Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    25-09-2024 02:43

General

  • Target

    e6148c7e8cec3a4565e97a139d2b09dbdf2f30460054fa168624fdc1050421d3.exe

  • Size

    1.8MB

  • MD5

    749bd6bf56a6d0ad6a8a4e5712377555

  • SHA1

    6e4ff640a527ed497505c402d1e7bdb26f3dd472

  • SHA256

    e6148c7e8cec3a4565e97a139d2b09dbdf2f30460054fa168624fdc1050421d3

  • SHA512

    250f1825f5d2577124606818a8c370bb862d74dfebddd8c25ec2b43448626b583e166e101f65ebe12b66b8767af7ad75a8d9f5a3afd4e10f4dd3e6239efe9a7d

  • SSDEEP

    49152:UkQletNpj4NmwF1tBE6BAfTm9k9MJsuAfChboFtcZo:UFletXjoD1tBEc90XCo6Zo

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

group

C2

http://94.131.119.184:443/agent.ashx

Attributes
  • mesh_id

    0x1BB80B7BD3F37219BF6F79BEE0A08A00B90168972309CA4BFD812814A9F980439E71B51CC08CC59D904B5AED18647DD0

  • server_id

    B13800B3094163CC81EA68335E6D9A9B98350B3D697F92D49A06C6ADC9519150B766816EBC90ED105D4749F3F47F60B6

  • wss

    wss://94.131.119.184:443/agent.ashx

Signatures

  • Detects MeshAgent payload 1 IoCs
  • MeshAgent

    MeshAgent is an open source remote access trojan written in C++.

