Overview

overview

10

Static

static

10

LaudoBombeirosPDF.msi

windows7-x64

10

LaudoBombeirosPDF.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14-11-2024 10:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LaudoBombeirosPDF.msi

  • Size

    2.9MB

  • MD5

    72108ae3791d6199697c5447ff2ffc6b

  • SHA1

    2ac85588e9b673881a827bebdfa1eb6e9bed15ff

  • SHA256

    533becd0cc4cf29897da93ef4c5cedfedcfde7649e69d387e614bd30798db0fc

  • SHA512

    45f411856a0c711071247d02d913b405f8b47900cd1e80ca568baf0f8a3f908a90f6d5c207642498af1eed25af8bfa92db865f9e1724e0aeeeab1c65f5cb9591

  • SSDEEP

    49152:K+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:K+lUlz9FKbsodq0YaH7ZPxMb8tT

Score
10/10
ateraagentdiscoverypersistenceprivilege_escalationrat

Malware Config

Signatures

  • AteraAgent

    AteraAgent is a remote monitoring and management tool.

    ratateraagent
  • Ateraagent family
    ateraagent
  • Detects AteraAgent 1 IoCs
  • Blocklisted process makes network request 7 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 18 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 18 IoCs
  • Drops file in Windows directory 37 IoCs
  • Executes dropped EXE 3 IoCs
  • Launches sc.exe 1 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Loads dropped DLL 35 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Kills process with taskkill 1 IoCs
    evasion
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 22 IoCs
  • Modifies system certificate store 2 TTPs 4 IoCs
    evasionspywaretrojan
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 63 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\LaudoBombeirosPDF.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2816
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1740
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding DCA8291B860038AD158CD051F8D7225C
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1900
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI88D1.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259426698 1 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
        3⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:2876
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI8C99.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259427494 5 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
        3⤵
        • Blocklisted process makes network request
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:1764
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI9D8B.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259431831 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
        3⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:2236
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSIA964.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259434857 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
        3⤵
        • Blocklisted process makes network request
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:1536
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 91F127B65E310FA57BDB0547044DDEA7 M Global\MSI0000
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2640
      • C:\Windows\syswow64\NET.exe
        "NET" STOP AteraAgent
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2540
        • C:\Windows\SysWOW64\net1.exe
          C:\Windows\system32\net1 STOP AteraAgent
          4⤵
          • System Location Discovery: System Language Discovery
          PID:2604
      • C:\Windows\syswow64\TaskKill.exe
        "TaskKill.exe" /f /im AteraAgent.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Kills process with taskkill
        PID:2544
    • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
      "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="[email protected]" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000MwPsfIAF" /AgentId="72f75c7a-b1b3-4b9b-915a-f0278682f87c"
      2⤵
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      PID:1828
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1896
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000005D4" "00000000000003CC"
    1⤵
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    PID:1828
  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
    "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Executes dropped EXE
    • Modifies data under HKEY_USERS
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1720
    • C:\Windows\System32\sc.exe
      "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
      2⤵
      • Launches sc.exe
      PID:1776
    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 72f75c7a-b1b3-4b9b-915a-f0278682f87c "b2810a65-f12f-4697-baea-bf129096e437" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MwPsfIAF
      2⤵
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      PID:772

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Config.Msi\f768835.rbs
    Filesize

    8KB

    MD5

    6bcf863890c0053a3a1d5497e68fe17b

    SHA1

    b5b7da1c8f564a525daa4c1fde2964436c97ff1b

    SHA256

    5be6bc0c6a02fb1fc7b8bee4291d3cc6824a68c37168f9b5a1b69081f03fa8b8

    SHA512

    5c0e322ccf2f5effeb43a39bc2646ecb739a26fcbb4bc39845876c4bd1efb2cfd494361744814a90cbfe5691d0c3c6c8d46f889ec8a23e2088e31d5f18949c1a

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
    Filesize

    753B

    MD5

    8298451e4dee214334dd2e22b8996bdc

    SHA1

    bc429029cc6b42c59c417773ea5df8ae54dbb971

    SHA256

    6fbf5845a6738e2dc2aa67dd5f78da2c8f8cb41d866bbba10e5336787c731b25

    SHA512

    cda4ffd7d6c6dff90521c6a67a3dba27bf172cc87cee2986ae46dccd02f771d7e784dcad8aea0ad10decf46a1c8ae1041c184206ec2796e54756e49b9217d7ba

