Overview

overview

10

Static

static

10

setup.msi

windows7-x64

10

setup.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    94s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/12/2024, 17:49 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    setup.msi

  • Size

    2.9MB

  • MD5

    fdfc57001755f3030667eac89cf2a00f

  • SHA1

    0fc06e0a19bbefa90f6cd1e395c494cf867f22f2

  • SHA256

    d0ee910218126f3e67dc00d8e8b525577cf447d91e4f9559b8d0fdbef7f27670

  • SHA512

    82df214e3be28bca5b063a9a08201ff380e53e445fbd31bbb26f9f9804a22a30a1b573821a3ca368481832ab21d46b140848022b7ee6d9c8e4cd75c570e9975f

  • SSDEEP

    49152:O+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:O+lUlz9FKbsodq0YaH7ZPxMb8tT

Score
10/10
ateraagentdiscoverypersistenceprivilege_escalationrat

Malware Config

Signatures

  • AteraAgent

    AteraAgent is a remote monitoring and management tool.

    ratateraagent
  • Ateraagent family
    ateraagent
  • Detects AteraAgent 1 IoCs
  • Blocklisted process makes network request 4 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 14 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 17 IoCs
  • Drops file in Windows directory 35 IoCs
  • Executes dropped EXE 4 IoCs
  • Launches sc.exe 1 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Loads dropped DLL 31 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Kills process with taskkill 1 IoCs
    evasion
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 22 IoCs
  • Modifies system certificate store 2 TTPs 5 IoCs
    evasionspywaretrojan
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 37 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\setup.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2276
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2268
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
        PID:4808
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding A95DC440C9EE87EE3DB3DA8651B13774
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4424
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSIEF13.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240644140 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
          3⤵
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:1164
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSIF2CD.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240644812 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
          3⤵
          • Blocklisted process makes network request
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious use of AdjustPrivilegeToken
          PID:4868
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSIF8D9.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240646359 11 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
          3⤵
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:3896
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSI968.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240650656 33 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
          3⤵
          • Blocklisted process makes network request
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:4676
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding E2EA487B11C568C5A04AE34BD15F26CD E Global\MSI0000
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:220
        • C:\Windows\SysWOW64\NET.exe
          "NET" STOP AteraAgent
          3⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:840
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 STOP AteraAgent
            4⤵
            • System Location Discovery: System Language Discovery
            PID:1596
        • C:\Windows\SysWOW64\TaskKill.exe
          "TaskKill.exe" /f /im AteraAgent.exe
          3⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:2448
      • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
        "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="fatimabernardes0024@hotmail.com" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q3000005RklRIAS" /AgentId="b131181b-38ed-496e-a014-41ecb169e589"
        2⤵
        • Drops file in System32 directory
        • Drops file in Program Files directory
        • Executes dropped EXE
        • Modifies data under HKEY_USERS
        PID:4248
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Checks SCSI registry key(s)
      • Suspicious use of AdjustPrivilegeToken
      PID:928
    • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
      "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
      1⤵
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Modifies system certificate store
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:4664
      • C:\Windows\System32\sc.exe
        "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
        2⤵
        • Launches sc.exe
        PID:4868
      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" b131181b-38ed-496e-a014-41ecb169e589 "38fff1a4-1e9e-4540-9df9-904266742b79" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q3000005RklRIAS
        2⤵
        • Drops file in System32 directory
        • Executes dropped EXE
        PID:2724
      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" b131181b-38ed-496e-a014-41ecb169e589 "12cb3d46-c614-4cb3-9b30-31a430254240" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q3000005RklRIAS
        2⤵
        • Executes dropped EXE
        • Modifies data under HKEY_USERS
        PID:2280