  • Sets service image path in registry 2 TTPs 1 IoCs
  • Executes dropped EXE 13 IoCs
  • Loads dropped DLL 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in Program Files directory 28 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies data under HKEY_USERS 35 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e6148c7e8cec3a4565e97a139d2b09dbdf2f30460054fa168624fdc1050421d3.exe
    "C:\Users\Admin\AppData\Local\Temp\e6148c7e8cec3a4565e97a139d2b09dbdf2f30460054fa168624fdc1050421d3.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2856
    • C:\Users\Admin\AppData\Roaming\MSIX\meshagent32-group.exe
      "C:\Users\Admin\AppData\Roaming\MSIX\meshagent32-group.exe" -fullinstall
      2⤵
      • Sets service image path in registry
      • Executes dropped EXE
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      PID:2632
  • C:\Program Files (x86)\Mesh Agent\MeshAgent.exe
    "C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"
    1⤵
    • Executes dropped EXE
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies data under HKEY_USERS
    • Suspicious use of WriteProcessMemory
    PID:2780
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic SystemEnclosure get ChassisTypes
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:2648
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic os get oslanguage /FORMAT:LIST
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      PID:1908
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      PID:1084
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic os get oslanguage /FORMAT:LIST
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2096
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic SystemEnclosure get ChassisTypes
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies data under HKEY_USERS
      PID:2904
    • C:\Windows\SysWOW64\wbem\wmic.exe
      wmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"
      2⤵
        PID:2772
    • C:\Program Files (x86)\Mesh Agent\MeshAgent.exe
      "C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"
      1⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Modifies data under HKEY_USERS
      • Suspicious use of WriteProcessMemory
      PID:1948
      • C:\Windows\SysWOW64\wbem\wmic.exe
        wmic SystemEnclosure get ChassisTypes
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies data under HKEY_USERS
        PID:1448
      • C:\Windows\SysWOW64\wbem\wmic.exe
        wmic os get oslanguage /FORMAT:LIST
        2⤵
        • System Location Discovery: System Language Discovery
        PID:2176
      • C:\Windows\SysWOW64\wbem\wmic.exe
        wmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"
        2⤵
        • System Location Discovery: System Language Discovery
        PID:2172
      • C:\Windows\SysWOW64\wbem\wmic.exe
        wmic SystemEnclosure get ChassisTypes
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies data under HKEY_USERS
        PID:2144
      • C:\Windows\SysWOW64\wbem\wmic.exe
        wmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"
        2⤵
        • System Location Discovery: System Language Discovery
        PID:2156
    • C:\Program Files (x86)\Mesh Agent\MeshAgent.exe
      "C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"
      1⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Modifies data under HKEY_USERS
      • Suspicious use of WriteProcessMemory
      PID:1724
      • C:\Windows\SysWOW64\wbem\wmic.exe
        wmic SystemEnclosure get ChassisTypes
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies data under HKEY_USERS
        PID:1688
      • C:\Windows\SysWOW64\wbem\wmic.exe
        wmic os get oslanguage /FORMAT:LIST
        2⤵
        • System Location Discovery: System Language Discovery
        PID:1972
      • C:\Windows\SysWOW64\wbem\wmic.exe
        wmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"
        2⤵
        • System Location Discovery: System Language Discovery
        PID:760
      • C:\Windows\SysWOW64\wbem\wmic.exe
        wmic SystemEnclosure get ChassisTypes
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies data under HKEY_USERS
        PID:696
      • C:\Windows\SysWOW64\wbem\wmic.exe
        wmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"
        2⤵
          PID:1432
      • C:\Program Files (x86)\Mesh Agent\MeshAgent.exe
        "C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"
        1⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Modifies data under HKEY_USERS
        PID:2668
        • C:\Windows\SysWOW64\wbem\wmic.exe
          wmic SystemEnclosure get ChassisTypes
          2⤵
          • Modifies data under HKEY_USERS
          PID:2836
        • C:\Windows\SysWOW64\wbem\wmic.exe
          wmic os get oslanguage /FORMAT:LIST
          2⤵
          • System Location Discovery: System Language Discovery
          PID:2540
        • C:\Windows\SysWOW64\wbem\wmic.exe
          wmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"
          2⤵
          • System Location Discovery: System Language Discovery
          PID:1224
        • C:\Windows\SysWOW64\wbem\wmic.exe
          wmic SystemEnclosure get ChassisTypes
          2⤵
          • System Location Discovery: System Language Discovery
          • Modifies data under HKEY_USERS
          PID:1600
        • C:\Windows\SysWOW64\wbem\wmic.exe
          wmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"
          2⤵
          • System Location Discovery: System Language Discovery