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
    Filesize

    142KB

    MD5

    477293f80461713d51a98a24023d45e8

    SHA1

    e9aa4e6c514ee951665a7cd6f0b4a4c49146241d

    SHA256

    a96a0ba7998a6956c8073b6eff9306398cc03fb9866e4cabf0810a69bb2a43b2

    SHA512

    23f3bd44a5fb66be7fea3f7d6440742b657e4050b565c1f8f4684722502d46b68c9e54dcc2486e7de441482fcc6aa4ad54e94b1d73992eb5d070e2a17f35de2f

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config
    Filesize

    1KB

    MD5

    b3bb71f9bb4de4236c26578a8fae2dcd

    SHA1

    1ad6a034ccfdce5e3a3ced93068aa216bd0c6e0e

    SHA256

    e505b08308622ad12d98e1c7a07e5dc619a2a00bcd4a5cbe04fe8b078bcf94a2

    SHA512

    fb6a46708d048a8f964839a514315b9c76659c8e1ab2cd8c5c5d8f312aa4fb628ab3ce5d23a793c41c13a2aa6a95106a47964dad72a5ecb8d035106fc5b7ba71

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll
    Filesize

    210KB

    MD5

    c106df1b5b43af3b937ace19d92b42f3

    SHA1

    7670fc4b6369e3fb705200050618acaa5213637f

    SHA256

    2b5b7a2afbc88a4f674e1d7836119b57e65fae6863f4be6832c38e08341f2d68

    SHA512

    616e45e1f15486787418a2b2b8eca50cacac6145d353ff66bf2c13839cd3db6592953bf6feed1469db7ddf2f223416d5651cd013fb32f64dc6c72561ab2449ae

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll
    Filesize

    693KB

    MD5

    2c4d25b7fbd1adfd4471052fa482af72

    SHA1

    fd6cd773d241b581e3c856f9e6cd06cb31a01407

    SHA256

    2a7a84768cc09a15362878b270371daad9872caacbbeebe7f30c4a7ed6c03ca7

    SHA512

    f7f94ec00435466db2fb535a490162b906d60a3cfa531a36c4c552183d62d58ccc9a6bb8bbfe39815844b0c3a861d3e1f1178e29dbcb6c09fa2e6ebbb7ab943a

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.INI
    Filesize

    12B

    MD5

    eb053699fc80499a7185f6d5f7d55bfe

    SHA1

    9700472d22b1995c320507917fa35088ae4e5f05

    SHA256

    bce3dfdca8f0b57846e914d497f4bb262e3275f05ea761d0b4f4b778974e6967

    SHA512

    d66fa39c69d9c6448518cb9f98cbdad4ce5e93ceef8d20ce0deef91fb3e512b5d5a9458f7b8a53d4b68d693107872c5445e99f87c948878f712f8a79bc761dbf

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
    Filesize

    173KB

    MD5

    fd9df72620bca7c4d48bc105c89dffd2

    SHA1

    2e537e504704670b52ce775943f14bfbaf175c1b

    SHA256

    847d0cd49cce4975bafdeb67295ed7d2a3b059661560ca5e222544e9dfc5e760

    SHA512

    47228cbdba54cd4e747dba152feb76a42bfc6cd781054998a249b62dd0426c5e26854ce87b6373f213b4e538a62c08a89a488e719e2e763b7b968e77fbf4fc02

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config
    Filesize

    546B

    MD5

    158fb7d9323c6ce69d4fce11486a40a1

    SHA1

    29ab26f5728f6ba6f0e5636bf47149bd9851f532

    SHA256

    5e38ef232f42f9b0474f8ce937a478200f7a8926b90e45cb375ffda339ec3c21

    SHA512

    7eefcc5e65ab4110655e71bc282587e88242c15292d9c670885f0daae30fa19a4b059390eb8e934607b8b14105e3e25d7c5c1b926b6f93bdd40cbd284aaa3ceb

