Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20241023-en -
resource tags
arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system -
submitted
08-11-2024 12:27
Static task
static1
Behavioral task
behavioral1
Sample
f065892060e9e58460c920516e4c7257c265bf8b532e9782d5d73146ee936c72.msi
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
f065892060e9e58460c920516e4c7257c265bf8b532e9782d5d73146ee936c72.msi
Resource
win10v2004-20241007-en
General
-
Target
f065892060e9e58460c920516e4c7257c265bf8b532e9782d5d73146ee936c72.msi
-
Size
2.6MB
-
MD5
055047fe65e1d28dd3bb2e53a9bbcf31
-
SHA1
126af029786aae23fb19e4ab3b71d50a04880393
-
SHA256
f065892060e9e58460c920516e4c7257c265bf8b532e9782d5d73146ee936c72
-
SHA512
94da78ac9c85e16e628872ba1d318db1733bb917711836df73b30b5d9825d6f04db5418c094220a20886ecd892e5721238ab47e1ca7b7674c163fa35a91c0ddf
-
SSDEEP
49152:sBRNlatz55q6jzoz//stPEqQpTIQW8MQ6M97ouRUbFFOV47S9gonUI:MRNlap55qAczWgW9MxcFFOV42+
Malware Config
Signatures
-
AteraAgent
AteraAgent is a remote monitoring and management tool.
-
Ateraagent family
-
Blocklisted process makes network request 3 IoCs
Processes:
msiexec.exeflow pid Process 3 2616 msiexec.exe 5 2616 msiexec.exe 7 2616 msiexec.exe -
Enumerates connected drives 3 TTPs 46 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
msiexec.exemsiexec.exedescription ioc Process File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\W: msiexec.exe -
Drops file in System32 directory 18 IoCs
Processes:
AteraAgent.exeAteraAgent.exeAgentPackageAgentInformation.exedescription ioc Process File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB AteraAgent.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141 AteraAgent.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416 AteraAgent.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1 AteraAgent.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4 AteraAgent.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB AteraAgent.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_D6781754937F132531C364D68914BDA9 AteraAgent.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 AgentPackageAgentInformation.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416 AteraAgent.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1 AteraAgent.exe File opened for modification C:\Windows\system32\InstallUtil.InstallLog AteraAgent.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141 AteraAgent.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_D6781754937F132531C364D68914BDA9 AteraAgent.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 AteraAgent.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 AteraAgent.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357 AteraAgent.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357 AteraAgent.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4 AteraAgent.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 18 IoCs
Processes:
msiexec.exeAteraAgent.exeAteraAgent.exeAgentPackageAgentInformation.exedescription ioc Process File created C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll msiexec.exe File opened for modification C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt AteraAgent.exe File created C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation.zip AteraAgent.exe File created C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe AteraAgent.exe File created C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe msiexec.exe File created C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config msiexec.exe File created C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll msiexec.exe File opened for modification C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt AteraAgent.exe File created C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll AteraAgent.exe File created C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll msiexec.exe File created C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.ini AteraAgent.exe File created C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll AteraAgent.exe File created C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallState AteraAgent.exe File created C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config AteraAgent.exe File opened for modification C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\log.txt AgentPackageAgentInformation.exe File created C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll msiexec.exe File created C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dll msiexec.exe File opened for modification C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog AteraAgent.exe -
Drops file in Windows directory 15 IoCs
Processes:
msiexec.exeDrvInst.exerundll32.exedescription ioc Process File opened for modification C:\Windows\Installer\MSIDA2B.tmp msiexec.exe File created C:\Windows\Installer\f76d9ad.ipi msiexec.exe File opened for modification C:\Windows\INF\setupapi.ev3 DrvInst.exe File opened for modification C:\Windows\Installer\f76d9ac.msi msiexec.exe File opened for modification C:\Windows\Installer\MSIDA2B.tmp-\AlphaControlAgentInstallationDialog.dll rundll32.exe File opened for modification C:\Windows\Installer\ msiexec.exe File created C:\Windows\Installer\f76d9af.msi msiexec.exe File opened for modification C:\Windows\Installer\f76d9ad.ipi msiexec.exe File opened for modification C:\Windows\INF\setupapi.ev1 DrvInst.exe File opened for modification C:\Windows\INF\setupapi.dev.log DrvInst.exe File created C:\Windows\Installer\f76d9ac.msi msiexec.exe File opened for modification C:\Windows\Installer\MSIE553.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSIE564.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSIDA2B.tmp-\Microsoft.Deployment.WindowsInstaller.dll rundll32.exe File opened for modification C:\Windows\Installer\MSIDA2B.tmp-\CustomAction.config rundll32.exe -
Executes dropped EXE 3 IoCs
Processes:
AteraAgent.exeAteraAgent.exeAgentPackageAgentInformation.exepid Process 1072 AteraAgent.exe 2236 AteraAgent.exe 1536 AgentPackageAgentInformation.exe -
Launches sc.exe 1 IoCs
Sc.exe is a Windows utlilty to control services on the system.
