Analysis

  • max time kernel
    150s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    24-09-2024 16:01

General

  • Target

    file.exe

  • Size

    1.8MB

  • MD5

    749bd6bf56a6d0ad6a8a4e5712377555

  • SHA1

    6e4ff640a527ed497505c402d1e7bdb26f3dd472

  • SHA256

    e6148c7e8cec3a4565e97a139d2b09dbdf2f30460054fa168624fdc1050421d3

  • SHA512

    250f1825f5d2577124606818a8c370bb862d74dfebddd8c25ec2b43448626b583e166e101f65ebe12b66b8767af7ad75a8d9f5a3afd4e10f4dd3e6239efe9a7d

  • SSDEEP

    49152:UkQletNpj4NmwF1tBE6BAfTm9k9MJsuAfChboFtcZo:UFletXjoD1tBEc90XCo6Zo

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

group

C2

http://94.131.119.184:443/agent.ashx

Attributes
  • mesh_id

    0x1BB80B7BD3F37219BF6F79BEE0A08A00B90168972309CA4BFD812814A9F980439E71B51CC08CC59D904B5AED18647DD0

  • server_id

    B13800B3094163CC81EA68335E6D9A9B98350B3D697F92D49A06C6ADC9519150B766816EBC90ED105D4749F3F47F60B6

  • wss

    wss://94.131.119.184:443/agent.ashx

Signatures

  • Detects MeshAgent payload 1 IoCs
  • MeshAgent

    MeshAgent is an open source remote access trojan written in C++.