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll
    Filesize

    688KB

    MD5

    3ef8d12aa1d48dec3ac19a0ceabd4fd8

    SHA1

    c81b7229a9bd55185a0edccb7e6df3b8e25791cf

    SHA256

    18c1ddbdbf47370cc85fa2cf7ba043711ab3eadbd8da367638686dfd6b735c85

    SHA512

    0ff2e8dbfef7164b22f9ae9865e83154096971c3f0b236d988ab947e803c1ed03d86529ab80d2be9ff33af305d34c9b30082f8c26e575f0979ca9287b415f9f9

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\log.txt
    Filesize

    23KB

    MD5

    644c5de5569f82bed3cce7b536fb74f1

    SHA1

    d1158eae25a197b09b4b7e0d4d7bc059280af61f

    SHA256

    2cb2711bbfc75af6fba59fbbb9c17f0aeea727e634a64180bab9e7c71ae8029c

    SHA512

    00713b3204e1dac67888614db18871d8bdd90f147d56c20fbc22d7b1a1b4f2466a91e79d16072afc20b99ed785803577efa9785e2a2e69046a1fe5506490d8a1

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll
    Filesize

    588KB

    MD5

    17d74c03b6bcbcd88b46fcc58fc79a0d

    SHA1

    bc0316e11c119806907c058d62513eb8ce32288c

    SHA256

    13774cc16c1254752ea801538bfb9a9d1328f8b4dd3ff41760ac492a245fbb15

    SHA512

    f1457a8596a4d4f9b98a7dcb79f79885fa28bd7fc09a606ad3cd6f37d732ec7e334a64458e51e65d839ddfcdf20b8b5676267aa8ced0080e8cf81a1b2291f030

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt
    Filesize

    221B

    MD5

    706da14bd7451f8e17ab649d372e0fe7

    SHA1

    002de4dabe08322d68c10e175dba54400eed7837

    SHA256

    7e7bb04454b01d23405e0a004fa25ae49fc59608224fc831a69fd65d58d7988b

    SHA512

    542336ac4f14fa3b7a800f9a07015a183749587169eb9ff88cae8609a473bfe85001c9fc55f7eb31478547104da3c6a4b2f7d597ce2dbb2294bac75478ddbd24

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
    Filesize

    471B

    MD5

    34aca87ddad4cc68d20f5f7d54bec321

    SHA1

    afe9e1fa37622d2c0aaec924b065fe1aee685ae4

    SHA256

    5272144179684c4dee6c4aa76f90d2fb440535fad78e725c2636e369d1653c18

    SHA512

    6a7a6737351943c3f5f1b3f4e9bc3c5b96f58e135b8bcc6ff74f2c11246b742a3d40af7f01a33f87cab773d1c9af26d54aa62884121346e66d4f32ab2e788b08

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
    Filesize

    727B

    MD5

    e9e9c174d8e0b2bdef420778ae49b9a3

    SHA1

    0abe4bb99797e0924aa0d075438c833717ef7608

    SHA256

    e4e459b0143733d67817bd7ab31df8d79fe83ff3b645c30fef47a8e9b41a162b

    SHA512

    5062cfdb9c1a7a7d9029b56659a0749d97487ce17cb7e8d49c5f8fa8ca3e1d2ef3351ae7e54c703b84511926b9bc032f2988f6205629d638846aeb979a0eabee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
    Filesize

    727B

    MD5

    50c2acca85675897b36b7b4be3146abf

    SHA1

    73f0c48a8fb60ec92eba17c7a901703234cd0f8f

    SHA256

    0463055a40e90c7b44ae7273a2480f8fc5ac657eb7cdfd2f1d7e44129ccd5e76

    SHA512

    1902e8b97988e3d68b02047d68686bf3c68b36e262014f0b40ef920d066b83f21fbbaca5ec3b3c37c961fc06ee39a2fafe42a896d54f1a4fc748a31d71ba3e61

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
    Filesize

    400B

    MD5

    1496ff12652232a36164ed1152659aeb

    SHA1

    75a7039840ba8d41bb7a879ee87ba367eb6aac72

    SHA256

    c5801dd141438299b90f5977160d7696cd16b7710ade24b25a9f668863ab698b

    SHA512

    7fc513bb78517f957b24f9e11809a6aa17b4c3f934d999b058c2c3ac901895b8be2b8e694626b1a2cad7b735dcd82276610cd75fdcf435a10c51f26503ad8f54