    Network

    • flag-us
      DNS
      217.106.137.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      217.106.137.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      48.50.25.184.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      48.50.25.184.in-addr.arpa
      IN PTR
      Response
      48.50.25.184.in-addr.arpa
      IN PTR
      a184-25-50-48deploystaticakamaitechnologiescom
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      159.113.53.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      159.113.53.23.in-addr.arpa
      IN PTR
      Response
      159.113.53.23.in-addr.arpa
      IN PTR
      a23-53-113-159deploystaticakamaitechnologiescom
    • flag-us
      DNS
      228.249.119.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      228.249.119.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      agent-api.atera.com
      AgentPackageAgentInformation.exe
      Remote address:
      8.8.8.8:53
      Request
      agent-api.atera.com
      IN A
      Response
      agent-api.atera.com
      IN CNAME
      agentsapi.trafficmanager.net
      agentsapi.trafficmanager.net
      IN CNAME
      atera-agent-api-eu.westeurope.cloudapp.azure.com
      atera-agent-api-eu.westeurope.cloudapp.azure.com
      IN A
      40.119.152.241
    • flag-nl
      POST
      https://agent-api.atera.com/Production/Agent/track-event
      rundll32.exe
      Remote address:
      40.119.152.241:443
      Request
      POST /Production/Agent/track-event HTTP/1.1
      X-Atera-AccountId: 001Q3000005RklRIAS
      Content-Type: application/json
      Host: agent-api.atera.com
      Content-Length: 130
      Expect: 100-continue
      Connection: Keep-Alive
      Response
      HTTP/1.1 400 Bad Request
      Date: Mon, 02 Dec 2024 17:49:32 GMT
      Content-Length: 0
      Connection: keep-alive
      Request-Context: appId=cid-v1:dab78164-68e3-479b-97e3-bbc6914c52dc
    • flag-us
      DNS
      241.152.119.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      241.152.119.40.in-addr.arpa
      IN PTR
      Response
    • flag-nl
      POST
      https://agent-api.atera.com/Production/Agent/GetEnvironmentStatus
      AteraAgent.exe
      Remote address:
      40.119.152.241:443
      Request
      POST /Production/Agent/GetEnvironmentStatus HTTP/1.1
      Content-Type: application/json
      Host: agent-api.atera.com
      Content-Length: 33
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Date: Mon, 02 Dec 2024 17:49:36 GMT
      Content-Type: application/json; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Request-Context: appId=cid-v1:dab78164-68e3-479b-97e3-bbc6914c52dc
    • flag-nl
      POST
      https://agent-api.atera.com/Production/Agent/GetCommands
      AteraAgent.exe
      Remote address:
      40.119.152.241:443
      Request
      POST /Production/Agent/GetCommands HTTP/1.1
      Content-Type: application/x-www-form-urlencoded
      Host: agent-api.atera.com
      Content-Length: 97
      Connection: Close
      Response
      HTTP/1.1 204 No Content
      Date: Mon, 02 Dec 2024 17:49:38 GMT
      Connection: close
      Request-Context: appId=cid-v1:dab78164-68e3-479b-97e3-bbc6914c52dc
    • flag-nl
      POST
      https://agent-api.atera.com/Production/Agent/track-event
      rundll32.exe
      Remote address:
      40.119.152.241:443
      Request
      POST /Production/Agent/track-event HTTP/1.1
      X-Atera-AccountId: 001Q3000005RklRIAS
      Content-Type: application/json
      Host: agent-api.atera.com
      Content-Length: 142
      Expect: 100-continue
      Connection: Keep-Alive
      Response
      HTTP/1.1 400 Bad Request
      Date: Mon, 02 Dec 2024 17:49:37 GMT
      Content-Length: 0
      Connection: keep-alive
      Request-Context: appId=cid-v1:dab78164-68e3-479b-97e3-bbc6914c52dc
    • flag-nl
      POST
      https://agent-api.atera.com/Production/Agent/GetRecurringPackages
      AteraAgent.exe
      Remote address:
      40.119.152.241:443
      Request
      POST /Production/Agent/GetRecurringPackages HTTP/1.1
      Content-Type: application/x-www-form-urlencoded
      Host: agent-api.atera.com
      Content-Length: 44
      Response
      HTTP/1.1 200 OK
      Date: Mon, 02 Dec 2024 17:49:38 GMT
      Content-Type: application/json; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Request-Context: appId=cid-v1:dab78164-68e3-479b-97e3-bbc6914c52dc
    • flag-nl
      POST
      https://agent-api.atera.com/Production/Agent/AgentStarting
      AteraAgent.exe
      Remote address:
      40.119.152.241:443
      Request
      POST /Production/Agent/AgentStarting HTTP/1.1
      Content-Type: application/x-www-form-urlencoded
      Host: agent-api.atera.com
      Content-Length: 97
      Connection: Close
      Response
      HTTP/1.1 200 OK
      Date: Mon, 02 Dec 2024 17:49:38 GMT
      Content-Type: application/json; charset=utf-8
      Transfer-Encoding: chunked
      Connection: close
      Request-Context: appId=cid-v1:dab78164-68e3-479b-97e3-bbc6914c52dc
    • flag-us
      DNS
      ps.pndsn.com
      AteraAgent.exe
      Remote address:
      8.8.8.8:53
      Request
      ps.pndsn.com
      IN A
      Response
      ps.pndsn.com
      IN A
      35.157.63.229
      ps.pndsn.com
      IN A
      35.157.63.227
    • flag-de
      GET
      https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=512c32f1-eb1c-41b0-864d-98cee3173e2a&uuid=b131181b-38ed-496e-a014-41ecb169e589
      AteraAgent.exe
      Remote address:
      35.157.63.229:443
      Request
      GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=512c32f1-eb1c-41b0-864d-98cee3173e2a&uuid=b131181b-38ed-496e-a014-41ecb169e589 HTTP/1.1
      Host: ps.pndsn.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Date: Mon, 02 Dec 2024 17:49:38 GMT
      Content-Type: text/javascript; charset="UTF-8"
      Connection: keep-alive
      Content-Length: 19
      Cache-Control: no-cache
      Access-Control-Allow-Credentials: true