Processes:
sc.exepid Process 1176 sc.exe -
Loads dropped DLL 7 IoCs
Processes:
MsiExec.exerundll32.exepid Process 1900 MsiExec.exe 1264 rundll32.exe 1264 rundll32.exe 1264 rundll32.exe 1264 rundll32.exe 1264 rundll32.exe 1900 MsiExec.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
MsiExec.exerundll32.exedescription ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Modifies data under HKEY_USERS 64 IoCs
Processes:
AteraAgent.exeAteraAgent.exeAgentPackageAgentInformation.exeDrvInst.exemsiexec.exedescription ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot AteraAgent.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates AteraAgent.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates AteraAgent.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs AgentPackageAgentInformation.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs AteraAgent.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates AteraAgent.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates AteraAgent.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs AteraAgent.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs AteraAgent.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed AgentPackageAgentInformation.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot AgentPackageAgentInformation.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA AteraAgent.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot AteraAgent.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs AteraAgent.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs AgentPackageAgentInformation.exe Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs AgentPackageAgentInformation.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs AgentPackageAgentInformation.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs AgentPackageAgentInformation.exe Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 AteraAgent.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA AgentPackageAgentInformation.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs AteraAgent.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs AteraAgent.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates AteraAgent.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs AteraAgent.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates AgentPackageAgentInformation.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates AgentPackageAgentInformation.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates AteraAgent.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E msiexec.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates AteraAgent.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs AteraAgent.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs AteraAgent.exe Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 AteraAgent.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople AteraAgent.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs AgentPackageAgentInformation.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root AteraAgent.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs AteraAgent.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs AgentPackageAgentInformation.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates AteraAgent.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ AteraAgent.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust AgentPackageAgentInformation.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs DrvInst.exe Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "0" AteraAgent.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs AteraAgent.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs AteraAgent.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs AteraAgent.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed AgentPackageAgentInformation.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates AgentPackageAgentInformation.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates AgentPackageAgentInformation.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs DrvInst.exe -
Modifies registry class 22 IoCs