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
    Filesize

    404B

    MD5

    11817b1539aedf176b36be4cc0de3ee1

    SHA1

    7a6a09a11dbd314f0ef4e3574b27d88134c4c5ca

    SHA256

    23267cf98f2070ecd7dc72517fab7223fdb4985ce99e7709874df38e4e89e186

    SHA512

    ce61514f6c7f3400ffc7252152fcbc7296726362c25e2194aab7898ec4ecbd516cee1be77763f9248ee8e5f5a21f356a591c8fb01619d79ac42fc1ac53a52a75

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a8cce1fed85e729fc3444965dc2661f4

    SHA1

    83d07a37da0426bc0d453e339c681ea56bb1e716

    SHA256

    c3c80a9813fd6d5a670ec2735adc1d665f0e1e3bc2d753118b9aed2be9f40119

    SHA512

    395ca4693e75130f08728673979596c3270e5c31663476cbf5194b4174b1cacbc066f6c406a61d6a2ffd1888211a2ff2b2399af9b8c8e883ebd703a03e0a51bb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4a6f6437073b2760a8a1a3f3dbf1d92d

    SHA1

    471def4b68dc30dc913bcb396d818a960af2d681

    SHA256

    c44ef1b66059f1c1bda98c9c7fe0c592f977fd8fa97bc980a85c06c33fb27d47

    SHA512

    f2bd740227eaf2cf8cd4bc42ff3193d26ca46181fe56cb573a080cb3f39f2cd07e49156b7f9e89a6b0aa1e044b17858c887ed3fc8bc7aa7ea50ae544fc4db56f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
    Filesize

    412B

    MD5

    45680048f1fd9af268b9eaca731dc384

    SHA1

    21ff943e9687b950cb8684d1fc5946ee29dee118

    SHA256

    45f4b98fa0824c8054f2684de0d7f5d568d2ed374a8f2e1d9e36f12546985f98

    SHA512

    7fd52e77abe7f58ef5471b7761420e6987d2e78e1d588eb65010be76df9f0b16048f4b0011df8928ffff9d596613180a9525f15991123b4727b24f9abb547a16

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab6106.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6222.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\Installer\MSI8C99.tmp-\CustomAction.config
    Filesize

    1KB

    MD5

    bc17e956cde8dd5425f2b2a68ed919f8

    SHA1

    5e3736331e9e2f6bf851e3355f31006ccd8caa99

    SHA256

    e4ff538599c2d8e898d7f90ccf74081192d5afa8040e6b6c180f3aa0f46ad2c5

    SHA512

    02090daf1d5226b33edaae80263431a7a5b35a2ece97f74f494cc138002211e71498d42c260395ed40aee8e4a40474b395690b8b24e4aee19f0231da7377a940

    Download Submit

  • C:\Windows\Installer\MSI9F03.tmp
    Filesize

    211KB

    MD5

    a3ae5d86ecf38db9427359ea37a5f646

    SHA1

    eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

    SHA256

    c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

    SHA512

    96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

    Download Submit

  • C:\Windows\Installer\f768833.msi
    Filesize

    2.9MB

    MD5

    72108ae3791d6199697c5447ff2ffc6b

    SHA1

    2ac85588e9b673881a827bebdfa1eb6e9bed15ff

    SHA256

    533becd0cc4cf29897da93ef4c5cedfedcfde7649e69d387e614bd30798db0fc

    SHA512

    45f411856a0c711071247d02d913b405f8b47900cd1e80ca568baf0f8a3f908a90f6d5c207642498af1eed25af8bfa92db865f9e1724e0aeeeab1c65f5cb9591

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
    Filesize

    1KB

    MD5

    55540a230bdab55187a841cfe1aa1545

    SHA1

    363e4734f757bdeb89868efe94907774a327695e

    SHA256

    d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

    SHA512

    c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
    Filesize

    230B

    MD5

    a24d6d6aba865ea360917867fe4c42e5

    SHA1

    34641cde191a55d5af3ec8b13908645870af6608

    SHA256

    2868335488397856f6d91d6d89e23fe396f7751d05c3c57d9a78086c60b049f9

    SHA512

    173c4d1b208e2bcf8a3907268595abb1ce13be7c85a84346471b4026207069c8042bda499fc4dfab280273942d96ee8ac5f25c7f3f718ab4dc12b39aa70bdf29

