Overview

overview

10

Static

static

10

a70960bf2f...ba.msi

windows7-x64

10

a70960bf2f...ba.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    02-12-2024 22:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a70960bf2f6c34be8a5012aac3422e699aa3c10531e04a625c576ad2d466d4ba.msi

  • Size

    2.6MB

  • MD5

    610532c09c6d0861380e56146778445e

  • SHA1

    03b822930c67bf6db0c14e99a9c1af259b4b8a85

  • SHA256

    a70960bf2f6c34be8a5012aac3422e699aa3c10531e04a625c576ad2d466d4ba

  • SHA512

    5a911b95d588aecb8f71528caecf6dc735b8a3ece3602f8156a94ee583491f2408404dd9bbb0927e9fea76a51793367ea15fc45f70d651d41de1f81280c200e5

  • SSDEEP

    49152:051VAM5R2KAHlcp8qFmmzDza2Rqr+kMdPTEe/pjO8xn+ch/TlOFNOnUI:0PCMr2NMRmk/XeM9TEeRvx+ch/TlAr

Score
10/10
ateraagentdiscoverypersistenceprivilege_escalationrat

Malware Config

Signatures

  • AteraAgent

    AteraAgent is a remote monitoring and management tool.

    ratateraagent
  • Ateraagent family
    ateraagent
  • Detects AteraAgent 1 IoCs
  • Blocklisted process makes network request 3 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 18 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 18 IoCs
  • Drops file in Windows directory 18 IoCs
  • Executes dropped EXE 3 IoCs
  • Launches sc.exe 1 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Loads dropped DLL 9 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Kills process with taskkill 1 IoCs
    evasion
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 22 IoCs
  • Modifies system certificate store 2 TTPs 4 IoCs
    evasionspywaretrojan
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 42 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\a70960bf2f6c34be8a5012aac3422e699aa3c10531e04a625c576ad2d466d4ba.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:1944
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2840
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding A5C0D971DC4DA7004E33595738FCE929
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1940
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSID413.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259445917 1 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
        3⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:2312
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 56B254A786CE47322724545FA98951A4 M Global\MSI0000
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:448
      • C:\Windows\syswow64\NET.exe
        "NET" STOP AteraAgent
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2872
        • C:\Windows\SysWOW64\net1.exe
          C:\Windows\system32\net1 STOP AteraAgent
          4⤵
          • System Location Discovery: System Language Discovery
          PID:1712
      • C:\Windows\syswow64\TaskKill.exe
        "TaskKill.exe" /f /im AteraAgent.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:2324
    • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
      "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="[email protected]" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q3000006IMrSIAW"
      2⤵
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      PID:2252
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3032
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000005E0" "00000000000003C8"
    1⤵
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    PID:2580
  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
    "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Executes dropped EXE
    • Modifies data under HKEY_USERS
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2036
    • C:\Windows\System32\sc.exe
      "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
      2⤵
      • Launches sc.exe
      PID:2276
    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 916444fa-6daa-47fa-a40c-78edadac4556 "72957e43-e592-416f-b967-b5c989bec937" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification"
      2⤵
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      PID:1040

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Config.Msi\f76d396.rbs
    Filesize

    8KB

    MD5

    813e9ac1a9b3ac4261337d456be0702d

    SHA1

    e093f3d15a452f0040b8bea52cd5e67c9b5aab77

    SHA256

    f347feecb427a8ce307addde755a9a2d3793d3569d7f3981632c54981f67b8a6

    SHA512

    eb69b53c3b120237553c1cb788d675c40862e78e0f13501ba6ae6fc0f03e70a9587b33d797c28b0f9503c98fa47b02016e59ed90a695a6c2fbf8bc74aa365f3e

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
    Filesize

    753B

    MD5

    8298451e4dee214334dd2e22b8996bdc

    SHA1

    bc429029cc6b42c59c417773ea5df8ae54dbb971

    SHA256

    6fbf5845a6738e2dc2aa67dd5f78da2c8f8cb41d866bbba10e5336787c731b25

    SHA512

    cda4ffd7d6c6dff90521c6a67a3dba27bf172cc87cee2986ae46dccd02f771d7e784dcad8aea0ad10decf46a1c8ae1041c184206ec2796e54756e49b9217d7ba