Processes:
msiexec.exedescription ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79434ABCE9E7E284E9AA26F75095FF38\SourceList\Media\1 = ";" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79434ABCE9E7E284E9AA26F75095FF38\AdvertiseFlags = "388" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\25F46F8180ECF4345A1FA7A8935DE9AE\79434ABCE9E7E284E9AA26F75095FF38 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79434ABCE9E7E284E9AA26F75095FF38\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79434ABCE9E7E284E9AA26F75095FF38\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\25F46F8180ECF4345A1FA7A8935DE9AE msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79434ABCE9E7E284E9AA26F75095FF38\SourceList\PackageName = "f065892060e9e58460c920516e4c7257c265bf8b532e9782d5d73146ee936c72.msi" msiexec.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79434ABCE9E7E284E9AA26F75095FF38\Clients = 3a0000000000 msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79434ABCE9E7E284E9AA26F75095FF38\Language = "1033" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79434ABCE9E7E284E9AA26F75095FF38\Assignment = "1" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79434ABCE9E7E284E9AA26F75095FF38\InstanceType = "0" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79434ABCE9E7E284E9AA26F75095FF38\AuthorizedLUAApp = "0" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79434ABCE9E7E284E9AA26F75095FF38\DeploymentFlags = "3" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79434ABCE9E7E284E9AA26F75095FF38 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79434ABCE9E7E284E9AA26F75095FF38\ProductName = "AteraAgent" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79434ABCE9E7E284E9AA26F75095FF38\PackageCode = "655C96A5C53078D41AE7A5F332041A28" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79434ABCE9E7E284E9AA26F75095FF38\SourceList msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79434ABCE9E7E284E9AA26F75095FF38\SourceList\Media msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79434ABCE9E7E284E9AA26F75095FF38\SourceList\Net msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\79434ABCE9E7E284E9AA26F75095FF38 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\79434ABCE9E7E284E9AA26F75095FF38\INSTALLFOLDER_files_Feature msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79434ABCE9E7E284E9AA26F75095FF38\Version = "17301507" msiexec.exe -
Processes:
AteraAgent.exedescription ioc Process Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd AteraAgent.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A AteraAgent.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 AteraAgent.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6 AteraAgent.exe -
Suspicious behavior: EnumeratesProcesses 3 IoCs
Processes:
msiexec.exeAteraAgent.exepid Process 2888 msiexec.exe 2888 msiexec.exe 2236 AteraAgent.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
msiexec.exemsiexec.exevssvc.exeDrvInst.exedescription pid Process Token: SeShutdownPrivilege 2616 msiexec.exe Token: SeIncreaseQuotaPrivilege 2616 msiexec.exe Token: SeRestorePrivilege 2888 msiexec.exe Token: SeTakeOwnershipPrivilege 2888 msiexec.exe Token: SeSecurityPrivilege 2888 msiexec.exe Token: SeCreateTokenPrivilege 2616 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 2616 msiexec.exe Token: SeLockMemoryPrivilege 2616 msiexec.exe Token: SeIncreaseQuotaPrivilege 2616 msiexec.exe Token: SeMachineAccountPrivilege 2616 msiexec.exe Token: SeTcbPrivilege 2616 msiexec.exe Token: SeSecurityPrivilege 2616 msiexec.exe Token: SeTakeOwnershipPrivilege 2616 msiexec.exe Token: SeLoadDriverPrivilege 2616 msiexec.exe Token: SeSystemProfilePrivilege 2616 msiexec.exe Token: SeSystemtimePrivilege 2616 msiexec.exe Token: SeProfSingleProcessPrivilege 2616 msiexec.exe Token: SeIncBasePriorityPrivilege 2616 msiexec.exe Token: SeCreatePagefilePrivilege 2616 msiexec.exe Token: SeCreatePermanentPrivilege 2616 msiexec.exe Token: SeBackupPrivilege 2616 msiexec.exe Token: SeRestorePrivilege 2616 msiexec.exe Token: SeShutdownPrivilege 2616 msiexec.exe Token: SeDebugPrivilege 2616 