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1feccdcabdb87a6bc7ffc88bbf0a9de2

    SHA1

    75b0b895f50e82911736f9cc1387c1136de9287d

    SHA256

    af84ecf78e528045a6f0df3a2eb625bb70666bc0d71b6b8b7f34613a4d8c51f2

    SHA512

    29aa11906c9934a64fc45e048dab94beadba76a8b81025816d4a5716b6355d8216906cc3679acc0beaccd556db362b1c9a526a762369c5f8096df84ae800a55f

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8bfc390d30558bb00820e77e918bcf29

    SHA1

    b46662edb01a86382f09fe97d4a3cf537b897b58

    SHA256

    e89c32ba04177c7d94a267c4c4553119ba98a4058678406227d1ca5db505b549

    SHA512

    a122583439caaf9fa61751fec8005b705699d9ae4cae886dd98703c9452eec8335f5f8572e31d72ab09b18fd51bea4e19b14ba072296da6c3db65632fcf0ceb5

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    06ca3eb2783f4d417b9918f02c4cdae7

    SHA1

    98688954df19579d116de486a9cb6b4f2786d4a0

    SHA256

    9b6a0a398cc7806c5a15b2a735830183ba24764bd4fa84a482d797434097d57f

    SHA512

    fa4ff520c0eabf36c41fabf130a4fec5c80a389058c6d3c428e925e35a6dcc60327e1909add6cd57a6806fa8179a5c9f77d7aec12b6d0ab68d34c607b96cfd8a

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c75894603c0d97acc2de5a507dbae422

    SHA1

    de29d2f5f117a255ea2ccb477c78e3393f8a7e20

    SHA256

    5827041fb43122ba5a8ecfd5cf03e8f977a64e6e69b66bfc1eea2ee5946234db

    SHA512

    b4f5dee0fe182fae06d489f5410ccc25de6fad6f8bbbf9ec1115370f58604b95a0175ad874a03982cb5fef7093c9e4cf1b84ee580e4913ddc53d43aecbaf7e9c

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a1759fa1b88634ffcebdb95cc16c1f2d

    SHA1

    503651e617cde47d88fb807d279571872d81ef64

    SHA256

    6f2897d0926ffb4caf3b86a462676cc0303521ac623c5a4db385d9040cefa2a9

    SHA512

    6d19fbc743999a093a95059d5031f87287f04f3deb8fc959a33f65199085ce7f822285b787ebfcd2e060bffed8429b8af43010f23f5179d69315b4e69e83242f

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4c8a94eec49e5fe0b3a0da382227e08d

    SHA1

    f2bd6ba1366760c68c00ac6b6aabd89c13798b1b

    SHA256

    326f4ea908b7322312d69722781a00eb563b1648fddf7018bf8b2a95a467444f

    SHA512

    d7e2bc33245cf7043a87354dee6399996105452dab657e158b6d852ae6b356ecf5196d83b7eb6c2081dbc14b602ae9e9019087526ad260dd49f3e52d29c0d41b

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6d4d5517d227d6b4774de7ac05cd6347

    SHA1

    054594cd36c4191c41d09ded9b6fcee83ad6f2ea

    SHA256

    dd2d910908fb980c273a9743892972ae8f4df8fa22311bebf6a37dcdf593ef18

    SHA512

    62b00689e0d5806557d6d5bcda1e42b66f340ddf633ac285a045bfe5d8b12614885d3c353dcdabc586ec413206e7dc26c5ae8816b3976155757ff03dba550143

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6690bbb5793f0ea67098d2b93ae3d5f9

    SHA1

    b03f10cf44384fe35d4d784ba8e110ebe136283b

    SHA256

    322490411b21a856ea8eaa90fbd47019e09170c5bbb1a7df4f7e89454025dfc4

    SHA512

    2e5dfc769a429a89f2ae982613b6d00c86982290c7adbed8861d3b7e38e7d3723351116d3e9182a2562613d6dd666ad7c6d84cfe8d9ac9829f21c349d0fea85d

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d3b99625c6f78bead408995964d3424b