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
    Filesize

    140KB

    MD5

    2899046a979bf463b612b5a80defe438

    SHA1

    21feaa6f3fbb1afa7096c155d6b1908abf4ea3b9

    SHA256

    486b2c2b0ca934ab63a9cf9f4b660768ad34c8df85e6f070aec0b6a63f09b0d8

    SHA512

    8c60eb0d9e82326543f2fbcd08783e041a7f5598723666b1c9ea5df7808d0c4947e8e64c2dcd46331bc3dbc38c6ec8b85ed2fcc5b97eaf0465ea624167829368

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config
    Filesize

    1KB

    MD5

    b3bb71f9bb4de4236c26578a8fae2dcd

    SHA1

    1ad6a034ccfdce5e3a3ced93068aa216bd0c6e0e

    SHA256

    e505b08308622ad12d98e1c7a07e5dc619a2a00bcd4a5cbe04fe8b078bcf94a2

    SHA512

    fb6a46708d048a8f964839a514315b9c76659c8e1ab2cd8c5c5d8f312aa4fb628ab3ce5d23a793c41c13a2aa6a95106a47964dad72a5ecb8d035106fc5b7ba71

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll
    Filesize

    209KB

    MD5

    a41c23558b3c07f8c749844bb553d545

    SHA1

    8473013cf5f2be8158c13f1056675d1cbd10586f

    SHA256

    a6193fc0a09ad7145fe38494bcf67fecbc10c07a5f3936e419895b018e85a766

    SHA512

    5930f14f3be4aed70a1ff93dbb75022c2d947a0a2344031992167d72192e0a51d207fc2255cb0ca1fb21b20b1277a528bbf739bbdf8676f7a0786efd132b436f

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll
    Filesize

    693KB

    MD5

    64e122b28a1e548c1cca376e32cdd248

    SHA1

    4506de40b8422c9be58333f35325a86674ca650c

    SHA256

    0ee2dd095b1cc4c3cda44a237a188e16c8614c107ad9d37ad8a581473ad42215

    SHA512

    36fc7dd056303822b23f9173b43522dee23431a419bdbae43a850e87f37b936b34ed2ef5013997d6d8b59d74627d55b0cc622da751d3ed828c850c7982a0d8fa

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.INI
    Filesize

    12B

    MD5

    eb053699fc80499a7185f6d5f7d55bfe

    SHA1

    9700472d22b1995c320507917fa35088ae4e5f05

    SHA256

    bce3dfdca8f0b57846e914d497f4bb262e3275f05ea761d0b4f4b778974e6967

    SHA512

    d66fa39c69d9c6448518cb9f98cbdad4ce5e93ceef8d20ce0deef91fb3e512b5d5a9458f7b8a53d4b68d693107872c5445e99f87c948878f712f8a79bc761dbf

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
    Filesize

    173KB

    MD5

    fd9df72620bca7c4d48bc105c89dffd2

    SHA1

    2e537e504704670b52ce775943f14bfbaf175c1b

    SHA256

    847d0cd49cce4975bafdeb67295ed7d2a3b059661560ca5e222544e9dfc5e760

    SHA512

    47228cbdba54cd4e747dba152feb76a42bfc6cd781054998a249b62dd0426c5e26854ce87b6373f213b4e538a62c08a89a488e719e2e763b7b968e77fbf4fc02

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config
    Filesize

    546B

    MD5

    158fb7d9323c6ce69d4fce11486a40a1

    SHA1

    29ab26f5728f6ba6f0e5636bf47149bd9851f532

    SHA256

    5e38ef232f42f9b0474f8ce937a478200f7a8926b90e45cb375ffda339ec3c21

    SHA512

    7eefcc5e65ab4110655e71bc282587e88242c15292d9c670885f0daae30fa19a4b059390eb8e934607b8b14105e3e25d7c5c1b926b6f93bdd40cbd284aaa3ceb

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll
    Filesize

    94KB

    MD5

    e2a9291940753244c88cb68d28612996

    SHA1

    bad8529a85c32e5c26c907cfb2fb0da8461407ae

    SHA256

    6565e67d5db582b3de0b266eb59a8acec7cdf9943c020cb6879833d8bd784378

    SHA512

    f07669a3939e3e6b5a4d90c3a5b09ca2448e8e43af23c08f7a8621817a49f7b0f5956d0539333a6df334cc3e517255242e572eaef02a7bbf4bc141a438bf9eb9