msiexec.exe Token: SeAuditPrivilege 2616 msiexec.exe Token: SeSystemEnvironmentPrivilege 2616 msiexec.exe Token: SeChangeNotifyPrivilege 2616 msiexec.exe Token: SeRemoteShutdownPrivilege 2616 msiexec.exe Token: SeUndockPrivilege 2616 msiexec.exe Token: SeSyncAgentPrivilege 2616 msiexec.exe Token: SeEnableDelegationPrivilege 2616 msiexec.exe Token: SeManageVolumePrivilege 2616 msiexec.exe Token: SeImpersonatePrivilege 2616 msiexec.exe Token: SeCreateGlobalPrivilege 2616 msiexec.exe Token: SeBackupPrivilege 2788 vssvc.exe Token: SeRestorePrivilege 2788 vssvc.exe Token: SeAuditPrivilege 2788 vssvc.exe Token: SeBackupPrivilege 2888 msiexec.exe Token: SeRestorePrivilege 2888 msiexec.exe Token: SeRestorePrivilege 2020 DrvInst.exe Token: SeRestorePrivilege 2020 DrvInst.exe Token: SeRestorePrivilege 2020 DrvInst.exe Token: SeRestorePrivilege 2020 DrvInst.exe Token: SeRestorePrivilege 2020 DrvInst.exe Token: SeRestorePrivilege 2020 DrvInst.exe Token: SeRestorePrivilege 2020 DrvInst.exe Token: SeLoadDriverPrivilege 2020 DrvInst.exe Token: SeLoadDriverPrivilege 2020 DrvInst.exe Token: SeLoadDriverPrivilege 2020 DrvInst.exe Token: SeRestorePrivilege 2888 msiexec.exe Token: SeTakeOwnershipPrivilege 2888 msiexec.exe Token: SeRestorePrivilege 2888 msiexec.exe Token: SeTakeOwnershipPrivilege 2888 msiexec.exe Token: SeRestorePrivilege 2888 msiexec.exe Token: SeTakeOwnershipPrivilege 2888 msiexec.exe Token: SeRestorePrivilege 2888 msiexec.exe Token: SeTakeOwnershipPrivilege 2888 msiexec.exe Token: SeRestorePrivilege 2888 msiexec.exe Token: SeTakeOwnershipPrivilege 2888 msiexec.exe Token: SeRestorePrivilege 2888 msiexec.exe Token: SeTakeOwnershipPrivilege 2888 msiexec.exe Token: SeRestorePrivilege 2888 msiexec.exe Token: SeTakeOwnershipPrivilege 2888 msiexec.exe Token: SeRestorePrivilege 2888 msiexec.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
Processes:
msiexec.exepid Process 2616 msiexec.exe 2616 msiexec.exe -
Suspicious use of WriteProcessMemory 23 IoCs
Processes:
msiexec.exeMsiExec.exeAteraAgent.exedescription pid Process procid_target PID 2888 wrote to memory of 1900 2888 msiexec.exe 35 PID 2888 wrote to memory of 1900 2888 msiexec.exe 35 PID 2888 wrote to memory of 1900 2888 msiexec.exe 35 PID 2888 wrote to memory of 1900 2888 msiexec.exe 35 PID 2888 wrote to memory of 1900 2888 msiexec.exe 35 PID 2888 wrote to memory of 1900 2888 msiexec.exe 35 PID 2888 wrote to memory of 1900 2888 msiexec.exe 35 PID 1900 wrote to memory of 1264 1900 MsiExec.exe 36 PID 1900 wrote to memory of 1264 1900 MsiExec.exe 36 PID 1900 wrote to memory of 1264 1900 MsiExec.exe 36 PID 1900 wrote to memory of 1264 1900 MsiExec.exe 36 PID 1900 wrote to memory of 1264 1900 MsiExec.exe 36 PID 1900 wrote to memory of 1264 1900 MsiExec.exe 36 PID 1900 wrote to memory of 1264 1900 MsiExec.exe 36 PID 2888 wrote to memory of 1072 2888 msiexec.exe 37 PID 2888 wrote to memory of 1072 2888 msiexec.exe 37 PID 2888 wrote to memory of 1072 2888 msiexec.exe 37 PID 2236 wrote to memory of 1176 2236 AteraAgent.exe 39 PID 2236 wrote to memory of 1176 2236 AteraAgent.exe 39 PID 2236 wrote to memory of 1176 2236 AteraAgent.exe 39 PID 2236 wrote to memory of 1536 2236 AteraAgent.exe 42 PID 2236 wrote to memory of 1536 2236 AteraAgent.exe 42 PID 2236 wrote to memory of 1536 2236 AteraAgent.exe 42 -
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Windows\system32\msiexec.exemsiexec.exe /I C:\Users\Admin\AppData\Local\Temp\f065892060e9e58460c920516e4c7257c265bf8b532e9782d5d73146ee936c72.msi1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Event Triggered Execution: Installer Packages
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2616
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2888 -
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding ADC07422B1514D03530EB285AA7DD9932⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1900 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Windows\Installer\MSIDA2B.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259447493 1 AlphaControlAgentInstallationDialog!AlphaControlAgentInstallationDialog.CustomActions.ShouldContinueInstallation3⤵
