Overview

overview

10

Static

static

10

Digital.msi

windows7-x64

10

Digital.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    24-11-2024 10:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Digital.msi

  • Size

    2.9MB

  • MD5

    391a7dcf2ff4af032a8de9b5bfc5b7d9

  • SHA1

    22e2261c6e65f3d95406e66c77d3942d51790417

  • SHA256

    e652634f90f23553d56fa937227c039f8769f9509051a434a14990785a8ab57f

  • SHA512

    5adf800adc213f114a282b0ff29e33e14b70e66dc685a31826e497a6344961de1b7dbf5412b3539eb6ee5abc223be8209953352fd6f9a4f2cbaaafc3f4770c44

  • SSDEEP

    49152:q+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:q+lUlz9FKbsodq0YaH7ZPxMb8tT

Score
10/10
ateraagentdiscoverypersistenceprivilege_escalationrat

Malware Config

Signatures

  • AteraAgent

    AteraAgent is a remote monitoring and management tool.

    ratateraagent
  • Ateraagent family
    ateraagent
  • Detects AteraAgent 1 IoCs
  • Blocklisted process makes network request 7 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 13 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 12 IoCs
  • Drops file in Windows directory 37 IoCs
  • Executes dropped EXE 2 IoCs
  • Launches sc.exe 1 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Loads dropped DLL 35 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Kills process with taskkill 1 IoCs
    evasion
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 22 IoCs
  • Modifies system certificate store 2 TTPs 6 IoCs
    evasionspywaretrojan
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 60 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Digital.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2180
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2816
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 99B696CEA1B24E1B330EAD3827DC1671
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1936
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI466.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259458335 1 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
        3⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:1988
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI7E0.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259459084 5 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
        3⤵
        • Blocklisted process makes network request
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:2408
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI178A.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259463078 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
        3⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:2212
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI2335.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259466026 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
        3⤵
        • Blocklisted process makes network request
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:876
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding AD85FEA0DF91FCF4B652E986F82ED9F1 M Global\MSI0000
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3048
      • C:\Windows\syswow64\NET.exe
        "NET" STOP AteraAgent
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2692
        • C:\Windows\SysWOW64\net1.exe
          C:\Windows\system32\net1 STOP AteraAgent
          4⤵
          • System Location Discovery: System Language Discovery
          PID:2756
      • C:\Windows\syswow64\TaskKill.exe
        "TaskKill.exe" /f /im AteraAgent.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Kills process with taskkill
        PID:800
    • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
      "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="[email protected]" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000KANvwIAH" /AgentId="42304503-1cf8-45aa-a051-f8fd56e8fb31"
      2⤵
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      PID:1356
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2680
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000005D4" "0000000000000390"
    1⤵
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    PID:1852
  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
    "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Executes dropped EXE
    • Modifies data under HKEY_USERS
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2856
    • C:\Windows\System32\sc.exe
      "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
      2⤵
      • Launches sc.exe
      PID:1512

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Config.Msi\f7703ab.rbs
    Filesize

    8KB

    MD5

    7a72c7b26e8ce20c693b8215000eb3fc

    SHA1

    bebc3c6cb17b31961acab00c723d936a428e4218

    SHA256

    4697d096236cf127ff150cca6db637e8713d6eaaf1be136cc9a04b8b2e64a59c

    SHA512

    86ceb25cbfddf7245924bd68e31e2ea9990509c5c2d0879f19327914e9329082392e239116896624548cd3ae287ff5d2f6a268b743f2fd8ca9d9b330aeb430e5

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
    Filesize

    142KB

    MD5

    477293f80461713d51a98a24023d45e8

    SHA1

    e9aa4e6c514ee951665a7cd6f0b4a4c49146241d

    SHA256

    a96a0ba7998a6956c8073b6eff9306398cc03fb9866e4cabf0810a69bb2a43b2

    SHA512

    23f3bd44a5fb66be7fea3f7d6440742b657e4050b565c1f8f4684722502d46b68c9e54dcc2486e7de441482fcc6aa4ad54e94b1d73992eb5d070e2a17f35de2f

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config
    Filesize

    1KB

    MD5

    b3bb71f9bb4de4236c26578a8fae2dcd

    SHA1

    1ad6a034ccfdce5e3a3ced93068aa216bd0c6e0e

    SHA256

    e505b08308622ad12d98e1c7a07e5dc619a2a00bcd4a5cbe04fe8b078bcf94a2

    SHA512

    fb6a46708d048a8f964839a514315b9c76659c8e1ab2cd8c5c5d8f312aa4fb628ab3ce5d23a793c41c13a2aa6a95106a47964dad72a5ecb8d035106fc5b7ba71