  • Sets service image path in registry 2 TTPs 1 IoCs
  • Executes dropped EXE 12 IoCs
  • Loads dropped DLL 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in Program Files directory 26 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies data under HKEY_USERS 30 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2288
    • C:\Users\Admin\AppData\Roaming\MSIX\meshagent32-group.exe
      "C:\Users\Admin\AppData\Roaming\MSIX\meshagent32-group.exe" -fullinstall
      2⤵
      • Sets service image path in registry
      • Executes dropped EXE
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      PID:2400
  • C:\Program Files (x86)\Mesh Agent\MeshAgent.exe
    "C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"
    1⤵
    • Executes dropped EXE
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies data under HKEY_USERS
    • Suspicious use of WriteProcessMemory
    PID:1064
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic SystemEnclosure get ChassisTypes
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:2576
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic os get oslanguage /FORMAT:LIST
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      PID:2744
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      PID:3020
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic os get oslanguage /FORMAT:LIST
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2648
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic SystemEnclosure get ChassisTypes
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies data under HKEY_USERS
      PID:2556
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2656
  • C:\Program Files (x86)\Mesh Agent\MeshAgent.exe
    "C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"
    1⤵
    • Executes dropped EXE
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies data under HKEY_USERS
    • Suspicious use of WriteProcessMemory
    PID:2244
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic SystemEnclosure get ChassisTypes
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies data under HKEY_USERS
      PID:1992
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic os get oslanguage /FORMAT:LIST
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1972
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1924
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic SystemEnclosure get ChassisTypes
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies data under HKEY_USERS
      PID:2704
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2932
  • C:\Program Files (x86)\Mesh Agent\MeshAgent.exe
    "C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"
    1⤵
    • Executes dropped EXE
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies data under HKEY_USERS
    • Suspicious use of WriteProcessMemory
    PID:1444
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic SystemEnclosure get ChassisTypes
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies data under HKEY_USERS
      PID:608
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic os get oslanguage /FORMAT:LIST
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1372
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2160
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic SystemEnclosure get ChassisTypes
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies data under HKEY_USERS
      PID:344
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:876
  • C:\Program Files (x86)\Mesh Agent\MeshAgent.exe
    "C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"
    1⤵
    • Executes dropped EXE
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies data under HKEY_USERS
    PID:2080
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic SystemEnclosure get ChassisTypes
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies data under HKEY_USERS
      PID:1732
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic os get oslanguage /FORMAT:LIST
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2724
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2608
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic SystemEnclosure get ChassisTypes
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies data under HKEY_USERS
      PID:2488
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2508
  • C:\Program Files (x86)\Mesh Agent\MeshAgent.exe
    "C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"
    1⤵
    • Executes dropped EXE
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies data under HKEY_USERS
    PID:2604
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic SystemEnclosure get ChassisTypes
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies data under HKEY_USERS
      PID:2656
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic os get oslanguage /FORMAT:LIST
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2312
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2284
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic SystemEnclosure get ChassisTypes
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies data under HKEY_USERS
      PID:2384
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1908
  • C:\Program Files (x86)\Mesh Agent\MeshAgent.exe
    "C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"
    1⤵
    • Executes dropped EXE
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies data under HKEY_USERS
    PID:2832
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic SystemEnclosure get ChassisTypes
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies data under HKEY_USERS
      PID:2820
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic os get oslanguage /FORMAT:LIST
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1692
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2060
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic os get oslanguage /FORMAT:LIST
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1148
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic SystemEnclosure get ChassisTypes
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies data under HKEY_USERS
      PID:1040
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1612
  • C:\Program Files (x86)\Mesh Agent\MeshAgent.exe
    "C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"
    1⤵
    • Executes dropped EXE
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies data under HKEY_USERS
    PID:2092
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic SystemEnclosure get ChassisTypes
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies data under HKEY_USERS
      PID:496
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic os get oslanguage /FORMAT:LIST
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2440
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2260
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic os get oslanguage /FORMAT:LIST
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2612
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic SystemEnclosure get ChassisTypes
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies data under HKEY_USERS
      PID:2252
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2492
  • C:\Program Files (x86)\Mesh Agent\MeshAgent.exe
    "C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"
    1⤵
    • Executes dropped EXE
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies data under HKEY_USERS
    PID:2564
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic SystemEnclosure get ChassisTypes
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies data under HKEY_USERS
      PID:1412
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic os get oslanguage /FORMAT:LIST
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2444
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1748
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic SystemEnclosure get ChassisTypes
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies data under HKEY_USERS
      PID:2704
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1788
  • C:\Program Files (x86)\Mesh Agent\MeshAgent.exe
    "C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"
    1⤵
    • Executes dropped EXE
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies data under HKEY_USERS
    PID:608
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic SystemEnclosure get ChassisTypes
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies data under HKEY_USERS
      PID:2276
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic os get oslanguage /FORMAT:LIST
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1976
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"
      2⤵
        PID:2152
      • C:\Windows\SysWOW64\wbem\wmic.exe
        wmic SystemEnclosure get ChassisTypes
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies data under HKEY_USERS
        PID:876
      • C:\Windows\SysWOW64\wbem\wmic.exe
        wmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"
        2⤵
          PID:1988
      • C:\Program Files (x86)\Mesh Agent\MeshAgent.exe
        "C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"
        1⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Modifies data under HKEY_USERS
        PID:3012
        • C:\Windows\SysWOW64\wbem\wmic.exe
          wmic SystemEnclosure get ChassisTypes
          2⤵
          • System Location Discovery: System Language Discovery
          • Modifies data under HKEY_USERS
          PID:2636
        • C:\Windows\SysWOW64\wbem\wmic.exe
          wmic os get oslanguage /FORMAT:LIST
          2⤵
          • System Location Discovery: System Language Discovery
          PID:2720
        • C:\Windows\SysWOW64\wbem\wmic.exe
          wmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"
          2⤵
          • System Location Discovery: System Language Discovery
          PID:2508
        • C:\Windows\SysWOW64\wbem\wmic.exe
          wmic SystemEnclosure get ChassisTypes
          2⤵
          • System Location Discovery: System Language Discovery
          • Modifies data under HKEY_USERS
          PID:2124
        • C:\Windows\SysWOW64\wbem\wmic.exe
          wmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"
          2⤵
          • System Location Discovery: System Language Discovery
          PID:2860
      • C:\Program Files (x86)\Mesh Agent\MeshAgent.exe
        "C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"
        1⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        PID:2956

