a5f646

          SHA1

          eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

          SHA256

          c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

          SHA512

          96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

          Download Submit

        • C:\Windows\Installer\e57a875.msi
          Filesize

          2.9MB

          MD5

          305302b116cf1affd6662385b845fad7

          SHA1

          de4d88c3f376f749b21a8eeb572a80bc481637b0

          SHA256

          fab822cc1d5b10a959de748250badb0f1244964942814046b74c41b8887c8c00

          SHA512

          a43452440d5b37176bba6e61c5c58e33dcf881c08cd7275826e6213bb8a39efdff2def3e95770c41ce1445692d55cb8665c0fd00d77808ec99574ba17624725a

          Download Submit

        • C:\Windows\Temp\Tmp5445.tmp
          Filesize

          3KB

          MD5

          560af444a6a7faa0b0ca94dc16ca2a58

          SHA1

          df31453fafde354870a0a9a8ca50b18e284c32e4

          SHA256

          94739ca46676bd602a78671257fbfce39feaabc9664c6326bf4970a0108e3429

          SHA512

          7c853176c088d56a517e52c6687b6debf08f6f9726376720ade9d13fafc9be0ca72f0f2b35562a61ece653aeb789c838c60447f463b2bbe70c21bfc8c039b681

          Download Submit

        • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
          Filesize

          404B

          MD5

          dec7537cd01f9e6b551da9b3053dc9f9

          SHA1

          77664e8bdded9edb0b5e5a2d47dc9467d6516daa

          SHA256

          4084ac3c20041ace92105dbd016ad6651031cec263c362b694ea1c42d4ed8052

          SHA512

          1f4c0559201e287dc5ffb20b13b59bda72b8236eb6583c25cd4e25a9e9fc52c0e853f04f4841b304f3bfa519aac2ce8b2af99e7eb20c96387219de3fd1ec1f51

          Download Submit

        • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
          Filesize

          412B

          MD5

          78cfffeb2aecd93cca81e1b267eb84a6

          SHA1

          e391a24fcf92b6ebfa7870df27639c7ce12d9b76

          SHA256

          bedaedf76747be83e8b201844e8aefc7ee24dc19f9a567dea47187d5c6612566

          SHA512

          ab62cf626647caa3275ab079c419eab25d24c7f07ead55b19937118a8e6833294fc5d3f7ac0f0af25e48a31f6eb1541aef3c37f1916c539be6073334eca29635

          Download Submit

        • memory/1704-284-0x000002D542900000-0x000002D54292E000-memory.dmp

          Filesize

          184KB

          Download

        • memory/1800-110-0x0000000005150000-0x00000000051B6000-memory.dmp

          Filesize

          408KB

          Download

        • memory/2068-1049-0x000001034DD20000-0x000001034E248000-memory.dmp

          Filesize

          5.2MB

          Download

        • memory/2068-981-0x0000010334460000-0x000001033446A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2068-995-0x0000010334CA0000-0x0000010334CBA000-memory.dmp

          Filesize

          104KB

          Download

        • memory/2068-1026-0x000001034D630000-0x000001034D6E2000-memory.dmp

          Filesize

          712KB

          Download

        • memory/2252-449-0x0000015CD3540000-0x0000015CD3566000-memory.dmp

          Filesize

          152KB

          Download

        • memory/2344-39-0x0000000003180000-0x00000000031AE000-memory.dmp

          Filesize

          184KB

          Download

        • memory/2344-148-0x0000029B69A60000-0x0000029B69A88000-memory.dmp

          Filesize

          160KB

          Download

        • memory/2344-165-0x0000029B6BFA0000-0x0000029B6BFDC000-memory.dmp

          Filesize

          240KB

          Download

        • memory/2344-43-0x00000000031B0000-0x00000000031BC000-memory.dmp

          Filesize

          48KB

          Download

        • memory/2344-164-0x0000029B6B610000-0x0000029B6B622000-memory.dmp

          Filesize

          72KB

          Download

        • memory/2344-160-0x0000029B6C040000-0x0000029B6C0D8000-memory.dmp

          Filesize

          608KB

          Download

        • memory/2616-803-0x00000218A21A0000-0x00000218A2252000-memory.dmp

          Filesize

          712KB

          Download

        • memory/2616-750-0x0000021889820000-0x000002188983C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/2616-738-0x0000021888FE0000-0x0000021888FF0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2616-867-0x00000218A20E0000-0x00000218A2146000-memory.dmp

          Filesize

          408KB

          Download

        • memory/3680-820-0x000001325A420000-0x000001325A43C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/3680-905-0x0000013272DE0000-0x0000013272E92000-memory.dmp

          Filesize

          712KB

          Download

        • memory/3680-819-0x0000013259BD0000-0x0000013259BE0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3680-1036-0x000001325A4C0000-0x000001325A514000-memory.dmp