      Access-Control-Expose-Headers: *
    • flag-de
      GET
      https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=87d5c7ca-94a1-4140-a8fc-9857bea952de&uuid=b131181b-38ed-496e-a014-41ecb169e589
      AteraAgent.exe
      Remote address:
      35.157.63.229:443
      Request
      GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=87d5c7ca-94a1-4140-a8fc-9857bea952de&uuid=b131181b-38ed-496e-a014-41ecb169e589 HTTP/1.1
      Host: ps.pndsn.com
      Response
      HTTP/1.1 200 OK
      Date: Mon, 02 Dec 2024 17:49:38 GMT
      Content-Type: text/javascript; charset="UTF-8"
      Connection: keep-alive
      Content-Length: 19
      Cache-Control: no-cache
      Access-Control-Allow-Credentials: true
      Access-Control-Expose-Headers: *
    • flag-de
      GET
      https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=a8e8e419-d3e6-44b0-8b38-a30ca9a621da&uuid=b131181b-38ed-496e-a014-41ecb169e589
      AteraAgent.exe
      Remote address:
      35.157.63.229:443
      Request
      GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=a8e8e419-d3e6-44b0-8b38-a30ca9a621da&uuid=b131181b-38ed-496e-a014-41ecb169e589 HTTP/1.1
      Host: ps.pndsn.com
      Response
      HTTP/1.1 200 OK
      Date: Mon, 02 Dec 2024 17:49:38 GMT
      Content-Type: text/javascript; charset="UTF-8"
      Connection: keep-alive
      Content-Length: 19
      Cache-Control: no-cache
      Access-Control-Allow-Credentials: true
      Access-Control-Expose-Headers: *
    • flag-de
      GET
      https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=cbdaac3a-54b1-4adb-899e-488ac00b87d6&uuid=b131181b-38ed-496e-a014-41ecb169e589
      AteraAgent.exe
      Remote address:
      35.157.63.229:443
      Request
      GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=cbdaac3a-54b1-4adb-899e-488ac00b87d6&uuid=b131181b-38ed-496e-a014-41ecb169e589 HTTP/1.1
      Host: ps.pndsn.com
      Response
      HTTP/1.1 200 OK
      Date: Mon, 02 Dec 2024 17:49:41 GMT
      Content-Type: text/javascript; charset="UTF-8"
      Connection: keep-alive
      Content-Length: 19
      Cache-Control: no-cache
      Access-Control-Allow-Credentials: true
      Access-Control-Expose-Headers: *
    • flag-de
      GET
      https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=7982aa71-5114-46f1-b192-85bad1f82b18&uuid=b131181b-38ed-496e-a014-41ecb169e589
      AteraAgent.exe
      Remote address:
      35.157.63.229:443
      Request
      GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=7982aa71-5114-46f1-b192-85bad1f82b18&uuid=b131181b-38ed-496e-a014-41ecb169e589 HTTP/1.1
      Host: ps.pndsn.com
      Response
      HTTP/1.1 200 OK
      Date: Mon, 02 Dec 2024 17:50:26 GMT
      Content-Type: text/javascript; charset="UTF-8"
      Connection: keep-alive
      Content-Length: 19
      Cache-Control: no-cache
      Access-Control-Allow-Credentials: true
      Access-Control-Expose-Headers: *
    • flag-de
      GET
      https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/b131181b-38ed-496e-a014-41ecb169e589/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=b8bba6b9-efaa-4d79-86cb-beca72d19ec9&uuid=b131181b-38ed-496e-a014-41ecb169e589
      AteraAgent.exe
      Remote address:
      35.157.63.229:443
      Request
      GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/b131181b-38ed-496e-a014-41ecb169e589/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=b8bba6b9-efaa-4d79-86cb-beca72d19ec9&uuid=b131181b-38ed-496e-a014-41ecb169e589 HTTP/1.1
      Cache-Control: no-cache
      Pragma: no-cache
      Content-Type: application/json
      Host: ps.pndsn.com
      Response
      HTTP/1.1 200 OK
      Date: Mon, 02 Dec 2024 17:50:26 GMT
      Content-Type: text/javascript; charset="UTF-8"
      Content-Length: 55
      Connection: keep-alive
      Access-Control-Allow-Methods: OPTIONS, GET, POST
      Age: 0
      Cache-Control: no-cache
      Accept-Ranges: bytes
      Access-Control-Allow-Credentials: true
      Access-Control-Expose-Headers: *
    • flag-de
      GET
      https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=24f9f8e7-93c4-4ba2-b2bd-8ec8053b454e&uuid=b131181b-38ed-496e-a014-41ecb169e589
      AteraAgent.exe
      Remote address:
      35.157.63.229:443
      Request
      GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=24f9f8e7-93c4-4ba2-b2bd-8ec8053b454e&uuid=b131181b-38ed-496e-a014-41ecb169e589 HTTP/1.1
      Host: ps.pndsn.com
      Response
      HTTP/1.1 200 OK
      Date: Mon, 02 Dec 2024 17:50:58 GMT
      Content-Type: text/javascript; charset="UTF-8"
      Connection: keep-alive
      Content-Length: 19
      Cache-Control: no-cache
      Access-Control-Allow-Credentials: true
      Access-Control-Expose-Headers: *
    • flag-de
      GET
      https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=f6bfe185-f3d0-4f16-9d86-0330318bfd19&uuid=b131181b-38ed-496e-a014-41ecb169e589
      AteraAgent.exe
      Remote address:
      35.157.63.229:443
      Request
      GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=f6bfe185-f3d0-4f16-9d86-0330318bfd19&uuid=b131181b-38ed-496e-a014-41ecb169e589 HTTP/1.1
      Host: ps.pndsn.com
      Response
      HTTP/1.1 200 OK
      Date: Mon, 02 Dec 2024 17:51:43 GMT
      Content-Type: text/javascript; charset="UTF-8"
      Connection: keep-alive
      Content-Length: 19
      Cache-Control: no-cache
      Access-Control-Allow-Credentials: true
      Access-Control-Expose-Headers: *
    • flag-de
      GET
      https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/b131181b-38ed-496e-a014-41ecb169e589/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=2237253a-e7e6-4ac8-9e9c-3297bd7f40bc&uuid=b131181b-38ed-496e-a014-41ecb169e589
      AteraAgent.exe
      Remote address:
      35.157.63.229:443
      Request
      GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/b131181b-38ed-496e-a014-41ecb169e589/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=2237253a-e7e6-4ac8-9e9c-3297bd7f40bc&uuid=b131181b-38ed-496e-a014-41ecb169e589 HTTP/1.1