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll
    Filesize

    688KB

    MD5

    3ef8d12aa1d48dec3ac19a0ceabd4fd8

    SHA1

    c81b7229a9bd55185a0edccb7e6df3b8e25791cf

    SHA256

    18c1ddbdbf47370cc85fa2cf7ba043711ab3eadbd8da367638686dfd6b735c85

    SHA512

    0ff2e8dbfef7164b22f9ae9865e83154096971c3f0b236d988ab947e803c1ed03d86529ab80d2be9ff33af305d34c9b30082f8c26e575f0979ca9287b415f9f9

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\log.txt
    Filesize

    23KB

    MD5

    f054f366440ebcbfb59a1a7c54b78bc0

    SHA1

    e47c6ab75e1be89a877811b0d3ee1a50fc5fe79d

    SHA256

    2c822ac5d425d680853e8ec15ba4b151d57de9ad46724045d30b8673aac96d9c

    SHA512

    8a5a62d427e5a0a3365a0a47b75f9765e0eede1a2cb229b73189999bee181de7909bf22c6d6890120ae26ebb3779116e59469a2b2ea398951563a94b7a6ac58f

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll
    Filesize

    588KB

    MD5

    82b17dc9838e1e21e5c6f53d2867e94a

    SHA1

    a09bfe6582bff9193337cc7dbab79d0b6b723205

    SHA256

    8e7210c1cd0955aeb4cbbdce362d4c450e0bf1be47bdf263fbf2789a4d98fd00

    SHA512

    c1b259655e2514449366f2d150d020a1eabb0e67af29c5e26c3a00f1d84d805216016c306d48e37354de09d4a056dc071c0d0d0d36f8ec9775843e6ae2712430

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt
    Filesize

    178B

    MD5

    eed7efd585c3a62e54d1e80152bf3e97

    SHA1

    d0a4824ea5e7d9ab20e71dc8d914f8168f49e2a3

    SHA256

    bb32a178a6110ce17181a4608438e1871ea0d13163e068c3ce691971abb3c6aa

    SHA512

    a5ea5111d9d6c1705c6bba7f68b42cc68fde7c258ffc7515c75a02785ba75748574a30f864449c9beea2843a819d6a78af07e5a5a8255a220f5a15f976731f4e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
    Filesize

    471B

    MD5

    b6102b47f3d2450f02c1167e5b337e9b

    SHA1

    91a6e5d7b3540556c971bcd6cdf52abd2cffcbfe

    SHA256

    e0c2d57c8661d444666ae009725ee84cd33a29ac48738277ea37bfd56b3cf8c4

    SHA512

    62bb67b325b56c41544956928ef0991262df019a470fc5792ba5abb7096e419f7ea3c8326560ffbe2b50ed0612fbc968fdf7564793a4d550b2465b799cbfcedf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_D6781754937F132531C364D68914BDA9
    Filesize

    727B

    MD5

    7072cdcdbe94c60f39a3717c59468d87

    SHA1

    ca6ecc4fa7889eb86ce0e4c92303b988df4f545d

    SHA256

    aabc685403fe4fefb2e08a4e1777c797b230236b490c2b1c70915a994c22d308

    SHA512

    b57e181c5c58fb6c8c5a69915c16d93c46509e2b4b0cffb6b84090fbffb2ef5f6b7d915e631c13e01bb870043224c94d9950830d0f5169bdf6e6fefc82ab5c60

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
    Filesize

    727B

    MD5

    1dc1121e24814ab2e9102c631f6368e5

    SHA1

    55f7935319102e893d0df7ba28c35343456300ee

    SHA256

    8ed09687565336351ef88085dcf6cfc841af12a63433ecc12c2f13a9557c3c59

    SHA512

    132158f8f2bdf5d66cd4f3fed37405027d4233c79a365027e5d8d0ea20c5d23805bd298358df371b625486282867ba93a3ff5945dddf3ae8d91dd2630e477df4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
    Filesize

    400B

    MD5

    c0e006c06bcfb47289c0253e67255807

    SHA1

    b4d8c625a8ef4e393cb67686557375b8cf6f2e72

    SHA256

    4bfe39cb5ab4e8acd3a33d46e384bd8cca07ac5fa4f4009355bdc9dcc2007c63

    SHA512

    b419cdc7326b8bb57d479947219374dd88032c2ca04a30b55958e79c9fe1dc3773a2999406a1db564078cbce332a49543a067f5127f1f8a9faed631922a41aab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_D6781754937F132531C364D68914BDA9
    Filesize