          PID:2624
      • C:\Program Files (x86)\Mesh Agent\MeshAgent.exe
        "C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"
        1⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Modifies data under HKEY_USERS
        PID:2708
        • C:\Windows\SysWOW64\wbem\wmic.exe
          wmic SystemEnclosure get ChassisTypes
          2⤵
          • System Location Discovery: System Language Discovery
          • Modifies data under HKEY_USERS
          PID:2932
        • C:\Windows\SysWOW64\wbem\wmic.exe
          wmic os get oslanguage /FORMAT:LIST
          2⤵
          • System Location Discovery: System Language Discovery
          PID:2604
        • C:\Windows\SysWOW64\wbem\wmic.exe
          wmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"
          2⤵
          • System Location Discovery: System Language Discovery
          PID:1680
        • C:\Windows\SysWOW64\wbem\wmic.exe
          wmic SystemEnclosure get ChassisTypes
          2⤵
          • System Location Discovery: System Language Discovery
          • Modifies data under HKEY_USERS
          PID:2336
        • C:\Windows\SysWOW64\wbem\wmic.exe
          wmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"
          2⤵
          • System Location Discovery: System Language Discovery
          PID:2172
      • C:\Program Files (x86)\Mesh Agent\MeshAgent.exe
        "C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"
        1⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        • Modifies data under HKEY_USERS
        PID:2052
        • C:\Windows\SysWOW64\wbem\wmic.exe
          wmic SystemEnclosure get ChassisTypes
          2⤵
          • System Location Discovery: System Language Discovery
          • Modifies data under HKEY_USERS
          PID:668
        • C:\Windows\SysWOW64\wbem\wmic.exe
          wmic os get oslanguage /FORMAT:LIST
          2⤵
            PID:392
          • C:\Windows\SysWOW64\wbem\wmic.exe
            wmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"
            2⤵
            • System Location Discovery: System Language Discovery
            PID:3012
          • C:\Windows\SysWOW64\wbem\wmic.exe
            wmic SystemEnclosure get ChassisTypes
            2⤵
            • System Location Discovery: System Language Discovery
            • Modifies data under HKEY_USERS
            PID:940
          • C:\Windows\SysWOW64\wbem\wmic.exe
            wmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"
            2⤵
            • System Location Discovery: System Language Discovery
            PID:756
        • C:\Program Files (x86)\Mesh Agent\MeshAgent.exe
          "C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"
          1⤵
          • Executes dropped EXE
          • Drops file in Program Files directory
          • System Location Discovery: System Language Discovery
          • Modifies data under HKEY_USERS
          PID:1000
          • C:\Windows\SysWOW64\wbem\wmic.exe
            wmic SystemEnclosure get ChassisTypes
            2⤵
            • System Location Discovery: System Language Discovery
            • Modifies data under HKEY_USERS
            PID:2264
          • C:\Windows\SysWOW64\wbem\wmic.exe
            wmic os get oslanguage /FORMAT:LIST
            2⤵
            • System Location Discovery: System Language Discovery
            PID:3008
          • C:\Windows\SysWOW64\wbem\wmic.exe
            wmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"
            2⤵
            • System Location Discovery: System Language Discovery
            PID:2808
          • C:\Windows\SysWOW64\wbem\wmic.exe
            wmic SystemEnclosure get ChassisTypes
            2⤵
            • System Location Discovery: System Language Discovery
            • Modifies data under HKEY_USERS
            PID:3028
          • C:\Windows\SysWOW64\wbem\wmic.exe
            wmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"
            2⤵
            • System Location Discovery: System Language Discovery
            PID:2760
        • C:\Program Files (x86)\Mesh Agent\MeshAgent.exe
          "C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"
          1⤵
          • Executes dropped EXE
          • Drops file in Program Files directory
          • System Location Discovery: System Language Discovery
          • Modifies data under HKEY_USERS
          PID:2980
          • C:\Windows\SysWOW64\wbem\wmic.exe
            wmic SystemEnclosure get ChassisTypes
            2⤵
            • System Location Discovery: System Language Discovery
            • Modifies data under HKEY_USERS
            PID:1072
          • C:\Windows\SysWOW64\wbem\wmic.exe
            wmic os get oslanguage /FORMAT:LIST
            2⤵
            • System Location Discovery: System Language Discovery
            PID:2636
          • C:\Windows\SysWOW64\wbem\wmic.exe
            wmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"
            2⤵
            • System Location Discovery: System Language Discovery
            PID:2720
          • C:\Windows\SysWOW64\wbem\wmic.exe
            wmic SystemEnclosure get ChassisTypes
            2⤵
            • System Location Discovery: System Language Discovery
            • Modifies data under HKEY_USERS
            PID:2548
          • C:\Windows\SysWOW64\wbem\wmic.exe
            wmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"
            2⤵
            • System Location Discovery: System Language Discovery