    SHA1

    e012b1d39cc9938737f1fbefa82e38bea12c9293

    SHA256

    55e11689e0bb0c7798a0fabfb13a08cc459ce13228bee12082e5c7665cea9b55

    SHA512

    1e3dad61b37df9ae15e9d36fc5db6b0579c7be5b1f08102fd4bfc6823e7e01bb39d51553d957c7648cb71cbf4245de950a2345fd82e5390f1423aca8cf67f0b0

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    89dbd1a3a6fce8b3be6865286e0ce461

    SHA1

    966304a19ae6d9cde0ac3f4eafb22a0d9861cd48

    SHA256

    a2e8018d80baa37cc822c7b61eb7b55af05aa515cce3da517c78d5860b0529f5

    SHA512

    28123b49a173566c275bbf1328860664ec208cbb15e3ef99547be977a04f3e5cad6c863919b9694d4c6b95b903e4dfcf294714ac5ef6069fd13e62a8719a2d93

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ee9b76e6488e9b09b800490f8a67b76d

    SHA1

    6001c72969760a5c99e0b332f744241e2b0b7012

    SHA256

    ff09490a5c7c41d98f8c779c9fa936c5c12ed6230cf3c1f69deb55ebb3dbd87e

    SHA512

    66168b7ba00a85fb026229221a9339e34b8da6eab05dd44997cf4cdd80ced3bf8d21469be167185e495b5fbc74f02f499921ae41f132cc84c82cc625f039793e

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    02ab0098ba022710f7c40526301c887a

    SHA1

    62df25ec66bc1b4dc6c1ba1940315e47f8874a5a

    SHA256

    ed6ea9a39d71c42c0fc947fb7dc7f3b116d3bd585f7af65bbee1194c510c74c5

    SHA512

    b167d4b163192d2c210c2b3911f020862c6992a5201052e50c2500b02d576a1901f83347ce7a45bca7be92d9b97cad0b9f1b83a50b280543fe3e35bc22da2fac

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ff605ab1dbb44d7d7df7cc7343af3006

    SHA1

    f34bdcd1c6fe9a712e6e92d90e54ed8ca237ec18

    SHA256

    24ff3bab3e8b77ed65173bdb39d7586e1cb2c99ad163c2f33a3716e0b806ce6d

    SHA512

    92aec4acd6465bd4d46971e104147331ce0a8114b55e3861bcf81a12eee66fe5e5eb8c53c055d441ba1f2581fe32b92139c94fb1922531a511022ddc0567fef8

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3b3ec2916aac1e770ab8dd1d2d8e3f77

    SHA1

    cf2e183d24a79a2b1a62413a25690156d807d67e

    SHA256

    af302931af962c83dcd8b8e9c498afd0dbf968425f903ee0a9c7cf4a683926d8

    SHA512

    c33ac38a7ba59644d3185a16f4186725c98d5e33cfbca1636b48b0f3986a1459e949c41bdded82a187113fef5dedaccf1c2271f33d16d4fd69d51d6c4684fb41

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dd0bb08bb5dba160ecf9018f2df3dbb6

    SHA1

    db146e3fa7873c90a84f38c50a7a74c1fd06057c

    SHA256

    9365fedd6674f3add10fac4cbfa3da4712e9a43e08d4441488f9c08f423527f1

    SHA512

    8b8abe395c620231a7d388373589ab687e792056ed568ba82ef894149d0d918b82cac1d83b40c5900db71f72e6f5f41a9fc6b294b84387b872eea5d429d31646

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    070a77f2e3fa58cb47625066090a4b72

    SHA1

    372b4949c43389d32f935cb53f7a70e1a1d49916

    SHA256

    5bbe7f1e606dea76b7c5079017350b8fb87a10f52b76345f3233a77005ec12fd

    SHA512

    75d03add4457a05ee3b4851ade4f9d4a1aa774191d0e4a97d65525ac928fa406da8dfad4af9d38b0252923c0aa69d0ae3597a2282d9efa06c745d101fc50e12d

    Download Submit

  • C:\Windows\Temp\CabB664.tmp
    Filesize

    29KB

    MD5

    d59a6b36c5a94916241a3ead50222b6f

    SHA1

    e274e9486d318c383bc4b9812844ba56f0cff3c6

    SHA256

    a38d01d3f024e626d579cf052ac3bd4260bb00c34bc6085977a5f4135ab09b53

    SHA512

    17012307955fef045e7c13bf0613bd40df27c29778ba6572640b76c18d379e02dc478e855c9276737363d0ad09b9a94f2adaa85da9c77ebb3c2d427aa68e2489