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll
    Filesize

    693KB

    MD5

    2c4d25b7fbd1adfd4471052fa482af72

    SHA1

    fd6cd773d241b581e3c856f9e6cd06cb31a01407

    SHA256

    2a7a84768cc09a15362878b270371daad9872caacbbeebe7f30c4a7ed6c03ca7

    SHA512

    f7f94ec00435466db2fb535a490162b906d60a3cfa531a36c4c552183d62d58ccc9a6bb8bbfe39815844b0c3a861d3e1f1178e29dbcb6c09fa2e6ebbb7ab943a

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll
    Filesize

    588KB

    MD5

    17d74c03b6bcbcd88b46fcc58fc79a0d

    SHA1

    bc0316e11c119806907c058d62513eb8ce32288c

    SHA256

    13774cc16c1254752ea801538bfb9a9d1328f8b4dd3ff41760ac492a245fbb15

    SHA512

    f1457a8596a4d4f9b98a7dcb79f79885fa28bd7fc09a606ad3cd6f37d732ec7e334a64458e51e65d839ddfcdf20b8b5676267aa8ced0080e8cf81a1b2291f030

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt
    Filesize

    217B

    MD5

    74437072ff952571a9259764d32f7965

    SHA1

    c74eb51dce985ee97a18c5ff266cf3de8ba2645d

    SHA256

    56978048d84b8768f715f920ad752495596dad95aa9ac058fa793046f9c905b6

    SHA512

    6a497c94f347276fdb0d9c5e1f9c1733fe64c9e78adaf9a4edfb3e94ee87f8afc329623a9c840b29a99b831cc88093fdb6c46d3dea14a77b013c2d2999ca9474

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
    Filesize

    471B

    MD5

    441a4996e2ee86c4b588d8c0d407e7c2

    SHA1

    0987d79eaecf4afad0e5c6f7bd9bd0a90ceabbd4

    SHA256

    300cfa12d5560f2b04e870fe42e15b6a2007e8f53e4ce1329bd506382075e657

    SHA512

    8d6d5bd1ea7baafeb8ca750ce112ed7fad1477e1deef34994a145893eed217d1a9990a52d76790f8c00484378778504626e5c6a5f5193b8da661afdbd62600b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
    Filesize

    727B

    MD5

    49ba85be2cb152368fe6ee8982cf3d76

    SHA1

    f078fdb44c9c62d64dc79849c7e41dec4441a9c0

    SHA256

    28b91a2a15dfce2bb789d5cf10e55dc8d46418af6e8574cba83ccad4d396be68

    SHA512

    67f5293a94bf17ed5031eec51ee06bbc467860cdc48a2712694418185c0d400386bcd3d3c4fb46e7b5e50eee1a6a4747707a3058d0c982b4cb16e8374816e787

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
    Filesize

    727B

    MD5

    3aa154c597f0d3ef221b82298ce04f78

    SHA1

    c15d53176e903bfab12665b3e42d1b9eccfb54d0

    SHA256

    b75a76c1c71e981d5299e2a8f85d317d14da91fd79a615c70ef14876ebc9557d

    SHA512

    b9b93ed7f99e8b96efb85a4dc9a8cee9f7057b87da9c2a1fe82fe8cd308f89c42e76e9170bb429999e1d985af7847463b8c60173c44413685472e0b5e2306324

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
    Filesize

    400B

    MD5

    af790c3a0fde4ad91ce5d70db5d9ee92

    SHA1

    e2eed87678c17c3fde6c414876dab245bcee1335

    SHA256

    2916063054e737521de39fb7504a648235a60ab7fe769e8c1b99284e9655a8e1

    SHA512

    b9ec5f3a8389231fc077fddbabddfe6e2f9852ae4bc7efc3516058cb7f0ec424d56d9d97e0bc48ee218cef35965a278a419e5e8496e1b27e3b415ef820817da9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
    Filesize

    404B

    MD5

    9d94ff183c50fb03c14ba1e1dc3592cf

    SHA1

    4ec85d7f6d0c464c42c13283755c079457971833

    SHA256

    7667403c102032ac3d63e4f7cba29954a8373c78773ea22d79cf62dbc2fc6c4d

    SHA512

    58555eaef9c985ddc28bafd7b4ca3709618855df986baf27c4b28eb5bc82708937ac64fb777a8991c64e9dcc03da4d6c3a3b9f734cd5001ca5ce2860837a0778

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5be0115217c5d9f7b894fb71c191e765