      Cache-Control: no-cache
      Pragma: no-cache
      Content-Type: application/json
      Host: ps.pndsn.com
      Response
      HTTP/1.1 200 OK
      Date: Mon, 02 Dec 2024 17:51:43 GMT
      Content-Type: text/javascript; charset="UTF-8"
      Content-Length: 55
      Connection: keep-alive
      Access-Control-Allow-Methods: OPTIONS, GET, POST
      Age: 0
      Cache-Control: no-cache
      Accept-Ranges: bytes
      Access-Control-Allow-Credentials: true
      Access-Control-Expose-Headers: *
    • flag-de
      GET
      https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/b131181b-38ed-496e-a014-41ecb169e589/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=52ebaa2f-7899-46a7-8ee7-7d4cbdc0db95&tt=0&uuid=b131181b-38ed-496e-a014-41ecb169e589
      AteraAgent.exe
      Remote address:
      35.157.63.229:443
      Request
      GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/b131181b-38ed-496e-a014-41ecb169e589/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=52ebaa2f-7899-46a7-8ee7-7d4cbdc0db95&tt=0&uuid=b131181b-38ed-496e-a014-41ecb169e589 HTTP/1.1
      Cache-Control: no-cache
      Pragma: no-cache
      Content-Type: application/json
      Host: ps.pndsn.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Date: Mon, 02 Dec 2024 17:49:38 GMT
      Content-Type: text/javascript; charset="UTF-8"
      Content-Length: 45
      Connection: keep-alive
      Cache-Control: no-cache
      Access-Control-Allow-Methods: GET
      Access-Control-Allow-Credentials: true
      Access-Control-Expose-Headers: *
    • flag-de
      GET
      https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/b131181b-38ed-496e-a014-41ecb169e589/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=05b9d033-f32b-40bd-b3a4-559241c982ff&tr=43&tt=17331617784389513&uuid=b131181b-38ed-496e-a014-41ecb169e589
      AteraAgent.exe
      Remote address:
      35.157.63.229:443
      Request
      GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/b131181b-38ed-496e-a014-41ecb169e589/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=05b9d033-f32b-40bd-b3a4-559241c982ff&tr=43&tt=17331617784389513&uuid=b131181b-38ed-496e-a014-41ecb169e589 HTTP/1.1
      Cache-Control: no-cache
      Pragma: no-cache
      Content-Type: application/json
      Host: ps.pndsn.com
      Response
      HTTP/1.1 200 OK
      Date: Mon, 02 Dec 2024 17:49:38 GMT
      Content-Type: text/javascript; charset="UTF-8"
      Content-Length: 1904
      Connection: keep-alive
      Cache-Control: no-cache
      Access-Control-Allow-Methods: GET
      Access-Control-Allow-Credentials: true
      Access-Control-Expose-Headers: *
    • flag-de
      GET
      https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/b131181b-38ed-496e-a014-41ecb169e589/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=abe6e720-d37d-4a97-abc1-429bf93b8905&tr=43&tt=17331617786882063&uuid=b131181b-38ed-496e-a014-41ecb169e589
      AteraAgent.exe
      Remote address:
      35.157.63.229:443
      Request
      GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/b131181b-38ed-496e-a014-41ecb169e589/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=abe6e720-d37d-4a97-abc1-429bf93b8905&tr=43&tt=17331617786882063&uuid=b131181b-38ed-496e-a014-41ecb169e589 HTTP/1.1
      Cache-Control: no-cache
      Pragma: no-cache
      Content-Type: application/json
      Host: ps.pndsn.com
      Response
      HTTP/1.1 200 OK
      Date: Mon, 02 Dec 2024 17:49:41 GMT
      Content-Type: text/javascript; charset="UTF-8"
      Content-Length: 1889
      Connection: keep-alive
      Cache-Control: no-cache
      Access-Control-Allow-Methods: GET
      Access-Control-Allow-Credentials: true
      Access-Control-Expose-Headers: *
    • flag-de
      GET
      https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/b131181b-38ed-496e-a014-41ecb169e589/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=4b7e3023-5198-4a65-910c-88b8db611914&tr=43&tt=17331617811228688&uuid=b131181b-38ed-496e-a014-41ecb169e589
      AteraAgent.exe
      Remote address:
      35.157.63.229:443
      Request
      GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/b131181b-38ed-496e-a014-41ecb169e589/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=4b7e3023-5198-4a65-910c-88b8db611914&tr=43&tt=17331617811228688&uuid=b131181b-38ed-496e-a014-41ecb169e589 HTTP/1.1
      Cache-Control: no-cache
      Pragma: no-cache
      Content-Type: application/json
      Host: ps.pndsn.com
      Response
      HTTP/1.1 200 OK
      Date: Mon, 02 Dec 2024 17:50:58 GMT
      Content-Type: text/javascript; charset="UTF-8"
      Content-Length: 45
      Connection: keep-alive
      Cache-Control: no-cache
      Access-Control-Allow-Methods: GET
      Access-Control-Allow-Credentials: true
      Access-Control-Expose-Headers: *
    • flag-de
      GET
      https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/b131181b-38ed-496e-a014-41ecb169e589/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=397d365a-87f0-4464-bc14-04c8a86dd935&tr=43&tt=17331617811228688&uuid=b131181b-38ed-496e-a014-41ecb169e589
      AteraAgent.exe
      Remote address:
      35.157.63.229:443
      Request
      GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/b131181b-38ed-496e-a014-41ecb169e589/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=397d365a-87f0-4464-bc14-04c8a86dd935&tr=43&tt=17331617811228688&uuid=b131181b-38ed-496e-a014-41ecb169e589 HTTP/1.1
      Cache-Control: no-cache
      Pragma: no-cache
      Content-Type: application/json
      Host: ps.pndsn.com
    • flag-nl
      POST
      https://agent-api.atera.com/Production/Agent/AcknowledgeCommands
      AteraAgent.exe
      Remote address:
      40.119.152.241:443
      Request
      POST /Production/Agent/AcknowledgeCommands HTTP/1.1
      Content-Type: application/json