          Filesize

          336KB

          Download

        • memory/3728-289-0x0000029891150000-0x000002989116C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/3728-287-0x00000298A9900000-0x00000298A99B0000-memory.dmp

          Filesize

          704KB

          Download

        • memory/3824-79-0x0000000004A00000-0x0000000004A22000-memory.dmp

          Filesize

          136KB

          Download

        • memory/3824-80-0x0000000004B30000-0x0000000004E84000-memory.dmp

          Filesize

          3.3MB

          Download

        • memory/3824-76-0x0000000004A70000-0x0000000004B22000-memory.dmp

          Filesize

          712KB

          Download

        • memory/4192-201-0x00000200FAEE0000-0x00000200FAF92000-memory.dmp

          Filesize

          712KB

          Download

        • memory/4192-205-0x00000200FAE20000-0x00000200FAE42000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4192-241-0x00000200FB3E0000-0x00000200FB418000-memory.dmp

          Filesize

          224KB

          Download

        • memory/4488-354-0x000001FC5C720000-0x000001FC5C74A000-memory.dmp

          Filesize

          168KB

          Download

        • memory/4488-348-0x000001FC5C970000-0x000001FC5CA4C000-memory.dmp

          Filesize

          880KB

          Download

        • memory/4488-344-0x000001FC5C630000-0x000001FC5C67C000-memory.dmp

          Filesize

          304KB

          Download

        • memory/4488-346-0x000001FC43970000-0x000001FC43978000-memory.dmp

          Filesize

          32KB

          Download

        • memory/4488-345-0x000001FC5C680000-0x000001FC5C6C8000-memory.dmp

          Filesize

          288KB

          Download

        • memory/4488-347-0x000001FC439A0000-0x000001FC439AA000-memory.dmp

          Filesize

          40KB

          Download

        • memory/4488-352-0x000001FC5C6E0000-0x000001FC5C6E8000-memory.dmp

          Filesize

          32KB

          Download

        • memory/4488-353-0x000001FC5C890000-0x000001FC5C8F8000-memory.dmp

          Filesize

          416KB

          Download

        • memory/4628-341-0x0000019BEE5C0000-0x0000019BEE624000-memory.dmp

          Filesize

          400KB

          Download

        • memory/4628-342-0x0000019BEEEB0000-0x0000019BEEEFA000-memory.dmp

          Filesize

          296KB

          Download

        • memory/4628-343-0x0000019BEEE80000-0x0000019BEEE9C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/4628-355-0x0000019BEFC20000-0x0000019BEFC5A000-memory.dmp

          Filesize

          232KB

          Download

        • memory/4628-356-0x0000019BEF9D0000-0x0000019BEF9F6000-memory.dmp

          Filesize

          152KB

          Download

        • memory/4628-350-0x0000019BEEF40000-0x0000019BEEF48000-memory.dmp

          Filesize

          32KB

          Download

        • memory/4628-351-0x0000019BEF820000-0x0000019BEF828000-memory.dmp

          Filesize

          32KB

          Download

        • memory/4628-349-0x0000019BEFB60000-0x0000019BEFC12000-memory.dmp

          Filesize

          712KB

          Download

        • memory/4720-1395-0x000001EB75240000-0x000001EB75248000-memory.dmp

          Filesize

          32KB

          Download

        • memory/4720-484-0x000001EB74F20000-0x000001EB74F46000-memory.dmp

          Filesize

          152KB

          Download

        • memory/5136-1023-0x00000191A66E0000-0x00000191A66EC000-memory.dmp

          Filesize

          48KB

          Download

        • memory/5136-1028-0x00000191A6F70000-0x00000191A6FBA000-memory.dmp

          Filesize

          296KB

          Download

        • memory/5136-1128-0x00000191A7030000-0x00000191A704A000-memory.dmp

          Filesize

          104KB

          Download

        • memory/5136-1031-0x00000191A6B70000-0x00000191A6B8C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/5136-1045-0x00000191BFAB0000-0x00000191BFB60000-memory.dmp

          Filesize

          704KB

          Download

        • memory/5136-1058-0x00000191BFC40000-0x00000191BFD1C000-memory.dmp

          Filesize

          880KB

          Download

        • memory/5236-1281-0x00000000049F0000-0x0000000004D44000-memory.dmp

          Filesize

          3.3MB

          Download

        • memory/5336-894-0x00000135391D0000-0x000001353920A000-memory.dmp

          Filesize

          232KB

          Download

        • memory/5336-1186-0x0000013552330000-0x0000013552340000-memory.dmp

          Filesize

          64KB

          Download

        • memory/5336-1038-0x00000135522C0000-0x00000135522DC000-memory.dmp

          Filesize

          112KB

          Download

        • memory/5336-1041-0x0000013552350000-0x0000013552398000-memory.dmp

          Filesize

          288KB

          Download

        • memory/5336-1189-0x0000013553190000-0x00000135531B8000-memory.dmp

          Filesize

          160KB

          Download

        • memory/5336-1037-0x0000013552410000-0x00000135524C2000-memory.dmp

          Filesize

          712KB

          Download

        • memory/5432-941-0x0000021B6C780000-0x0000021B6C79C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/5432-1029-0x0000021B6D360000-0x0000021B6D412000-memory.dmp