    408B

    MD5

    71fa4291d5c3483d0742d489e50cab46

    SHA1

    817b89a9bc1ca0b758f797824b7d7475f319b22e

    SHA256

    1c6c7793637f5c4987a330b9a155b7c68bbcf891c9632215aad011ad24ceb192

    SHA512

    e18a466ebb711ecf74c3eb9e761a23d6156d17c756209c563d5dae15f659473265afcae2a9b4d7c0c617d0b390b675707ee5354e7830ce4bfb16d859c192e573

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3fd4bfbaabb97eed8dc6a4c7e4711cec

    SHA1

    4d7b116243f2092374ed6864c519da11e8c948ef

    SHA256

    72b711b877347ef5a34caa71ae5469c00a76d22cdeafd10f4798f5f80ea25be0

    SHA512

    fbc9c03460d65a54e0d489c3c7864ae2af85f14e70a0c966f8bb946d3adfce01a36f174dd4a5bd0cc1af397180f521a039a8137a53b41e1262f8a185e08db94e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
    Filesize

    412B

    MD5

    7eff71fd6e57ddf2b51bb07aed83e36a

    SHA1

    a67e96df33b4035445f3dab2740962430da8137d

    SHA256

    a32caadeb153ab0eb990f4869a2e83572e34819c7aac8e846ce04276537b884f

    SHA512

    bfd42fb92dd9219310dacd95a400df3b00f9cfcbfbdba8c3165b1858601061b4f81d5376c925d8f76b4e4e60d0c6ea61a6f7b4ef13fbbfbdd99be5944097a349

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabAE0D.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarAF76.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\Installer\MSID413.tmp
    Filesize

    275KB

    MD5

    672e03b9d7a2d50f3e935909a198928b

    SHA1

    6cc8a45126243c6ad8a6336ef1789e6a8b5dd33f

    SHA256

    c4772f8a8761f052bd0336923539699ba2f358ac203beb197cda576146e05a0d

    SHA512

    bf5833ea48942319d560fb4dad62997fa5495e0d9c634361d919d3328364d0f4a999dfb56590d48227c3690d8a867b022f6d5fd01c46f27d2ad6421d88380372

    Download Submit

  • C:\Windows\Installer\MSID8F5.tmp
    Filesize

    211KB

    MD5

    a3ae5d86ecf38db9427359ea37a5f646

    SHA1

    eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

    SHA256

    c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

    SHA512

    96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

    Download Submit

  • C:\Windows\Installer\f76d394.msi
    Filesize

    2.6MB

    MD5

    610532c09c6d0861380e56146778445e

    SHA1

    03b822930c67bf6db0c14e99a9c1af259b4b8a85

    SHA256

    a70960bf2f6c34be8a5012aac3422e699aa3c10531e04a625c576ad2d466d4ba

    SHA512

    5a911b95d588aecb8f71528caecf6dc735b8a3ece3602f8156a94ee583491f2408404dd9bbb0927e9fea76a51793367ea15fc45f70d651d41de1f81280c200e5

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
    Filesize

    1KB

    MD5

    55540a230bdab55187a841cfe1aa1545

    SHA1

    363e4734f757bdeb89868efe94907774a327695e

    SHA256

    d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

    SHA512

    c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
    Filesize

    230B

    MD5

    9bd6d50e07002bc18d1d1231e299e9e6

    SHA1

    1c8fbc3e4094043221797bd34294126ce1ecbd05

    SHA256

    53ca8d3a60262fd685fcd3b36b52c5186059775da95313c8fb4290f0188cfc57

    SHA512

    e61208a1cb7c344433106e47ef5d10a266e0e2469e73d784b7b77520deae19cc3e4c31c7ea35562e62a733c788de666ae8e8d177348a9dfa4f782bddd10a5377

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    599541a73a11bb806815bc3a62c5ef58

    SHA1

    1b06a80f07536cf12eed4f19c94b3917a96050bf

    SHA256

    7aae1c4e2142ecded787e84b6fc918cee893f03786c0f1d5d9d4e129a45f017b

    SHA512

    d1bf70c3a8fafb245419da865972cbadd5349cb7f1a107cb2166bb35933b330825a20b6c5a428ec0fa5c2556189e10fe946e88c807f9da57e9cc87b6fc7b1252

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    81150a22307373a95335f30fa9af43bc