      Host: agent-api.atera.com
      Content-Length: 104
      Connection: Close
      Response
      HTTP/1.1 200 OK
      Date: Mon, 02 Dec 2024 17:49:38 GMT
      Content-Type: application/json; charset=utf-8
      Transfer-Encoding: chunked
      Connection: close
      Request-Context: appId=cid-v1:dab78164-68e3-479b-97e3-bbc6914c52dc
    • flag-us
      DNS
      ps.atera.com
      AteraAgent.exe
      Remote address:
      8.8.8.8:53
      Request
      ps.atera.com
      IN A
      Response
      ps.atera.com
      IN CNAME
      d25btwd9wax8gu.cloudfront.net
      d25btwd9wax8gu.cloudfront.net
      IN A
      18.239.36.114
      d25btwd9wax8gu.cloudfront.net
      IN A
      18.239.36.126
      d25btwd9wax8gu.cloudfront.net
      IN A
      18.239.36.110
      d25btwd9wax8gu.cloudfront.net
      IN A
      18.239.36.2
    • flag-nl
      GET
      https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/38.0/AgentPackageAgentInformation.zip?8fhbRIupcCC7JGD0NFs8UxSvwtyQcaCTxqMG+Zg+xFoyv/v9gC31gGTxU/9vHmHy
      AteraAgent.exe
      Remote address:
      18.239.36.114:443
      Request
      GET /agentpackagesnet45/AgentPackageAgentInformation/38.0/AgentPackageAgentInformation.zip?8fhbRIupcCC7JGD0NFs8UxSvwtyQcaCTxqMG+Zg+xFoyv/v9gC31gGTxU/9vHmHy HTTP/1.1
      Host: ps.atera.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Content-Type: application/octet-stream
      Content-Length: 384542
      Connection: keep-alive
      Content-MD5: SgmofSAE2sSwBofpyfFQNg==
      Last-Modified: Tue, 12 Nov 2024 07:13:54 GMT
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 6c3ca296-101e-002c-79e8-3e9165000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 02 Dec 2024 03:15:49 GMT
      ETag: 0x8DD02E9910FA268
      Vary: Accept-Encoding
      X-Cache: Hit from cloudfront
      Via: 1.1 db85cac9bd06b81c92694774b9b6f520.cloudfront.net (CloudFront)
      X-Amz-Cf-Pop: AMS58-P2
      X-Amz-Cf-Id: S399lmVX7CqtZKdbi3A7wixq9SCh1IzrSXzYD4RYf4qNze1z3cJePQ==
      Age: 52469
    • flag-us
      DNS
      229.63.157.35.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      229.63.157.35.in-addr.arpa
      IN PTR
      Response
      229.63.157.35.in-addr.arpa
      IN PTR
      ec2-35-157-63-229 eu-central-1compute amazonawscom
    • flag-us
      DNS
      114.36.239.18.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      114.36.239.18.in-addr.arpa
      IN PTR
      Response
      114.36.239.18.in-addr.arpa
      IN PTR
      server-18-239-36-114ams58r cloudfrontnet
    • flag-nl
      POST
      https://agent-api.atera.com/Production/Agent/CommandResult
      AgentPackageAgentInformation.exe
      Remote address:
      40.119.152.241:443
      Request
      POST /Production/Agent/CommandResult HTTP/1.1
      X-PackageName: AgentPackageAgentInformation
      X-PackageVersion: 38.0.0.0
      X-AccountId: 001Q3000005RklRIAS
      Content-Type: application/json
      Host: agent-api.atera.com
      Content-Length: 463
      Expect: 100-continue
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Date: Mon, 02 Dec 2024 17:49:40 GMT
      Content-Length: 0
      Connection: keep-alive
      Request-Context: appId=cid-v1:dab78164-68e3-479b-97e3-bbc6914c52dc
    • flag-us
      DNS
      74.50.25.184.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      74.50.25.184.in-addr.arpa
      IN PTR
      Response
      74.50.25.184.in-addr.arpa
      IN PTR
      a184-25-50-74deploystaticakamaitechnologiescom
    • flag-nl
      POST
      https://agent-api.atera.com/Production/Agent/AcknowledgeCommands
      AteraAgent.exe
      Remote address:
      40.119.152.241:443
      Request
      POST /Production/Agent/AcknowledgeCommands HTTP/1.1
      Content-Type: application/json
      Host: agent-api.atera.com
      Content-Length: 104
      Connection: Close
      Response
      HTTP/1.1 200 OK
      Date: Mon, 02 Dec 2024 17:49:41 GMT
      Content-Type: application/json; charset=utf-8
      Transfer-Encoding: chunked
      Connection: close
      Request-Context: appId=cid-v1:dab78164-68e3-479b-97e3-bbc6914c52dc
    • flag-us
      DNS
      agent-api.atera.com
      AgentPackageAgentInformation.exe
      Remote address:
      8.8.8.8:53
      Request
      agent-api.atera.com
      IN A
      Response
      agent-api.atera.com
      IN CNAME
      agentsapi.trafficmanager.net
      agentsapi.trafficmanager.net
      IN CNAME
      atera-agent-api-eu.westeurope.cloudapp.azure.com
      atera-agent-api-eu.westeurope.cloudapp.azure.com
      IN A
      40.119.152.241
    • flag-nl
      POST
      https://agent-api.atera.com/Production/Agent/CommandResult
      AgentPackageAgentInformation.exe
      Remote address:
      40.119.152.241:443
      Request
      POST /Production/Agent/CommandResult HTTP/1.1
      X-PackageName: AgentPackageAgentInformation
      X-PackageVersion: 38.0.0.0
      X-AccountId: 001Q3000005RklRIAS
      Content-Type: application/json
      Host: agent-api.atera.com
      Content-Length: 463
      Expect: 100-continue
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Date: Mon, 02 Dec 2024 17:49:41 GMT
      Content-Length: 0
      Connection: keep-alive
      Request-Context: appId=cid-v1:dab78164-68e3-479b-97e3-bbc6914c52dc
    • flag-us
      DNS
      56.163.245.4.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      56.163.245.4.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      241.42.69.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      241.42.69.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      172.214.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.214.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      43.229.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      43.229.111.52.in-addr.arpa
      IN PTR
      Response
    • 40.119.152.241:443
      https://agent-api.atera.com/Production/Agent/track-event
      tls, http
      rundll32.exe
      1.1kB
       5.0kB
       9
      9