          Filesize

          712KB

          Download

        • memory/5432-1021-0x0000021B6D280000-0x0000021B6D35C000-memory.dmp

          Filesize

          880KB

          Download

        • memory/5432-1034-0x0000021B6C7A0000-0x0000021B6C7A8000-memory.dmp

          Filesize

          32KB

          Download

        • memory/5432-870-0x0000021B6C7B0000-0x0000021B6C7FA000-memory.dmp

          Filesize

          296KB

          Download

        • memory/5432-822-0x0000021B6BF40000-0x0000021B6BF50000-memory.dmp

          Filesize

          64KB

          Download

        • memory/5464-1046-0x00000190F6DC0000-0x00000190F6E72000-memory.dmp

          Filesize

          712KB

          Download

        • memory/5464-1025-0x00000190F59B0000-0x00000190F59C2000-memory.dmp

          Filesize

          72KB

          Download

        • memory/5464-1050-0x00000190F6F60000-0x00000190F703C000-memory.dmp

          Filesize

          880KB

          Download

        • memory/5464-1033-0x00000190F5E70000-0x00000190F5E8C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/5464-1130-0x00000190F6450000-0x00000190F646A000-memory.dmp

          Filesize

          104KB

          Download

        • memory/5464-1030-0x00000190F5EA0000-0x00000190F5EEA000-memory.dmp

          Filesize

          296KB

          Download

        • memory/5648-1024-0x0000028A37EB0000-0x0000028A37EC0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/5648-1133-0x0000028A51DF0000-0x0000028A51E66000-memory.dmp

          Filesize

          472KB

          Download

        • memory/5648-1048-0x0000028A38790000-0x0000028A387D6000-memory.dmp

          Filesize

          280KB

          Download

        • memory/5648-1032-0x0000028A51090000-0x0000028A51142000-memory.dmp

          Filesize

          712KB

          Download

        • memory/5648-1132-0x0000028A51D20000-0x0000028A51D70000-memory.dmp

          Filesize

          320KB

          Download

        • memory/5648-1047-0x0000028A52230000-0x0000028A5288C000-memory.dmp

          Filesize

          6.4MB

          Download

        • memory/5648-1027-0x0000028A38330000-0x0000028A38340000-memory.dmp

          Filesize

          64KB

          Download

        • memory/5648-1035-0x0000028A38720000-0x0000028A3873C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/5648-1134-0x0000028A38870000-0x0000028A3888E000-memory.dmp

          Filesize

          120KB

          Download

        • memory/5656-856-0x0000017A21FB0000-0x0000017A21FBC000-memory.dmp

          Filesize

          48KB

          Download

        • memory/5656-903-0x0000017A22470000-0x0000017A22488000-memory.dmp

          Filesize

          96KB

          Download

        • memory/5656-961-0x0000017A22940000-0x0000017A2295C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/5656-938-0x0000017A3B180000-0x0000017A3B232000-memory.dmp

          Filesize

          712KB

          Download

        • memory/6004-1019-0x0000022A287C0000-0x0000022A287DC000-memory.dmp

          Filesize

          112KB

          Download

        • memory/6004-977-0x0000022A41100000-0x0000022A411B2000-memory.dmp

          Filesize

          712KB

          Download

        • memory/6004-937-0x0000022A27F60000-0x0000022A27F76000-memory.dmp

          Filesize

          88KB

          Download

        • memory/6100-940-0x00000210F6390000-0x00000210F63C4000-memory.dmp

          Filesize

          208KB

          Download

        • memory/6100-978-0x00000210F6C70000-0x00000210F6CBA000-memory.dmp

          Filesize

          296KB

          Download

        • memory/6100-1022-0x00000210F6E40000-0x00000210F6E8A000-memory.dmp

          Filesize

          296KB

          Download

        • memory/6100-994-0x00000210F6C20000-0x00000210F6C2A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/6100-993-0x00000210F6C40000-0x00000210F6C58000-memory.dmp

          Filesize

          96KB

          Download

        • memory/6100-992-0x00000210F6790000-0x00000210F67AC000-memory.dmp

          Filesize

          112KB

          Download

        • memory/6100-1044-0x00000210F78C0000-0x00000210F799C000-memory.dmp

          Filesize

          880KB

          Download

        • memory/6100-1042-0x00000210F7720000-0x00000210F77D2000-memory.dmp

          Filesize

          712KB

          Download