    SHA1

    86ffe668a0d7f129c243c332d71763ef1534e765

    SHA256

    0803667944ad4ced06b7978b10405950148c693443b014140a675a506562bf1a

    SHA512

    618dd1d346b837ecdf9d32a3d8b31154625ab009a90e11ffaddeaeef212fe46d8a5b582a08ffab8aec98d49befe55401328dbe634db9e88f1342be2323b9bfd5

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8c1f6702dcadd1d7829b1476e59c5605

    SHA1

    739430c9bb3f63c8a3812573085e7cd9e773f36f

    SHA256

    8575566b536b19030dfe00aa6d71ecd53752d8620e0abafa0c0dcc94b3a31de8

    SHA512

    b1976348810103f2ea7848c9d33c92a0ed130490f21bda61ff087579d10328a759a783549a6dfa59a8e4d6322683c74a01222cc3ba39b0bd2c52d9f3be8e4ec6

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    52fb9c47b89498071d96b1a1d71ee081

    SHA1

    dbe78d0ebf8f041b5ad08b9235b84b3be70a4859

    SHA256

    5814ed12962697a5a4cf40560f863d79a6bc32ddbdd072f131a31a29e741aee2

    SHA512

    a10b99e6b3071748321c16bbd7aefa7bb88efa3c94ac833efb367480076d6ebf0e66ffc033885e757cf872c0dd077370acb04adbb7b39d3d61461f52ad6eb331

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a5ec97dc6675733d4127078258631873

    SHA1

    7a3d6379e4ce3bdf66f9bc60bacd08c31890116c

    SHA256

    6e7a978e481990aa5ead28e61fd07cad2bdca6c456f0dcd059d0ea566a3964a4

    SHA512

    4e3b483b3228eb37cd9e6d0734fb029519ad0295e3c9639597de80946e214c31e524fa88f267eb357264b36aa55b703f7161c6b178ca1fa58f1943680b01b134

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    701b0906470e3917365fe621ef34eeba

    SHA1

    d1340308cc3764195f0ec7bffd260fc8ae3dbb10

    SHA256

    e64bae87deead751841e752ef0ef6ad8c8a9c15e2167273ce111f37b74b8057e

    SHA512

    8ce25f806fc7781b4774428b5b88bd189d74a90194ef44cae09dc6ab7ba0f05d557a8c1c6b0b8a6098e21cc97045a4eec96bc33d29e5afe994d61c7d9cd700e8

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    09b5b3d417c0879a9f6a0db1ad40763c

    SHA1

    04713d99f642d8b0ad2e88d12ea07da94a7e64fe

    SHA256

    ca0e7bcb87e7cd30456620fdccf586067ffb1b3067d6308216de131ba546623e

    SHA512

    2581cbdc629da0d337380bc0fd3e2d693621cae24e49f90f42fbcab682d7a4827dfef8d723a921a33b0387bb61659840e65929344be66da42919570429464717

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6a2bdb1b6c888d7c226c05cd3695b19e

    SHA1

    0a18e82c33116225100c889498e9f860f76423d7

    SHA256

    838bfc9c9bb03f63fc0fb6e1b4e1fc899dec19584fab85ef833e776110b9fd32

    SHA512

    db0321122a6011fd200c0629669e8ebe1a49dd1985e0a58d13ea751745198dd3a33e978f8f73c8fcee64a69e7d1ff2c4bd4a37aac672cce02b5472a954738126

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a34c50b34ba9aa7083e4bbf27f054603

    SHA1

    0d9bb65ebb8a520c9aff8a0a34cf55ac1f72629f

    SHA256

    2a0e1d31f38be987733335d99799f9d3ec903eb1ce75094bcd81e8234562efa9

    SHA512

    86e5ccd6429bec417983453b33433269e62dd49caef2b54bf9d2d98c57c7292fa1428c4d9d3105c98ec33a28b11c506d91e910332b9bbeeb0ea86eda0ac30798

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0d70f4c1814bdb203d4c5874a89db25a

    SHA1

    28bc8cdd35bb7a5b61fe4ce1e5e716b6d8f35bc7

    SHA256

    9bf79ed9a1df0297c0a64c65662dfe113057f208f09066c8bcaa428f97b9a262

    SHA512

    96eb6997ef3f56a341f8c10a4c045a4b8eaa2f3fa5dc10361a1d0125cc54ba3e550d2a8bb15c897532e5c8a38033f974cb8396bb6fe8234b85141630db31539e