      HTTP Request

      POST https://agent-api.atera.com/Production/Agent/track-event

      HTTP Response

      400
    • 40.119.152.241:443
      https://agent-api.atera.com/Production/Agent/GetCommands
      tls, http
      AteraAgent.exe
      1.4kB
       5.4kB
       13
      15

      HTTP Request

      POST https://agent-api.atera.com/Production/Agent/GetEnvironmentStatus

      HTTP Response

      200

      HTTP Request

      POST https://agent-api.atera.com/Production/Agent/GetCommands

      HTTP Response

      204
    • 40.119.152.241:443
      https://agent-api.atera.com/Production/Agent/track-event
      tls, http
      rundll32.exe
      1.1kB
       5.0kB
       9
      9

      HTTP Request

      POST https://agent-api.atera.com/Production/Agent/track-event

      HTTP Response

      400
    • 40.119.152.241:443
      https://agent-api.atera.com/Production/Agent/AgentStarting
      tls, http
      AteraAgent.exe
      1.8kB
       27.5kB
       20
      30

      HTTP Request

      POST https://agent-api.atera.com/Production/Agent/GetRecurringPackages

      HTTP Response

      200

      HTTP Request

      POST https://agent-api.atera.com/Production/Agent/AgentStarting

      HTTP Response

      200
    • 35.157.63.229:443
      https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/b131181b-38ed-496e-a014-41ecb169e589/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=2237253a-e7e6-4ac8-9e9c-3297bd7f40bc&uuid=b131181b-38ed-496e-a014-41ecb169e589
      tls, http
      AteraAgent.exe
      3.7kB
       9.5kB
       29
      28

      HTTP Request

      GET https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=512c32f1-eb1c-41b0-864d-98cee3173e2a&uuid=b131181b-38ed-496e-a014-41ecb169e589

      HTTP Response

      200

      HTTP Request

      GET https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=87d5c7ca-94a1-4140-a8fc-9857bea952de&uuid=b131181b-38ed-496e-a014-41ecb169e589

      HTTP Response

      200

      HTTP Request

      GET https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=a8e8e419-d3e6-44b0-8b38-a30ca9a621da&uuid=b131181b-38ed-496e-a014-41ecb169e589

      HTTP Response

      200

      HTTP Request

      GET https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=cbdaac3a-54b1-4adb-899e-488ac00b87d6&uuid=b131181b-38ed-496e-a014-41ecb169e589

      HTTP Response

      200

      HTTP Request

      GET https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=7982aa71-5114-46f1-b192-85bad1f82b18&uuid=b131181b-38ed-496e-a014-41ecb169e589

      HTTP Response

      200

      HTTP Request

      GET https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/b131181b-38ed-496e-a014-41ecb169e589/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=b8bba6b9-efaa-4d79-86cb-beca72d19ec9&uuid=b131181b-38ed-496e-a014-41ecb169e589

      HTTP Response

      200

      HTTP Request

      GET https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=24f9f8e7-93c4-4ba2-b2bd-8ec8053b454e&uuid=b131181b-38ed-496e-a014-41ecb169e589

      HTTP Response

      200

      HTTP Request

      GET https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=f6bfe185-f3d0-4f16-9d86-0330318bfd19&uuid=b131181b-38ed-496e-a014-41ecb169e589

      HTTP Response

      200

      HTTP Request

      GET https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/b131181b-38ed-496e-a014-41ecb169e589/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=2237253a-e7e6-4ac8-9e9c-3297bd7f40bc&uuid=b131181b-38ed-496e-a014-41ecb169e589

      HTTP Response

      200
    • 35.157.63.229:443
      https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/b131181b-38ed-496e-a014-41ecb169e589/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=397d365a-87f0-4464-bc14-04c8a86dd935&tr=43&tt=17331617811228688&uuid=b131181b-38ed-496e-a014-41ecb169e589
      tls, http
      AteraAgent.exe
      3.2kB
       11.7kB
       22
      28