- Drops file in Windows directory
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1264
-
-
-
C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="[email protected]" /CompanyId="4" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId=""2⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Executes dropped EXE
- Modifies data under HKEY_USERS
PID:1072
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2788
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "000000000000059C" "0000000000000564"1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2020
-
C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2236 -
C:\Windows\System32\sc.exe"C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/250002⤵
- Launches sc.exe
PID:1176
-
-
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 5fbcd6c5-218b-4d78-a2db-0eeaa2e260e1 "ecf9165b-7fce-460e-9b26-dd4a1ac446cd" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification"2⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Executes dropped EXE
- Modifies data under HKEY_USERS
PID:1536
-
Network
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1System Binary Proxy Execution
1Msiexec
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
MD5ccbea22b46797f4443244060419abe4c
SHA1f86aa5c673009e5b85cb664479cf62248b7817ff
SHA256336cad87b997d4a18f81a4753b72be56b8d9617ba97a69638513a21500ef9b39
SHA512a894d89beac76c1b68700eae5e67960f8ea1e7d26e2f83520c4a895093d97dd8ae91c959bbd95859df0acc8f7bfde1ca3261d2421b8eaf2016f42f182b5581f4
-
Filesize
753B
MD58298451e4dee214334dd2e22b8996bdc
SHA1bc429029cc6b42c59c417773ea5df8ae54dbb971
SHA2566fbf5845a6738e2dc2aa67dd5f78da2c8f8cb41d866bbba10e5336787c731b25
SHA512cda4ffd7d6c6dff90521c6a67a3dba27bf172cc87cee2986ae46dccd02f771d7e784dcad8aea0ad10decf46a1c8ae1041c184206ec2796e54756e49b9217d7ba
-
Filesize
138KB
MD58dd350bb44e45c0b89d0c2cea8e1fd9f
SHA1298ccacd3f218f8d98709a43df09acc82178cbf2
SHA256127fde9b3c238f66232d0f0db1d3ff62d2c46d16f50aa92073d26977f36f463a
SHA512ec8c638a8c616c7fa7989585cd5c577c3bff88801789c5b975e016ec888c0d2a1d3f492d12bbb3618ee93c79c80dc1f666ed9e21ffe595dd7b2f3c9f601e03c0
-
Filesize
1KB
MD5b3bb71f9bb4de4236c26578a8fae2dcd
SHA11ad6a034ccfdce5e3a3ced93068aa216bd0c6e0e
SHA256e505b08308622ad12d98e1c7a07e5dc619a2a00bcd4a5cbe04fe8b078bcf94a2
SHA512fb6a46708d048a8f964839a514315b9c76659c8e1ab2cd8c5c5d8f312aa4fb628ab3ce5d23a793c41c13a2aa6a95106a47964dad72a5ecb8d035106fc5b7ba71
-
Filesize
209KB
MD5b322ca965d1571b468b8c49d387d7f84
SHA1cc1c2fd52c081e36c2b01f05fb2995d0807fcb19
SHA256e45af7598efae14255851cf7d23c669af1a0e89fffa64e4e12c59960542ad0da
SHA51250cfb1240491efe00760c37150f2f8a7dc6769f58fbeccc811eea9574917f383c510af3bce181efe7515e417fc211314aad48326a296f6c1093ca23ff76c9318
-
Filesize
693KB
MD5fdde119bd5c37341879e1bd1bfce033a
SHA1e7228d4dd8a2a0fa7d60f50f68e32560932c3a6a
SHA2569a7f775a3d2569ee6a830a7814f1b6068613153b14bc5515ea7644dd51e5972e
SHA5128f91ae407ae1998d86e2edadf9b871e31f8b46b24f7285d17e6f221c33ed19623cbb16f4b73f94dde860dd47ad122f38cba7f5810350b049f79d89c417f53ab8
-
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.INI
Filesize12B
MD5dc63026e80d2bb04f71e41916f807e33
SHA16cda386d2c365f94ea3de41e2390fd916622eb51
SHA2563b54d00f00aa80384de88e4f4005e9d4d889a2ccf64b56e0c29d274352495c85
SHA51261da550efd55187978872f5d8e88164a6181a11c8a720684eaa737e0846fe20b9e82b73e1f689a6585834b84c4cee8dd949af43e76fd0158f6cafa704ab25183
-
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
Filesize173KB
MD531def444e6135301ea3c38a985341837
SHA1f135be75c721af2d5291cb463cbc22a32467084a
SHA25636704967877e4117405bde5ec30beaf31e7492166714f3ffb2ceb262bf2fb571
SHA512bd654388202cb5090c860a7229950b1184620746f4c584ab864eade831168bc7fae0b5e59b90165b1a9e4ba2bd154f235749718ae2df35d3dd10403092185ed1
-
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config
Filesize546B
MD5158fb7d9323c6ce69d4fce11486a40a1
SHA129ab26f5728f6ba6f0e5636bf47149bd9851f532
SHA2565e38ef232f42f9b0474f8ce937a478200f7a8926b90e45cb375ffda339ec3c21
SHA5127eefcc5e65ab4110655e71bc282587e88242c15292d9c670885f0daae30fa19a4b059390eb8e934607b8b14105e3e25d7c5c1b926b6f93bdd40cbd284aaa3ceb
-