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Mesh Agent\MeshAgent.db

        Filesize

        271KB

        MD5

        348c5f72992e31da054603543e219f3b

        SHA1

        f6ad1c29868b68ded109493c550840db640ef3d9

        SHA256

        305a0fe57d6695ce743ddf25bc893a69e2c066dafd18072cb111643bc3b13ca2

        SHA512

        6d43b1267dd711e9a6a0a8f5d37548ca6e7516576662e8e28c5484b05890dfd421abbd80dec44cca02d91bab529118fc17db4278df763b641cd18c6f06be9884

      • C:\Program Files (x86)\Mesh Agent\MeshAgent.db

        Filesize

        388KB

        MD5

        3f9a5667777ccec0a3167f0cd7f2d835

        SHA1

        9e8779f9f43cf012585f3b6a27a2174d540af5cd

        SHA256

        526174bc641929f0d286a56b204bb07b45545e0250e6230fbdefd7801ee15e5b

        SHA512

        d0203528baec6a1f0c34a80892ae270bcf6970f7e05e0c78eaeeab1aa4219994bcccda17ccfdd77a303b470834d805cc530071e640945e1a3bc48e0715058575

      • C:\Program Files (x86)\Mesh Agent\MeshAgent.db

        Filesize

        153KB

        MD5

        4bed07e5f457379e6ab615116df7b91a

        SHA1

        c353276095ee7cfb6285a3c3491a41909945fd7b

        SHA256

        4e183e610bb0f400cb1ab8056137a22d5a2685ff8d3d897a12f97da429cf341d

        SHA512

        56fbad4161e14de305da82798c4b11f1ea1ae4b0b589fb22af0bac677e19a9ece7e3a43db6c33a26559249b79f5174a250ae317323ae09f0bb2710a12c71398f

      • C:\Program Files (x86)\Mesh Agent\MeshAgent.log

        Filesize

        1KB

        MD5

        e5514bffaba763239b342a2b504ef383

        SHA1

        8ba60fad918bf7a0c6e4660faf098c7e65603b29

        SHA256

        c0185ec7735c0056a19bd4d8caa2f51922e72767736f65e33017540afe851f6a

        SHA512

        dfdcabf2ac4a763da03af53048e155d5b81cc26132fd4a0b31511133ddd04adff08270670f1a351fefd13b13b4419550d0e2195ea0695f37aa67f145c981865d

      • C:\Program Files (x86)\Mesh Agent\MeshAgent.log

        Filesize

        1KB

        MD5

        5efb57d61a79fa1eebd08d201a6c5745

        SHA1

        6c1ae4f45dce03eaf5ca04902b97518fef30ae7f

        SHA256

        7d0f715671bff0176f031c096843bf1cbe1888b90598b9cf714671e7a667d062

        SHA512

        bf8451b5c9af92c3d711d5e546518e83dc2502b53d59420b3f22f19410ac9eb0f091ae1339af39c982b8ac09296a67449bc4567cb01c2609829623bc5617ebc2

      • C:\Program Files (x86)\Mesh Agent\MeshAgent.log

        Filesize

        1KB

        MD5

        9a1b453580443bacdf4adc98ee4ac3b3

        SHA1

        7e40f97583557609df302954208d0fdd4b33ba7f

        SHA256

        8641d799bb7e7240c927d1230472a00521d741e3eca1f98df6f0c4fb47a5daa2

        SHA512

        ea82e6a32c3711510b9ce249f1b69d04e0a0a0d62eeeed015508c3686917c3995ad12325ab1af3ad45bfef27ee385b7a3e1ca5da238ccceda4497654af418e12

      • C:\Program Files (x86)\Mesh Agent\MeshAgent.log

        Filesize

        1KB

        MD5

        bef4964bfd22155f66409cd14fabb5ce

        SHA1

        2dff4e38f5d69d148a50524703b4036e8804408f

        SHA256

        9c671c8d8481ba57203fe4becc687f46e410ec138a0d0189827e69b5b3f94ff8

        SHA512

        0a8798127fadd3d3e0f34d276e60af874307a8ba143ce4bb8a9e2ef6e84814d11858ac7be4d40e68b3cf693045893b73b7bc7a5e9c806fb4a4d5cb9742af3e88