      HTTP Request

      GET https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/b131181b-38ed-496e-a014-41ecb169e589/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=52ebaa2f-7899-46a7-8ee7-7d4cbdc0db95&tt=0&uuid=b131181b-38ed-496e-a014-41ecb169e589

      HTTP Response

      200

      HTTP Request

      GET https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/b131181b-38ed-496e-a014-41ecb169e589/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=05b9d033-f32b-40bd-b3a4-559241c982ff&tr=43&tt=17331617784389513&uuid=b131181b-38ed-496e-a014-41ecb169e589

      HTTP Response

      200

      HTTP Request

      GET https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/b131181b-38ed-496e-a014-41ecb169e589/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=abe6e720-d37d-4a97-abc1-429bf93b8905&tr=43&tt=17331617786882063&uuid=b131181b-38ed-496e-a014-41ecb169e589

      HTTP Response

      200

      HTTP Request

      GET https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/b131181b-38ed-496e-a014-41ecb169e589/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=4b7e3023-5198-4a65-910c-88b8db611914&tr=43&tt=17331617811228688&uuid=b131181b-38ed-496e-a014-41ecb169e589

      HTTP Response

      200

      HTTP Request

      GET https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/b131181b-38ed-496e-a014-41ecb169e589/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=397d365a-87f0-4464-bc14-04c8a86dd935&tr=43&tt=17331617811228688&uuid=b131181b-38ed-496e-a014-41ecb169e589
    • 40.119.152.241:443
      https://agent-api.atera.com/Production/Agent/AcknowledgeCommands
      tls, http
      AteraAgent.exe
      1.1kB
       5.1kB
       10
      12

      HTTP Request

      POST https://agent-api.atera.com/Production/Agent/AcknowledgeCommands

      HTTP Response

      200
    • 18.239.36.114:443
      https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/38.0/AgentPackageAgentInformation.zip?8fhbRIupcCC7JGD0NFs8UxSvwtyQcaCTxqMG+Zg+xFoyv/v9gC31gGTxU/9vHmHy
      tls, http
      AteraAgent.exe
      7.7kB
       403.3kB
       156
      295

      HTTP Request

      GET https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/38.0/AgentPackageAgentInformation.zip?8fhbRIupcCC7JGD0NFs8UxSvwtyQcaCTxqMG+Zg+xFoyv/v9gC31gGTxU/9vHmHy

      HTTP Response

      200
    • 40.119.152.241:443
      https://agent-api.atera.com/Production/Agent/CommandResult
      tls, http
      AgentPackageAgentInformation.exe
      1.5kB
       5.0kB
       9
      9

      HTTP Request

      POST https://agent-api.atera.com/Production/Agent/CommandResult

      HTTP Response

      200
    • 40.119.152.241:443
      https://agent-api.atera.com/Production/Agent/AcknowledgeCommands
      tls, http
      AteraAgent.exe
      1.1kB
       5.1kB
       10
      12

      HTTP Request

      POST https://agent-api.atera.com/Production/Agent/AcknowledgeCommands

      HTTP Response

      200
    • 40.119.152.241:443
      https://agent-api.atera.com/Production/Agent/CommandResult
      tls, http
      AgentPackageAgentInformation.exe
      1.5kB
       5.0kB
       9
      9

      HTTP Request

      POST https://agent-api.atera.com/Production/Agent/CommandResult

      HTTP Response

      200
    • 8.8.8.8:53
      217.106.137.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      217.106.137.52.in-addr.arpa

    • 8.8.8.8:53
      48.50.25.184.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      48.50.25.184.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      159.113.53.23.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      159.113.53.23.in-addr.arpa

    • 8.8.8.8:53
      228.249.119.40.in-addr.arpa
      dns
      73 B
       159 B
       1
      1

      DNS Request

      228.249.119.40.in-addr.arpa

    • 8.8.8.8:53
      agent-api.atera.com
      dns
      AgentPackageAgentInformation.exe
      65 B
       182 B
       1
      1

      DNS Request

      agent-api.atera.com

      DNS Response

      40.119.152.241

    • 8.8.8.8:53
      241.152.119.40.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      241.152.119.40.in-addr.arpa

    • 8.8.8.8:53
      ps.pndsn.com
      dns
      AteraAgent.exe
      58 B
       90 B
       1
      1

      DNS Request

      ps.pndsn.com

      DNS Response

      35.157.63.229
      35.157.63.227

    • 8.8.8.8:53
      ps.atera.com
      dns
      AteraAgent.exe
      58 B
       165 B
       1
      1

      DNS Request

      ps.atera.com

      DNS Response

      18.239.36.114
      18.239.36.126
      18.239.36.110
      18.239.36.2

    • 8.8.8.8:53
      229.63.157.35.in-addr.arpa
      dns
      72 B
       138 B
       1
      1

      DNS Request

      229.63.157.35.in-addr.arpa

    • 8.8.8.8:53
      114.36.239.18.in-addr.arpa
      dns
      72 B
       129 B
       1
      1

      DNS Request

      114.36.239.18.in-addr.arpa

    • 8.8.8.8:53
      74.50.25.184.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      74.50.25.184.in-addr.arpa

    • 8.8.8.8:53
      agent-api.atera.com
      dns
      AgentPackageAgentInformation.exe
      65 B
       182 B
       1
      1

      DNS Request

      agent-api.atera.com

      DNS Response

      40.119.152.241

    • 8.8.8.8:53
      56.163.245.4.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      56.163.245.4.in-addr.arpa