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll
Filesize94KB
MD59d8b5941ea5b905e8197a175ef2b15a9
SHA186a078e94b5578ec4125f50f78c8518a8ce1d086
SHA256c6f05b647dbadc15ab97d31790fc8ace054986ec33e9178feead4235ad15cb0d
SHA512fab5fe82873862ce8ed1a427482093cca307f6663e9f6497fdc244ce461312872d419ff274cdca0c496414c28681901f335c9911b95d2a7c112d30e32d74e498
-
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll
Filesize688KB
MD5ba66874c510645c1fb5fe74f85b32e98
SHA1e33c7e6991a25cc40d9e0dcc260b5a27f4a34e6c
SHA25612d64550cb536a067d8afff42864836f6d41566e18f46d3ca92cb68726bdd4e9
SHA51244e8caa916ab98da36af02b84ac944fbf0a65c80b0adbdc1a087f8ed3eff71c750fb6116f2c12034f9f9b429d6915db8f88511b79507cc4d063bab40c4eaa568
-
Filesize
23KB
MD5264ae0b4ebe9f46300ea93c6a3959731
SHA11621d581cfadefd2b73bebd99cda207044693a47
SHA256e52d254f9d758fa25a4626a2a3a8e83a26167216d4ade684a4690692d8529d5c
SHA512a0e1d8ebd04f91cda8a960fbbd19d7a2f282f0d0f9af4731b41a708370da1d47bc3cd185bfd7ab688e9de67abbdf2a2542288176a159c93a329c9859b19a25b8
-
Filesize
588KB
MD5d39533ae3451324100a8be62845799e6
SHA131af6d7acac3ff2b67a3b6d5dca6ba22809988d3
SHA256fa52b413bec029179f4dc476b9198f53d9034b0de59ae2439a8882403b61d07e
SHA512ce69bde9859ba32aa24b09538e5ccefa8766f2f264bf637fae2d0ec1419e306f767e3343793448d960880c82d328fa6e7b75e14cbc2de3403fb21c80f03318bd
-
Filesize
167B
MD56e1c4c6ba3ec4d5735553ec12a9dd538
SHA1ae1b460b878df8975d8322ac4f5fb72586ee749e
SHA256884638604845ca6b4755ef186fb215284a5154593780a936c7df0bde7b7a5d8c
SHA5127985617e214c4fc03af172cf467afb03fcf30543e2d077634e03a993ab7fa4cb00e0c4e9c1f047e85c8fd5205bd6b4fafa2e8a47afaa6ac5ea34c85e809f6ac3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
Filesize471B
MD57795df33fc7dd3aa62e0bc052f9dfbad
SHA1ea227ec994561b5bce01c5228f9c337286fbec9c
SHA2566ad47d714f3dd55b2fe9072e829542851d2ecf60cb88254002c60449e8aca736
SHA512de11027f0ca32119ebbb17976ecbe6582ab6af8caa7ce522d75c4185da722550f1f981064db9be6074eb1c6c096c933c2de7ee42b1f31b4fedc9982f87157f9d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_D6781754937F132531C364D68914BDA9
Filesize727B
MD5043fc0ff529996b681d9677246420c3b
SHA14e5fe5b8407e1fc953ca459d1f25e271e7b8f819
SHA256ca1b6b17d41eebcd503c186a777404136480328bb3fd4783b4e5bda7f9557c88
SHA51222a04c039c37cde623b03954acdc5587cabe99991809370aee60a87ceae428cd553b8dc71dde08d8e1b61938676a178171462ea8a084738f6392bb26d8028edd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
Filesize727B
MD5eb9a1d98cc4b6ac3d674a6621df5a758
SHA15e9bc182d48b8e86a61d8a3f4b5add9c88da6800
SHA25620d856d68dba3e2246ebb62a5eaedcefda221accfa1b9362b33afad33b6e48c7
SHA5121054d82e5e1b2f2c1416d31f01ff2c172aca8dcc31a622cdd959f918b78a474bd9b40a9b7316122a8262fac24d6236860e2eadd665030a61d56c5c0a153f81c7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
Filesize400B
MD5c3c01e7d693f48813a357f8ce3a5e104
SHA1d685e82973c5a15ba6a520c365db40f2c337fbde
SHA25614b774a42faacd9feb8542758d11d02757f7818cf6468023886a971b57fb5bc7
SHA512a425cf66405925e6351de8877eeff765f08d9e17ba320f706eb58e30dc97d66bc4a3e91ca605aab7ef7f4125484fed70aafadec2655cd7ca9ee66ebb297ecfb3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_D6781754937F132531C364D68914BDA9
Filesize408B
MD5b26e525ed9e4404a01b7970bf2b3e3a6
SHA124e64a1c4d7bebf05bb83852fe32ba5977951500
SHA2561e5cac318dd210197faefdb987bb2a63a0b03744f4c887327aa677f6a79b5a0c
SHA512b3fc158067ca01d29943626978046ffdb2ef8f3c8f7f33a8b5901580ad8663f087daf938fab154ba6ad54b0ac88a4917963d75fb7f456481d17213a44e69a855
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51760dd103dbcb582c496a281036b1c44
SHA1c244f71fd3854cd4a7916a080fb5c4217a71d7db
SHA25642c55f6bfd26d364ce4064c79a32fdd1ffbe7bbc2ce8081889aec8a00ab8126a
SHA512cef57a078b93985796c236a741ad17f77449ac7a7e4d2c4db8fd268763baa641543bee3495c1ee99d87e572567a96aeb0dd5617f848c1011577fd8ea1cea6e38
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
Filesize412B
MD502278d044ae0656d8697bdbd726d5abd
SHA176fecc41920a984384e217cde923ffee1b1381ff
SHA2566e486faae8287a7a9c2c32a533a77a2dfe5d1d96514ba0dce61241433bf8e242
SHA5120c5dc7e8efbd517b44ffd97c66350393cfb735ebb53f6ec21309f66466ced875aed04d85bf058503763a146c7a003abcc269bbc5f9c960627a0b3fa77052bfbd