    SHA1

    796a658071fd7b3fbefaee5c4140fb89483427f6

    SHA256

    e3b363be569d15f22617198fca84ebd09144a382cf7c02cd40f24312b3e0e985

    SHA512

    f04a51248d8d6ac3c363e1bed524319c272e43c01338b43556e674b69dc249e7443b15074c48e3b2343c9a7e0bbca45fcfa1d3df478dbe35a1090254ce151557

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e223232b78e26304d16125e78d435fc2

    SHA1

    191c4289a0c6eaaf0cbd7cd0f5933ab0c2605c14

    SHA256

    6722b65428f91dbf2d49584a5b0425cfd0d3b246d9a46357d4dfd3a10adf2305

    SHA512

    062af0c2ab6cd99802136633603ddeda0c59e763488b7ba6e338c2ae9878eb25ff18265847e669d8aab4eaab74936cd12cb7575d9fd7cec3ba4a04b4a0a7571b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
    Filesize

    412B

    MD5

    557c700b3cff0c21f9185eeee18996ec

    SHA1

    ae03a85a7184fbda51d5b9c86654bf7d51e53fc2

    SHA256

    a67f591674061b09bf6c4c7a491635715af2cef27973bc470d353afba4f621f5

    SHA512

    16a902f665f58d8d0ec204a164355881a11da6fd1ddf4728aa3522e23b97703d9896a571049bed021374458a5482d3f6a9f841da881d6670c9486a925107f735

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE227.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE3BF.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\Installer\MSI1951.tmp
    Filesize

    211KB

    MD5

    a3ae5d86ecf38db9427359ea37a5f646

    SHA1

    eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

    SHA256

    c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

    SHA512

    96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

    Download Submit

  • C:\Windows\Installer\MSI466.tmp
    Filesize

    509KB

    MD5

    88d29734f37bdcffd202eafcdd082f9d

    SHA1

    823b40d05a1cab06b857ed87451bf683fdd56a5e

    SHA256

    87c97269e2b68898be87b884cd6a21880e6f15336b1194713e12a2db45f1dccf

    SHA512

    1343ed80dccf0fa4e7ae837b68926619d734bc52785b586a4f4102d205497d2715f951d9acacc8c3e5434a94837820493173040dc90fb7339a34b6f3ef0288d0

    Download Submit

  • C:\Windows\Installer\MSI7E0.tmp-\CustomAction.config
    Filesize

    1KB

    MD5

    bc17e956cde8dd5425f2b2a68ed919f8

    SHA1

    5e3736331e9e2f6bf851e3355f31006ccd8caa99

    SHA256

    e4ff538599c2d8e898d7f90ccf74081192d5afa8040e6b6c180f3aa0f46ad2c5

    SHA512

    02090daf1d5226b33edaae80263431a7a5b35a2ece97f74f494cc138002211e71498d42c260395ed40aee8e4a40474b395690b8b24e4aee19f0231da7377a940

    Download Submit

  • C:\Windows\Installer\MSI7E0.tmp-\Newtonsoft.Json.dll
    Filesize

    695KB

    MD5

    715a1fbee4665e99e859eda667fe8034

    SHA1

    e13c6e4210043c4976dcdc447ea2b32854f70cc6

    SHA256

    c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

    SHA512

    bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

    Download Submit

  • C:\Windows\Installer\f7703a9.msi
    Filesize

    2.9MB

    MD5

    391a7dcf2ff4af032a8de9b5bfc5b7d9

    SHA1

    22e2261c6e65f3d95406e66c77d3942d51790417

    SHA256

    e652634f90f23553d56fa937227c039f8769f9509051a434a14990785a8ab57f

    SHA512

    5adf800adc213f114a282b0ff29e33e14b70e66dc685a31826e497a6344961de1b7dbf5412b3539eb6ee5abc223be8209953352fd6f9a4f2cbaaafc3f4770c44

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
    Filesize

    1KB

    MD5

    55540a230bdab55187a841cfe1aa1545

    SHA1

    363e4734f757bdeb89868efe94907774a327695e

    SHA256

    d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

    SHA512

    c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ca91d74a83fb0d7e85e771b0024d7cd8

    SHA1

    782f11b8c74700e6d44ced7a073d081a99d29344

    SHA256

    8aa4e6138f47d5d867c849772934be57207384c5f0435f6e07d2336242d16bc1

    SHA512

    e9ad7d4e393bf21aeb770a7703a30f0825d0c823406f2fcb85d3c3b7658b2235ed545858027aac7fd82de2c62815a2bc8b6073e47f13aa6f25b564d62b05e6d2