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1f86eca205eb94b8a5a7f190097b342a

    SHA1

    1036b587ddd2399e8973782b7eee11ae8e677042

    SHA256

    d68f77ac71b7fefcf8967082b8170f3b16e3d6cc6001543826fd4824a09c26a7

    SHA512

    faec7415f807e5db84951a7faf33d009eb16110e439471130c4d769e02db2487278179e5c08d8b0a096182024547b97b41fc83244359ee015d3d8b79c138a8c1

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    6b1a574a074305b0638bedade50c3bcd

    SHA1

    fbcb6d6f2b1c055948e3acd9ce5db7145908768e

    SHA256

    2232e60e011ca416860265645fcd0d4d4198b0c8afe99cf0cd9c475942b44501

    SHA512

    fbba0f81b36a280a1205aa026404e83c3d405eab64f626f2edda157f5d83cb0d56ae3d9da5b193e7f7f819747c2556d9a1bdf0cbd182ec571fe9dacdafe89129

    Download Submit

  • C:\Windows\Temp\CabEF4E.tmp
    Filesize

    29KB

    MD5

    d59a6b36c5a94916241a3ead50222b6f

    SHA1

    e274e9486d318c383bc4b9812844ba56f0cff3c6

    SHA256

    a38d01d3f024e626d579cf052ac3bd4260bb00c34bc6085977a5f4135ab09b53

    SHA512

    17012307955fef045e7c13bf0613bd40df27c29778ba6572640b76c18d379e02dc478e855c9276737363d0ad09b9a94f2adaa85da9c77ebb3c2d427aa68e2489

    Download Submit

  • C:\Windows\Temp\TarEFBF.tmp
    Filesize

    81KB

    MD5

    b13f51572f55a2d31ed9f266d581e9ea

    SHA1

    7eef3111b878e159e520f34410ad87adecf0ca92

    SHA256

    725980edc240c928bec5a5f743fdabeee1692144da7091cf836dc7d0997cef15

    SHA512

    f437202723b2817f2fef64b53d4eb67f782bdc61884c0c1890b46deca7ca63313ee2ad093428481f94edfcecd9c77da6e72b604998f7d551af959dbd6915809c

    Download Submit

  • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6a1c8000e7c9d2ae7ff884cf1847353d

    SHA1

    99481196b25825eb506731fa39237dc20d999d83

    SHA256

    606e65ab5c05c3e6bb8e403ed22af6ca1b12df348bf6bc79e61ababbe6ca4ca2

    SHA512

    f9011d9b6e027767d596621ddb94bc65a3f310c80ee4d55488126dca09b6d5aa0a730e2fd942e1ad3e9fab78549c8ec06ebce3ab29933e26677042e558c50e16

    Download Submit

  • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ecc7cdc1d607bc70cbbfe7a933d3d280

    SHA1

    63a3f494d2205beb6b9846f863a10feb8d5d7e57

    SHA256

    feed5949b61a177c6ce43b2313c44cd9e1d8d0857f47af6c3bab5c9c8c2a66cf

    SHA512

    bcc0d7a5387bc171c47bb5fe4dcd0f1eec52fc0a941cc616e687d1d4f48e4cabc0e8212e1923ec7eea4c510241a95307a61c009e41e89b198ee9b35b174d5431

    Download Submit

  • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fb176f41386c899f396c83d6d029bc72

    SHA1

    d5cf1df7b8be9130df2a05caae422b0c6f5e3593

    SHA256

    1c912f2cd35b10f946c9af6e38a06c0ca4a7658e143e45627643a7fd26e7bcd4

    SHA512

    48a5a8c7412f686d0092bddbada7f1b2a524be49a424d22f1f24d396c46e188a00e13473f8d97f6c0716e855fddea51947ee6f073eefc226af28157010529134

    Download Submit

  • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6781208c6157658edfb4a6b935115333

    SHA1

    b922ce929166d036c7e2882338efea748e0bc689

    SHA256

    20ea9864fd9f591f47f3102e0d4eb9afe215d7f0b5dd12fc7c0fb654df71bf48

    SHA512

    d1f85daed5ed5001086e15e5db109e5592c8e8d10bb5dfee798a2eb39deb09637d2eb2a9f66b2955a4121a0087f131dd35bd3faa7d01dbc532b3618da276ce78