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
245KB
MD5acf29f18088d57d255b2b5c859e6d844
SHA1cb0260ff6e7dd2189677d1c2afc9d25cd0c6f208
SHA256767b905a0af875fde991601e1ea86ce40af300e6054ea719cad02fe72df28fd8
SHA51229fe0a4159a7aabb7886475824c5b23310863304a315cf59b5d6bf44c0dc2c4df36521c38ff97e5336a8c7dda63a3f1b0405b493985c3ee4f308693bed9f638b
-
Filesize
211KB
MD5a3ae5d86ecf38db9427359ea37a5f646
SHA1eb4cb5ff520717038adadcc5e1ef8f7c24b27a90
SHA256c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74
SHA51296ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0
-
Filesize
2.6MB
MD5055047fe65e1d28dd3bb2e53a9bbcf31
SHA1126af029786aae23fb19e4ab3b71d50a04880393
SHA256f065892060e9e58460c920516e4c7257c265bf8b532e9782d5d73146ee936c72
SHA51294da78ac9c85e16e628872ba1d318db1733bb917711836df73b30b5d9825d6f04db5418c094220a20886ecd892e5721238ab47e1ca7b7674c163fa35a91c0ddf
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
Filesize1KB
MD555540a230bdab55187a841cfe1aa1545
SHA1363e4734f757bdeb89868efe94907774a327695e
SHA256d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD547598c7a8044f13f9a83671dcc1f244e
SHA1e17bd61cc0217396f168fe954c79609d50989d79
SHA256fbce2af14858122d68843a3d8daf261f36e48822937408bbfc3d8c6518be877e
SHA5122915733a56c808893f45787863a92546b3a30f6d2b579e5d1c36d5d9b1da244cb726df1bfa5849ee93990d7386482b9c975d9e45ebf5113f84dc5c0405f29de4
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD572a29180125d4537fe91cf76c18c3fbe
SHA1ef891cfa0196ed04cb1b251ceb3ad9bcb8250c60
SHA256e8c1a41464c995d9bb841b04989f76a2ccbb0a8ba50ddc5a5671cf918cca41f0
SHA512dfe285278118d76587a940ff1cc70f6c5a62e41d388e7eeda903f2a958b3f9d12980d3eb2bedb80d7bd931e396ae38c7e419d6972324dc75228dd17fb632703d
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD515823c0f6e5fd194b59616b72d592ea8
SHA16dd6c3f74aa4217475f3e74f3ba06ab3fae145e8
SHA256ab1e91c1d83cd43b78dd1539408d175da7579b0ba50baa28230fedfdfde96455
SHA512c3803413f9e7fbd69c4290e24ec12d88f405494807de3777564c20454c841629b6b92ee20b29f3978e4c41ff8d876569a9fc178a5153f994d43977515ebdcdc0
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fcf5f2f3e7451b042e6ef4fab96a7a10
SHA1667dd49704e8766e8a17301da392191281e6ea18
SHA25666f3e1d0a95eb16cd055b23a61fb15664ae29220468ff0b945fb6b43a669fc0e
SHA512386a6841af474a549edaf775faa97cff761384ec1a5ae505a7991b08525d56a061761e2636c2bb75fe7b6b6a0f5354414133387e666d5e7381218215ea92226d
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD575cee93f2e3c8e49772da036bc9fbb85
SHA1430fdd725f14f2c97f5bf532d3becc9cdaa3300d
SHA2568c275918ba9735482b8f5c8fbc2c4770964abaf1692e32943a99de43cae1052d
SHA5121f0178f1e8319a2bf36a8dbf22c5372e8d6f19fb299fe24609605ebc10845386a84e75dc7123e3c122d970a470a23fcccc1a83de924eaff535b638c9b8b11793
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a3aa014e718f7fe66be4d073839b108f
SHA1abfee082a669300f2f08e0639b1f8201f3493284
SHA25643d9a853650a75f9d47116e16a97d67323d6edfb9a0f6289d9044341ecf5345f
SHA5127cc40998c3e398fac7d0d37bbfe46b79bf073ecf179d98ac26bfb961d1c4b14ae7e7e46edcbd1293335cbc0309bb2b3efd7d2746dba88e26698c5dd2daefdd5e
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5aa6aa52eee03140f07c488dbe2bd64a0
SHA1f40d515dd88789489d7117cc95fbd918e96d0a6f
SHA25694a9cb7b506bff18522b92f0782325602ea76e862c57cfe3dbd5110da46506a2
SHA512a17a1507a0ab8bb70ddf4934d65609de8bc6c5c2fa7b8e357182705f720336c037249c366a87ffa830edd57af75475dfa99be0c491c4c2d6eeefe402010f9cd8
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57d260cded2555154c3c64164f23e259a
SHA1b967d4b9ce80c9ff0ca84b6b38afdc1bc79eceab
SHA25656a01cff5fb65b40c040ecfc2fb81313207fd0dc7296d4d083a34e1d4a7a7c8a
SHA51231a5688a93c203aaf776c0255231a8f63fc35e9303a98ac62f54755f76ac374052e1fdd87e71cc3450d3382483bef201d2053a2c60eb6d6642bb2ee50465fcfd
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57416fccefad906865e0640711e3d35d6
SHA17ae01bab9c71c1c4f4de7470e0777e6eb38ff6dc
SHA256ebc611e0898a759b7e394b9d24ae86541454bb163fa3161f8cf1facb950decca
SHA512e487fd181ac39891de74d5f75c3b0be80d5df95f63d99e4bc638e29c2e1cbffbff37e0ec5dcce88065780c59c7dd7be1d8ba612964a0cb0b014cd308e2e44e38
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c12763d6621c13d0a7a2fdb516e619f5