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5bf5275fa81c01101a50496c753895ac

    SHA1

    0d06c1b25b138209139c04dcdd2b8a26e7e6e8cc

    SHA256

    df1450820b0174d1bc46cda5bc9c6f92963d9a84c1ab55568059b9f3562ddba3

    SHA512

    74cb643976b69ddb6db5e5f8652ec88797e3f616b421f1558dd025736755a0a73de5e11daee13f49cf6b0a2f1b38d1643461327518f40ce64dede038366018ac

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    25f5159f3e0c71d3a56efa5d6160e7f2

    SHA1

    58c9f2dfb88c8857ec114f5b5b7f06ccffe0eac2

    SHA256

    38ea4db2bc9897001b6912ff05f32fa14b8d963b7733e7575f0ca1481b21d4b9

    SHA512

    c16ae113e60dd01a8f006d5a271d475d0e7506d77ce9752e856f1698075aa3e70b8c72d63fd7e01663889de21f44eed14d5e766aa666b04969ac57b3d1e7f7c1

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8ef589966d521745cd37ceb90a9e69c2

    SHA1

    23821984b169ade5472176ec3cd6a7faea3d5ac1

    SHA256

    624ef11a32c6678d484ba357e23ec808c5d5722a6edd59ba0e7f71041a688ccc

    SHA512

    9c68fd2bc638346288231ebb09be85080da5bfd3f1d7a27d726eed1ee11efd94a42f27ec405b46e6d82302454560e3ffa2c2fe680681917f146ae3ac91195687

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    395609fdd71e507be7685686f6751503

    SHA1

    5e074085d26144100910c5a6bed7ae8e05f0de97

    SHA256

    5c1caacada89266fcc48c199a2fea2f6f801d1ec66fd81b935942ef709df6a91

    SHA512

    6dcdd03c64c44fddc91b1311aa3451599f64ef9d75fb9737235dd0cfe1835ff45738d4f72cbe3a2757b5708ac55621473d25f09534dddb7616eecde9229ba5ad

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0a444e6635266f5b4fb6ab24227f1e1a

    SHA1

    868255fd0aef0c5e90bfabcf460d3c507db3cf6b

    SHA256

    d2be080d52386b1da90f8310fe046773ec5062babb8347a77e96276f70ed0680

    SHA512

    df9a3438d07759d004703332959592fdc4b563d29d56c5005f62ab7fa99a790c7ea0d99c2d6c83042db50dae691f30679db40ce8fb1771fbf82e77d12799e5bf

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    67171f6cc4cae5ffb901c9c61189d4e6

    SHA1

    ad42634115a5b9a3b7b0528472567d574a1af0d6

    SHA256

    221b520a711a4d27f10965eb5f9d24167ae9fb15bbea217da31d9d95f2cecc6a

    SHA512

    629f996ed7bfd025ce7f4267833a27d42d43311d1081d53ac510d3baca5744216847e0c916d1dde05b2e0f134298f99743fe9295da8e10431f4f835f2870847b

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e89d06641c7e37eae68994f973fd2cd0

    SHA1

    bdf9fdf2f673141fbc08662bd3680b5a115a2d2f

    SHA256

    d328c14897c5c2dd91b4153001dd25631fc9ad3543f23bc7553c3a7328734274

    SHA512

    c40369b922708c0e6187e3c6dc404000a34e58c4ada8bd81eba0c656449a82b38f747e4039b1305665e470d83dd721513b25e82533d3df4348dd237f7f037788

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4378fb971575a9768e72a01b7c598984

    SHA1

    7009089433f29aca7c35d9143ed26178eb0dadf5

    SHA256

    9249c6fa6c774eae23b7352d5434833b6027d7f502176579b67a964d3cbfbad6

    SHA512

    be3ed9ab222d100e0fe49713f538cdb21cbc07feda51f4d14f7cd93a15706b57190ed529e79d0d1fc6aea93ba60f64ae34a551414082d3777678aacb169137ca

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    027d0ced07dc404452311eaba10b1459

    SHA1

    6f887b9cff3316c2e83e158b703dff461371b083

    SHA256

    1f46a15afe07804ae60407caf5b58672ac3b751e2653f044918d1c9ac4009fa4

    SHA512

    cc9ef84b0918ed5eb4d9691a40c26a0dbc31e01dc31c48f59797919e32fe1db3bcaeb8105244c6f9e1f8f2230f2c04536cfa5ee913ccf529213cafd870b8ba29

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    952bf37c78d8845f9c5817f83abf6412