    Download Submit

  • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3f801a3758cad0d71f3617bbfd1c7c93

    SHA1

    cb0c8babad54ad4da49c750194a676ec08203d8a

    SHA256

    71c706d07e4b120d5657fa23d4d6d2d1ff4c317052380de63c970189352014c7

    SHA512

    a80c7bcfd4013269fb433a594b1ef16e130e3344630ffb7acc0510a7c6c557632063bd8ef2779ba969fb50a0d11503f0c81afd3f0c92b7f707310bbc767a65a4

    Download Submit

  • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c6dddac1ebdc98bc6ccf56663375c533

    SHA1

    96e72de1fc746520958bb6289d78d36c386210a7

    SHA256

    d90135e4167f036a4e034e77ee2492375030a0848c323cb390f19120751e0c0c

    SHA512

    35298d7ce55a91e0b8410170af6012537456c35d23e940726d9ff2d27633b2b1787935794ab85f152cea052287e6558e2a5d4875d0da7abe736df2667b2e3e00

    Download Submit

  • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    12bff6e03ea440409fc7c05342218c96

    SHA1

    156fb59d81c291a9edaa47401d0057a34b05970c

    SHA256

    538b7f1943e6d822b3adb59533bae1e5ecb512817685c3fb78f9243f3e21129e

    SHA512

    cd09629b3d9fcd12dc5748557a01d3006ce3303593904faf784affba2ee18d4ced0e2431e5a51ac0bc510af735c5c7753489ff06e1df19110a79b7229f267f65

    Download Submit

  • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9b099b8378c475fd8a81094d6b9c9f73

    SHA1

    87e6bdc01a36f2417fc7a0fc92d885f5e4753202

    SHA256

    c771490d6b30d73d116600637e4d5eff49b9b7d87b3402687406aad702a57f04

    SHA512

    fe2c19febf36a724f83b25e9b591b227bf9c81fdb42f7bd8da51c161f3c9162d00a43dcd358991d10ca696f3599f2bdc5c1c987d2534c913600537b9d591e492

    Download Submit

  • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e478e6f30ee8a2d4f19e688fde945581

    SHA1

    9d5065d4a484a2eb89fe93556e71d3a5c632f43d

    SHA256

    a110a393e80d7dc450cf1f9980ea6ff9f0f21414ef9defe66e1e4c06c28a75cd

    SHA512

    1d5ef49215778d98820e9011ce221155828b93e56f4d431bbb249401834644e96d222d0314682c03a223d33d57caf35553cf481479c410ea8e02ab04d4aca312

    Download Submit

  • \Windows\Installer\MSID413.tmp-\AlphaControlAgentInstallation.dll
    Filesize

    19KB

    MD5

    4db38e9e80632af71e1842422d4b1873

    SHA1

    84fe0d85c263168487b4125e70cd698920f44c53

    SHA256

    4924aad650fa0f88c6fc6ca77068d73f70f0d0866a98212b615290ffb0b04efa

    SHA512

    9ce1e75b11e43369fe2320cf52bef856170385a8e898a934c735cb92a8399e5e612a54b248579687c372dae58e47e05d9095116313aea9555cf2358944252d77

    Download Submit

  • \Windows\Installer\MSID413.tmp-\Microsoft.Deployment.WindowsInstaller.dll
    Filesize

    179KB

    MD5

    1a5caea6734fdd07caa514c3f3fb75da

    SHA1

    f070ac0d91bd337d7952abd1ddf19a737b94510c

    SHA256

    cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

    SHA512

    a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

    Download Submit

  • memory/1040-986-0x0000000000220000-0x000000000023C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/1040-984-0x0000000000760000-0x0000000000810000-memory.dmp

    Filesize

    704KB

    Download

  • memory/1040-981-0x00000000001C0000-0x00000000001F0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2036-884-0x0000000019E50000-0x0000000019E88000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2036-170-0x0000000019450000-0x0000000019502000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2252-124-0x0000000000450000-0x00000000004E8000-memory.dmp

    Filesize

    608KB

    Download

  • memory/2252-112-0x00000000008F0000-0x0000000000916000-memory.dmp

    Filesize

    152KB

    Download

  • memory/2312-71-0x0000000000BB0000-0x0000000000BDE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2312-75-0x0000000000BF0000-0x0000000000BFC000-memory.dmp

    Filesize

    48KB

    Download