SHA1921ab38c5c320cbba3d0e12470a98f26bdb96b69
SHA2568948495f7ff54633cec220a1a283daa4805adb4be1f659b6facaacca4e4d1a2b
SHA512cd10f4501538448a6ecf6280bae127ba37319607f0177070c78f5006230f8873db52b17cdf36555f4f70c5ded93f3849188566f6ddcb11dd9752abc5c70390e4
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD541d56ad7872e0cf40db340d42e1b3176
SHA1d52459770b3212abb2f92f2522ed116483fa3a21
SHA2563cd5b5bc76967d9155b97ca7a1eebb4fa6d4eb230025a7bcead5d52ddc9a48de
SHA5126a2edd7944f256a00c5a1cb5ed99679b13b2ac342fc010364bf781c5bb50033c6a735df4edc3168732d26ef85cab75ccc7b29ce979fdbd7df8f393648529dcfb
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD5e4012d92aca9731effb1b8538c817acc
SHA14568cff675c139d0dc841dc6a7ce4a45e023d6fd
SHA256a1248edd4e0da98135384f0442548261d21f8fbeda30c832457167955ae8699a
SHA512ff04b7f1c32c08ab40b6691e908765e9de97cc08612042e4b0e70ce6453f3881837abad4d6f6d747310b723e5349106c819557fc00657fa6a9d284da2eefe818
-
Filesize
29KB
MD5d59a6b36c5a94916241a3ead50222b6f
SHA1e274e9486d318c383bc4b9812844ba56f0cff3c6
SHA256a38d01d3f024e626d579cf052ac3bd4260bb00c34bc6085977a5f4135ab09b53
SHA51217012307955fef045e7c13bf0613bd40df27c29778ba6572640b76c18d379e02dc478e855c9276737363d0ad09b9a94f2adaa85da9c77ebb3c2d427aa68e2489
-
Filesize
81KB
MD5b13f51572f55a2d31ed9f266d581e9ea
SHA17eef3111b878e159e520f34410ad87adecf0ca92
SHA256725980edc240c928bec5a5f743fdabeee1692144da7091cf836dc7d0997cef15
SHA512f437202723b2817f2fef64b53d4eb67f782bdc61884c0c1890b46deca7ca63313ee2ad093428481f94edfcecd9c77da6e72b604998f7d551af959dbd6915809c
-
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59b58365e432a3589a67170ce73651e8a
SHA11ade3528a6bed65bd6759859b01d33726ea93af8
SHA256a288efc25e088b66bf77da281ef5359b1d6ee4b9a77f23e2dfc3234dbf394361
SHA51250c61881a3fe7bae2275c55eabcc01cdc60bb03cad6c30543b883a3bbbeaeff520d6bd05392bc06d97c75b8a6b80e2daa16f191840ba0704ddbd6689f7fdaa10
-
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58433937af0a7b7c014ac987aea4df97c
SHA14f412cb97368883e437777793670b9fd17185ff5
SHA25622563c1fe9d5fd0e0676b87a02e4dd5414fc735b1f3cca3477ae06a2fe4cd8b9
SHA512b9069d6905b76165ed080bccb39331a1d4322b98d2d23bfb6bc4ce1465a80d763e1bd41da5eda501688a791751468a19924d2ec8c77153d0aa54483855bd5d62
-
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ee6e4d4eedd550d0a342b9f6c7e67f29
SHA1be5c233999910ff444094bf3465b9e9472c73cfa
SHA25645469bae80f3b50ac1fabac7658a945ee36b1809a1dacffada2caa41f69430f8
SHA512925394b5c83509cdf65791967a5698c9539ffe7826a1c7de9a6176e1e8270cf2cd04cf3164815e9f30419a6e8abb293a5d088bd4bccb42df774ce1b862ef56da
-
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5024270ce80016eb5f3ddb1397b2682b3
SHA11581b7d1be748ef2d5922799077aa4b2c656836a
SHA2564fb7ad9a285323a82284776693aa6f4f12a3333b8349e34b96054a4787f628ab
SHA5120c726538dda28558a7193827057822e11125c707112f2fd9857a76e7433d76ce40df2e91e5359dbad6b566dcf7266d3ac5ab35ee75f9b5fd50f35443352ab109
-
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ba1adc47edbbee5e0cd003bf9256996d
SHA143babf26d5836cb4fb0d65d2199139626a6dad8b
SHA256322d7d2207be477252a9fb2f525863e5916353bc4f2f6211c9810268dc4a6aaf
SHA512fae628ffc553fba017376348d0dcc62a5abdaf87133550d294dd62351281960bcc70d2e03a7f45736e6228f2296183d6b3d3b0d620fb28f8f594f3639530e3af
-
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5251f20b731936a2f7a6208100e978e23
SHA169a7dc0c4c2eab64f471c412b9cbb12f79a499e3
SHA25680b57b67d1b627878b81976bd2eb8a64fc22dc2cedb644d7140101b1bd805f2a
SHA512f4182b81fcaa4028d92dd5544450b1c866691956cef3e59e206edf8d92835fb224cd546457c1a88cf398e11dc5a97d46cd0e5132bbdeb34be8bf959d62432832
-
Filesize
6KB
MD523b4b8d7a19b6de1bf97308c084a31c6
SHA1cf8ac83896cfc180fe2f1c3d5db67adb25860038
SHA2565b47208bdd53b9d55efbb807063a783a992fb4aca3b7da15ac64f30930a4cbc0
SHA512b1ca3006d9aa1c25efbd84eb67d18dd0b88fd23190e296d0b005364223ef057c18d0ae6253d987fbca3e675646654557e897c9a9e5b354fb5b76d42775480830
-
Filesize
179KB
MD51a5caea6734fdd07caa514c3f3fb75da
SHA1f070ac0d91bd337d7952abd1ddf19a737b94510c
SHA256cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca
SHA512a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1