      • C:\Program Files (x86)\Mesh Agent\MeshAgent.log

        Filesize

        1KB

        MD5

        4fc1ab0739c03e627bd78f302f17502d

        SHA1

        295db7bf4d9939ae44d1f0ce5b2f47f9133c219a

        SHA256

        9239410d07a0ee8ae333082f33011832c15ee6d8fe94a141cf7d4180a390f55d

        SHA512

        efb82641d61620536acf29cac79761de90485605a7631d2aeca45e8bfab2a6432de9f8206e815096aa39f5c07a9be05fc6570a8625a71726d79e01be22eb7664

      • C:\Program Files (x86)\Mesh Agent\MeshAgent.log

        Filesize

        1KB

        MD5

        554193c12f8b71d7fbb4be2360863932

        SHA1

        fd40a860b06a643d227318cd414c4d496f3e7ffa

        SHA256

        d6a8c4a3c18a7072d1b5d02f9b4039f9b6c7f1dee8ca366e7cf314c1bf3cf6a3

        SHA512

        2109606d0dcb8361d1874683d10d6039841de59a2bb3dea84aa6386d21866e10adbe2e2c78dfacfade7d29c8db9ed193a3149dba8a72eb6a435f6abfec351b6b

      • C:\Program Files (x86)\Mesh Agent\MeshAgent.log

        Filesize

        1KB

        MD5

        f0ffe7949d0bfc1218aa809e867a11d1

        SHA1

        6c8c454c7d352f83bb64771273682d76a7818818

        SHA256

        5e5552b6e45e61ebdd874dec40f9e48eec4a0111d06d5c0a642a251f0e61d94f

        SHA512

        454811607b0672b8190545a6c41cff0fda209781b5ffd31c1dccdbfabbea94427da69d3394b49ed1c3ae999eb9948af5e9ed99039c3fb97abc2d6d2ddc17f31c

      • C:\Program Files (x86)\Mesh Agent\MeshAgent.log

        Filesize

        703B

        MD5

        323bab9b012486dece4228de73a077b2

        SHA1

        45eab7b96b084434caa04a8d45d3712455e96e01

        SHA256

        e16808c984e1b2a42b43cd462639930e67690de347d1f8d60641a5c03ad9f085

        SHA512

        b6cb02f9879529ac953f0e6722b98455fc2101e7b149568e488ddc9a5ab4fd5d459b1c856c509d6221bca6ddedcd173f8234245e78915f4c533473027ed9b755

      • C:\Program Files (x86)\Mesh Agent\MeshAgent.log

        Filesize

        870B

        MD5

        aa1e11a623b3556bd8a90e9b511b9071

        SHA1

        39c8bf66cba6c4ae0d475c16e0fb2eec34decf20

        SHA256

        61de4b3949801c08d892e5519ff17784e66dc6463cf120fb8981ab4c63ef34dc

        SHA512

        827275aaed4d26e874b99d4a0f804daf3cb1b2d0af0526842d453aefbe3d87dbc4ecc2fc83e1e7576f119fb11325520d4360f3c03b070a0addac4443de5e521c

      • C:\Program Files (x86)\Mesh Agent\MeshAgent.msh

        Filesize

        31KB

        MD5

        90c4989cf99b9f357020a7e07a977eea

        SHA1

        7e0d44a99412713401a00502fe85c2877064daa4

        SHA256

        4f1fdf000e1d59f66dc3c37d3de736145a2ee07bb486894b131406bc01272902

        SHA512

        b627eff21c9506704208e343d7e80a26f64057fa8b00265b74eb0a8f33ab1f082fd43a54bf35b25f40b63aaf44c1f8ca7c0b319028565fdf558cf72f52de241d

      • \Users\Admin\AppData\Roaming\MSIX\meshagent32-group.exe

        Filesize

        3.7MB

        MD5

        e8bd5c14b8301039e7538298d26cf09b

        SHA1

        4702252fef2156b59ad61f1f397b205323b339c4

        SHA256

        f32426d0fc71a3a054f0fe263133aabeb25c9d7d129238cfcfc0c1a40854c67e

        SHA512

        7108e6379e9e2698dbac52549b5fc81d7b3c5bb02d4d3574b7be9e8ab9f6f473513e651c1ce0809d74273f02e837c36032666f739c05b71fa732899360b77cee