            PID:2988
        • C:\Program Files (x86)\Mesh Agent\MeshAgent.exe
          "C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"
          1⤵
          • Executes dropped EXE
          • Drops file in Program Files directory
          • System Location Discovery: System Language Discovery
          • Modifies data under HKEY_USERS
          PID:2072
          • C:\Windows\SysWOW64\wbem\wmic.exe
            wmic SystemEnclosure get ChassisTypes
            2⤵
            • System Location Discovery: System Language Discovery
            • Modifies data under HKEY_USERS
            PID:960
          • C:\Windows\SysWOW64\wbem\wmic.exe
            wmic os get oslanguage /FORMAT:LIST
            2⤵
            • System Location Discovery: System Language Discovery
            PID:2872
          • C:\Windows\SysWOW64\wbem\wmic.exe
            wmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"
            2⤵
            • System Location Discovery: System Language Discovery
            PID:936
          • C:\Windows\SysWOW64\wbem\wmic.exe
            wmic SystemEnclosure get ChassisTypes
            2⤵
            • System Location Discovery: System Language Discovery
            • Modifies data under HKEY_USERS
            PID:1044
          • C:\Windows\SysWOW64\wbem\wmic.exe
            wmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"
            2⤵
            • System Location Discovery: System Language Discovery
            PID:1016
        • C:\Program Files (x86)\Mesh Agent\MeshAgent.exe
          "C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"
          1⤵
          • Executes dropped EXE
          • Drops file in Program Files directory
          • Modifies data under HKEY_USERS
          PID:2260
          • C:\Windows\SysWOW64\wbem\wmic.exe
            wmic SystemEnclosure get ChassisTypes
            2⤵
            • System Location Discovery: System Language Discovery
            • Modifies data under HKEY_USERS
            PID:756
          • C:\Windows\SysWOW64\wbem\wmic.exe
            wmic os get oslanguage /FORMAT:LIST
            2⤵
            • System Location Discovery: System Language Discovery
            PID:896
          • C:\Windows\SysWOW64\wbem\wmic.exe
            wmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"
            2⤵
            • System Location Discovery: System Language Discovery
            PID:1508
          • C:\Windows\SysWOW64\wbem\wmic.exe
            wmic os get oslanguage /FORMAT:LIST
            2⤵
            • System Location Discovery: System Language Discovery
            PID:1632
          • C:\Windows\SysWOW64\wbem\wmic.exe
            wmic SystemEnclosure get ChassisTypes
            2⤵
            • System Location Discovery: System Language Discovery
            • Modifies data under HKEY_USERS
            PID:2808
          • C:\Windows\SysWOW64\wbem\wmic.exe
            wmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"
            2⤵
            • System Location Discovery: System Language Discovery
            PID:2648
        • C:\Program Files (x86)\Mesh Agent\MeshAgent.exe
          "C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"
          1⤵
          • Executes dropped EXE
          • Drops file in Program Files directory
          • System Location Discovery: System Language Discovery
          • Modifies data under HKEY_USERS
          PID:1904
          • C:\Windows\SysWOW64\wbem\wmic.exe
            wmic SystemEnclosure get ChassisTypes
            2⤵
            • Modifies data under HKEY_USERS
            PID:1920
          • C:\Windows\SysWOW64\wbem\wmic.exe
            wmic os get oslanguage /FORMAT:LIST
            2⤵
            • System Location Discovery: System Language Discovery
            PID:2680
          • C:\Windows\SysWOW64\wbem\wmic.exe
            wmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"
            2⤵
              PID:2876
            • C:\Windows\SysWOW64\wbem\wmic.exe
              wmic os get oslanguage /FORMAT:LIST
              2⤵
              • System Location Discovery: System Language Discovery
              PID:2588
            • C:\Windows\SysWOW64\wbem\wmic.exe
              wmic SystemEnclosure get ChassisTypes
              2⤵
              • Modifies data under HKEY_USERS
              PID:2148
            • C:\Windows\SysWOW64\wbem\wmic.exe
              wmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"
              2⤵
              • System Location Discovery: System Language Discovery
              PID:2100
          • C:\Program Files (x86)\Mesh Agent\MeshAgent.exe
            "C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"
            1⤵
            • Executes dropped EXE
            • Drops file in Program Files directory
            • System Location Discovery: System Language Discovery
            • Modifies data under HKEY_USERS
            PID:2772
            • C:\Windows\SysWOW64\wbem\wmic.exe
              wmic SystemEnclosure get ChassisTypes
              2⤵
              • System Location Discovery: System Language Discovery
              • Modifies data under HKEY_USERS
              PID:964
            • C:\Windows\SysWOW64\wbem\wmic.exe
              wmic os get oslanguage /FORMAT:LIST
              2⤵
                PID:1640
              • C:\Windows\SysWOW64\wbem\wmic.exe
                wmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"
                2⤵
                  PID:392

              Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Program Files (x86)\Mesh Agent\MeshAgent.db

                Filesize

                271KB

                MD5

                b334c4e4aff1140e6c2c843f9dfa6c0b

                SHA1

                ed39f360d52ab5885b49363968bde7a65b561d47

                SHA256

                ce288f26fdbf56347b681e6156590fae11717c609373f790f25e1aadfc7cf46e

                SHA512

                4e49995b5033481c13f546c1fea7bb34c2e23e13c1375cfff702dfe26058889c719ff8c255581fc72cfc232d285abc73f4083469f5a6183e8c2a83e2700c6763

              • C:\Program Files (x86)\Mesh Agent\MeshAgent.db

                Filesize

                388KB

                MD5

                5a7db252fb35d3cb19122749f7532da1

                SHA1

                69ac08378419c27b51158cc5840829bfe943bf3a

                SHA256

                48ca5b46b588354a2607f615bd107a01042f312c96986426e99117a28c945925

                SHA512

                e946956a7e833f31b49740debff93356f537606a2b73a9d8b330b8a76dbf8f47ca1a2272b1ba0c4e696050ebd7631223677ebdca924327ea3980e10f541c7a8c

              • C:\Program Files (x86)\Mesh Agent\MeshAgent.db

                Filesize

                153KB

                MD5

                e2a5fdd8118d64debc6c386b055ef2ff

                SHA1

                b71720fa0eb623b93c92e8e5106b1b69ca61ff54

                SHA256

                f3744e4a53a01fab15c6dd7227b0713da7924f662795d5ba6e8a2c016adb59ae

                SHA512

                64ae05caf6410dd0b2f2e91a3402b6949e1a6532b31bd9dc63a03849eb5bb22bf0d4b2f182125d307c1ff34757a5a23e11f690206c1cbfdc57b22966418231e0

              • C:\Program Files (x86)\Mesh Agent\MeshAgent.log

                Filesize

                1KB

                MD5

                da99a3c6d877c4f0b29b4a191601d985

                SHA1

                53abcac0dab22e4fa6bb6d2e369bd983197b4133

                SHA256

                3e2188fc1c65d0a70695b1479ca7842d68d2fa2c6fca15caf21b8a430b3722c1

                SHA512

                98ba7932f8385ff4b324681cd77aae322ab364f9aac25c74c525f0e1f4684606a38809afc221f6c838f29c03ca7dc57ab80c138b30941f31a0093c5c8d0c1f49

              • C:\Program Files (x86)\Mesh Agent\MeshAgent.log

                Filesize

                1KB

                MD5

                8ffd6ab2bedfb953125ec81541a0152a

                SHA1

                2c822a3eac54e8ec6f130a1e0835d2ca942e7f2e

                SHA256

                fca6e59b2e82e57b66e93f512beb834120d261106c4d9885972ba699150d89a4

                SHA512

                b1dd4eb93c63ca8d12bc90fa55e396e3800c0f5678591759598b564cf936c59afb89d59bb6468eb20d8ec8df145abd2e91e6c63147752fbb4616f090dae52cc2

              • C:\Program Files (x86)\Mesh Agent\MeshAgent.log

                Filesize

                1KB

                MD5

                2946688efd02943436456d5f5c061033

                SHA1

                d32cb012ff5d0212d250b3b3f6f51ee233a3cb82

                SHA256

                5c39d130333794f728e430b09780bff61a748a864f665a7ec86fe43f2134eb9e

                SHA512

                988fefdc5e535adcdec51a993452ab2a5e2d270ed0e171fa7f9de4b4dc60aa8a0adcfee254569002ea931361249d4ed93e8f30885c79a6e68bce09fb698a8955

              • C:\Program Files (x86)\Mesh Agent\MeshAgent.log

                Filesize

                1KB

                MD5

                85585acb934beeaa63b7122dfc638a86

                SHA1

                f33eebf39ff22028970e6117c95572dd495b859c

                SHA256

                612263b9f39bd4e22b6d6db1a86124fbf4950e62ac514fefe44b280813f61919

                SHA512

                8290b721bbaebbec81d555fa4681eb50d22c206f14411c01d40ac4624d1454df37432e110c78daa86922ce9e1a233107cb89e5ed58e0e7caf76d19029610946a

              • C:\Program Files (x86)\Mesh Agent\MeshAgent.log

                Filesize

                1KB

                MD5

                e21014e29d8b3ab7aa9124373ae5980e

                SHA1

                c1af17945367c33559abcb6b1a9e971096cd3843

                SHA256

                e247f178ff14898f22b7d2d8f8933071878cca7ecc73348e60f716b1942f9f5d

                SHA512

                ddb064323eafc1c050ba8eadcdf57d9a96d69d2f85618e03d5ce2a46a7efcaf4781db73e330e682efed6707ee77b1e9352f8eee38d89bf85f05c5ee08b78facc