    Download Submit

  • C:\Windows\Temp\TarB667.tmp
    Filesize

    81KB

    MD5

    b13f51572f55a2d31ed9f266d581e9ea

    SHA1

    7eef3111b878e159e520f34410ad87adecf0ca92

    SHA256

    725980edc240c928bec5a5f743fdabeee1692144da7091cf836dc7d0997cef15

    SHA512

    f437202723b2817f2fef64b53d4eb67f782bdc61884c0c1890b46deca7ca63313ee2ad093428481f94edfcecd9c77da6e72b604998f7d551af959dbd6915809c

    Download Submit

  • \Windows\Installer\MSI88D1.tmp
    Filesize

    509KB

    MD5

    88d29734f37bdcffd202eafcdd082f9d

    SHA1

    823b40d05a1cab06b857ed87451bf683fdd56a5e

    SHA256

    87c97269e2b68898be87b884cd6a21880e6f15336b1194713e12a2db45f1dccf

    SHA512

    1343ed80dccf0fa4e7ae837b68926619d734bc52785b586a4f4102d205497d2715f951d9acacc8c3e5434a94837820493173040dc90fb7339a34b6f3ef0288d0

    Download Submit

  • \Windows\Installer\MSI88D1.tmp-\AlphaControlAgentInstallation.dll
    Filesize

    25KB

    MD5

    aa1b9c5c685173fad2dabebeb3171f01

    SHA1

    ed756b1760e563ce888276ff248c734b7dd851fb

    SHA256

    e44a6582cd3f84f4255d3c230e0a2c284e0cffa0ca5e62e4d749e089555494c7

    SHA512

    d3bfb4bd7e7fdb7159fbfc14056067c813ce52cdd91e885bdaac36820b5385fb70077bf58ec434d31a5a48245eb62b6794794618c73fe7953f79a4fc26592334

    Download Submit

  • \Windows\Installer\MSI88D1.tmp-\Microsoft.Deployment.WindowsInstaller.dll
    Filesize

    179KB

    MD5

    1a5caea6734fdd07caa514c3f3fb75da

    SHA1

    f070ac0d91bd337d7952abd1ddf19a737b94510c

    SHA256

    cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

    SHA512

    a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

    Download Submit

  • \Windows\Installer\MSI8C99.tmp-\Newtonsoft.Json.dll
    Filesize

    695KB

    MD5

    715a1fbee4665e99e859eda667fe8034

    SHA1

    e13c6e4210043c4976dcdc447ea2b32854f70cc6

    SHA256

    c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

    SHA512

    bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

    Download Submit

  • memory/772-1188-0x0000000000290000-0x00000000002AC000-memory.dmp

    Filesize

    112KB

    Download

  • memory/772-1187-0x0000000000C40000-0x0000000000CF0000-memory.dmp

    Filesize

    704KB

    Download

  • memory/772-1184-0x0000000000220000-0x0000000000250000-memory.dmp

    Filesize

    192KB

    Download

  • memory/1536-309-0x0000000000510000-0x000000000051C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1536-313-0x0000000004CC0000-0x0000000004D72000-memory.dmp

    Filesize

    712KB

    Download

  • memory/1536-305-0x00000000004D0000-0x00000000004FE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1720-1051-0x00000000010E0000-0x0000000001118000-memory.dmp

    Filesize

    224KB

    Download

  • memory/1720-300-0x000000001A790000-0x000000001A842000-memory.dmp

    Filesize

    712KB

    Download

  • memory/1764-109-0x0000000004C80000-0x0000000004D32000-memory.dmp

    Filesize

    712KB

    Download

  • memory/1764-105-0x00000000004B0000-0x00000000004BC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1764-101-0x0000000000450000-0x000000000047E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1828-245-0x00000000005D0000-0x0000000000668000-memory.dmp

    Filesize

    608KB

    Download

  • memory/1828-233-0x0000000001210000-0x0000000001238000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2876-76-0x0000000000380000-0x000000000038C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2876-72-0x0000000000540000-0x000000000056E000-memory.dmp

    Filesize

    184KB

    Download