    SHA1

    0014e2d2d551198dd10a9e56110ec85aec86d1d7

    SHA256

    aeb1afcf00efccfb08310e5d3209930083438ddaf01fa5b033af1ad0bbdb8b4e

    SHA512

    68794c7eff7976293b2f6886bf8bb0465012e96965bb2cbae2bad36252b0c70111420fed4e695d5b3b8865bdd60a3a021e8a29272b3992465be4a5395852ed24

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b864278192b8bfd6fc921a4926997785

    SHA1

    f2c3334ab1bb3e3e9373fd2cccf82941343f54d1

    SHA256

    48e9207b7e12bc3ef76e3ecf21c7fbeb690ca1b0005368fa26ddef48ac5843b9

    SHA512

    40ce2165cce3a8b61c5a379b3f1362cac06b5597af3354dcc7539604043dee53c7f3790b1d8b6ebe469ac4260ac281a8a07cdbe8e1037fcf944005affc1b1f8f

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    fc58d6db4527484204b2573fafdd8a7d

    SHA1

    59b4a2b671791d86a79cfc8ea6a777739b4839ab

    SHA256

    09f17a1b2cb389270e933f72cd2add3381923ac4f87f28da8cb6b40de02e290a

    SHA512

    bb84819e6ee7b77a31d9786a9694b476595fea19f90029e2e3bf79a630883b06b52fa6944e089a246ccbba732d51f2e96c8baa0906d0e994ed12de26d1fdc361

    Download Submit

  • C:\Windows\Temp\Cab3044.tmp
    Filesize

    29KB

    MD5

    d59a6b36c5a94916241a3ead50222b6f

    SHA1

    e274e9486d318c383bc4b9812844ba56f0cff3c6

    SHA256

    a38d01d3f024e626d579cf052ac3bd4260bb00c34bc6085977a5f4135ab09b53

    SHA512

    17012307955fef045e7c13bf0613bd40df27c29778ba6572640b76c18d379e02dc478e855c9276737363d0ad09b9a94f2adaa85da9c77ebb3c2d427aa68e2489

    Download Submit

  • C:\Windows\Temp\Tar3047.tmp
    Filesize

    81KB

    MD5

    b13f51572f55a2d31ed9f266d581e9ea

    SHA1

    7eef3111b878e159e520f34410ad87adecf0ca92

    SHA256

    725980edc240c928bec5a5f743fdabeee1692144da7091cf836dc7d0997cef15

    SHA512

    f437202723b2817f2fef64b53d4eb67f782bdc61884c0c1890b46deca7ca63313ee2ad093428481f94edfcecd9c77da6e72b604998f7d551af959dbd6915809c

    Download Submit

  • \Windows\Installer\MSI466.tmp-\AlphaControlAgentInstallation.dll
    Filesize

    25KB

    MD5

    aa1b9c5c685173fad2dabebeb3171f01

    SHA1

    ed756b1760e563ce888276ff248c734b7dd851fb

    SHA256

    e44a6582cd3f84f4255d3c230e0a2c284e0cffa0ca5e62e4d749e089555494c7

    SHA512

    d3bfb4bd7e7fdb7159fbfc14056067c813ce52cdd91e885bdaac36820b5385fb70077bf58ec434d31a5a48245eb62b6794794618c73fe7953f79a4fc26592334

    Download Submit

  • \Windows\Installer\MSI466.tmp-\Microsoft.Deployment.WindowsInstaller.dll
    Filesize

    179KB

    MD5

    1a5caea6734fdd07caa514c3f3fb75da

    SHA1

    f070ac0d91bd337d7952abd1ddf19a737b94510c

    SHA256

    cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

    SHA512

    a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

    Download Submit

  • memory/876-305-0x00000000002D0000-0x00000000002FE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/876-313-0x0000000004BF0000-0x0000000004CA2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/876-309-0x00000000003B0000-0x00000000003BC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1356-233-0x0000000000EF0000-0x0000000000F18000-memory.dmp

    Filesize

    160KB

    Download

  • memory/1356-245-0x0000000000460000-0x00000000004F8000-memory.dmp

    Filesize

    608KB

    Download

  • memory/1988-72-0x0000000000370000-0x000000000039E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1988-76-0x0000000000430000-0x000000000043C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2408-101-0x0000000000360000-0x000000000038E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2408-105-0x00000000003B0000-0x00000000003BC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2408-109-0x0000000004860000-0x0000000004912000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2856-296-0x000000001A490000-0x000000001A542000-memory.dmp

    Filesize

    712KB

    Download