              • C:\Program Files (x86)\Mesh Agent\MeshAgent.log

                Filesize

                1KB

                MD5

                f95596450150d239f43227717b4d800a

                SHA1

                9b279bbca8a6490fbaee73f3c76da833a594c93e

                SHA256

                1d2f20a3d944ebac0f0ccd8e27fd8745edbadefeec57237a6e89f6d2fd32ce3f

                SHA512

                1f4b7c7aa3dbb3e1782d1ac34ece67cfb0bb2773f24468e534aa74fcb70c84f84607c95357077af77130c8b07c83db9e40aee8250d794d8f9651998c39f61d15

              • C:\Program Files (x86)\Mesh Agent\MeshAgent.log

                Filesize

                1KB

                MD5

                d67ebe33d0f67010023a12390ff06f65

                SHA1

                f1de7508f973e338859f98862843390e71a3fdb7

                SHA256

                886bc22fe7b080dd41ac5269f85045f32bc6744451b6cb0a14cd4f3369e7a3db

                SHA512

                649cd2a6e43b93125654cc027fe6caba421e2fcc089d23573d538dc346bde7f779871e3743ef78dcfe2cd1de31d56a2c97d6da0a0c46453bf84cdfb93ac80da0

              • C:\Program Files (x86)\Mesh Agent\MeshAgent.log

                Filesize

                2KB

                MD5

                60927e9f787fdff31ff94a022fb52cc2

                SHA1

                9b0513db8f5a9d14adf0ce0e99728daee14f4d13

                SHA256

                44769fd5f8c09c3349a92d111e0b6a37d21abf9830049c08db675e91dddca86b

                SHA512

                d51d5a9029a9cb35933c13f795efdf6b3f565790d9d4f9800f643096a52ed61f72859786b4f62b1ab9b8edbe2a1eff278a1061d7742d05c933440bfd1f5a84ac

              • C:\Program Files (x86)\Mesh Agent\MeshAgent.log

                Filesize

                703B

                MD5

                3f0939d9a2645741e02283337993c052

                SHA1

                aaf8039a76bfd6dac12b48b8258aa823e4de04d6

                SHA256

                a7129368040d8698e499d9364aa12fde1c33afd4ba808c535f071887ba43e5bd

                SHA512

                fc57418f84f5f110dc29c1a8b5d0f98905e28b0ffeac9339409aaf016dba30f1f3416e5bfac82a95886a2bc7da05a70e460a087153444f532d4bf4217ce8fc8d

              • C:\Program Files (x86)\Mesh Agent\MeshAgent.log

                Filesize

                870B

                MD5

                6fc110846e43e06cffedac92f72dd14b

                SHA1

                9f348d72fb81b81b6249fbf54cbcd842d3a611c5

                SHA256

                9a71e75846b50f75bfd1cffb01e7defd0a53d6eb21f6f1272b4b39397c5f67d4

                SHA512

                7cf3fe3a946381396d265304427aa3155f1e78014cbb0f904fb0969c325d3f1187ea0d436ba794846254470e935d0dce961e6c123701e0ebcf8a9e128283f374

              • C:\Program Files (x86)\Mesh Agent\MeshAgent.msh

                Filesize

                31KB

                MD5

                90c4989cf99b9f357020a7e07a977eea

                SHA1

                7e0d44a99412713401a00502fe85c2877064daa4

                SHA256

                4f1fdf000e1d59f66dc3c37d3de736145a2ee07bb486894b131406bc01272902

                SHA512

                b627eff21c9506704208e343d7e80a26f64057fa8b00265b74eb0a8f33ab1f082fd43a54bf35b25f40b63aaf44c1f8ca7c0b319028565fdf558cf72f52de241d

              • \Users\Admin\AppData\Roaming\MSIX\meshagent32-group.exe

                Filesize

                3.7MB

                MD5

                e8bd5c14b8301039e7538298d26cf09b

                SHA1

                4702252fef2156b59ad61f1f397b205323b339c4

                SHA256

                f32426d0fc71a3a054f0fe263133aabeb25c9d7d129238cfcfc0c1a40854c67e

                SHA512

                7108e6379e9e2698dbac52549b5fc81d7b3c5bb02d4d3574b7be9e8ab9f6f473513e651c1ce0809d74273f02e837c36032666f739c05b71fa732899360b77cee