    • 8.8.8.8:53
      241.42.69.40.in-addr.arpa
      dns
      71 B
       145 B
       1
      1

      DNS Request

      241.42.69.40.in-addr.arpa

    • 8.8.8.8:53
      172.214.232.199.in-addr.arpa
      dns
      74 B
       128 B
       1
      1

      DNS Request

      172.214.232.199.in-addr.arpa

    • 8.8.8.8:53
      43.229.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      43.229.111.52.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Config.Msi\e57ee58.rbs
      Filesize

      8KB

      MD5

      76f3b8ca13e7440e3ef6642c1e408ad0

      SHA1

      2c3d38bae8bae9c0623552968219167624b92d7f

      SHA256

      fe37f13a751b2831729d5fff3c9b8df4ac08ed37dc8acb10ffcc0fbb5e0c0001

      SHA512

      bf1f7d64bd40a16610f6b84be7328de173f57afb1287122a5b81191417324559d461c0a648dc2febfc759487dbad3be303da5dca4193780e095e45c2fbd9858d

      Download Submit

    • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
      Filesize

      142KB

      MD5

      477293f80461713d51a98a24023d45e8

      SHA1

      e9aa4e6c514ee951665a7cd6f0b4a4c49146241d

      SHA256

      a96a0ba7998a6956c8073b6eff9306398cc03fb9866e4cabf0810a69bb2a43b2

      SHA512

      23f3bd44a5fb66be7fea3f7d6440742b657e4050b565c1f8f4684722502d46b68c9e54dcc2486e7de441482fcc6aa4ad54e94b1d73992eb5d070e2a17f35de2f

      Download Submit

    • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config
      Filesize

      1KB

      MD5

      b3bb71f9bb4de4236c26578a8fae2dcd

      SHA1

      1ad6a034ccfdce5e3a3ced93068aa216bd0c6e0e

      SHA256

      e505b08308622ad12d98e1c7a07e5dc619a2a00bcd4a5cbe04fe8b078bcf94a2

      SHA512

      fb6a46708d048a8f964839a514315b9c76659c8e1ab2cd8c5c5d8f312aa4fb628ab3ce5d23a793c41c13a2aa6a95106a47964dad72a5ecb8d035106fc5b7ba71

      Download Submit

    • C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll
      Filesize

      210KB

      MD5

      c106df1b5b43af3b937ace19d92b42f3

      SHA1

      7670fc4b6369e3fb705200050618acaa5213637f

      SHA256

      2b5b7a2afbc88a4f674e1d7836119b57e65fae6863f4be6832c38e08341f2d68

      SHA512

      616e45e1f15486787418a2b2b8eca50cacac6145d353ff66bf2c13839cd3db6592953bf6feed1469db7ddf2f223416d5651cd013fb32f64dc6c72561ab2449ae

      Download Submit

    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll
      Filesize

      693KB

      MD5

      2c4d25b7fbd1adfd4471052fa482af72

      SHA1

      fd6cd773d241b581e3c856f9e6cd06cb31a01407

      SHA256

      2a7a84768cc09a15362878b270371daad9872caacbbeebe7f30c4a7ed6c03ca7

      SHA512

      f7f94ec00435466db2fb535a490162b906d60a3cfa531a36c4c552183d62d58ccc9a6bb8bbfe39815844b0c3a861d3e1f1178e29dbcb6c09fa2e6ebbb7ab943a

      Download Submit

    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.INI
      Filesize

      12B

      MD5

      eb053699fc80499a7185f6d5f7d55bfe

      SHA1

      9700472d22b1995c320507917fa35088ae4e5f05

      SHA256

      bce3dfdca8f0b57846e914d497f4bb262e3275f05ea761d0b4f4b778974e6967

      SHA512

      d66fa39c69d9c6448518cb9f98cbdad4ce5e93ceef8d20ce0deef91fb3e512b5d5a9458f7b8a53d4b68d693107872c5445e99f87c948878f712f8a79bc761dbf

      Download Submit

    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
      Filesize

      173KB

      MD5

      fd9df72620bca7c4d48bc105c89dffd2

      SHA1

      2e537e504704670b52ce775943f14bfbaf175c1b

      SHA256

      847d0cd49cce4975bafdeb67295ed7d2a3b059661560ca5e222544e9dfc5e760

      SHA512

      47228cbdba54cd4e747dba152feb76a42bfc6cd781054998a249b62dd0426c5e26854ce87b6373f213b4e538a62c08a89a488e719e2e763b7b968e77fbf4fc02

      Download Submit

    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config
      Filesize

      546B

      MD5

      158fb7d9323c6ce69d4fce11486a40a1

      SHA1

      29ab26f5728f6ba6f0e5636bf47149bd9851f532

      SHA256

      5e38ef232f42f9b0474f8ce937a478200f7a8926b90e45cb375ffda339ec3c21

      SHA512

      7eefcc5e65ab4110655e71bc282587e88242c15292d9c670885f0daae30fa19a4b059390eb8e934607b8b14105e3e25d7c5c1b926b6f93bdd40cbd284aaa3ceb

      Download Submit

    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll
      Filesize

      94KB

      MD5

      e2a9291940753244c88cb68d28612996

      SHA1

      bad8529a85c32e5c26c907cfb2fb0da8461407ae

      SHA256

      6565e67d5db582b3de0b266eb59a8acec7cdf9943c020cb6879833d8bd784378

      SHA512

      f07669a3939e3e6b5a4d90c3a5b09ca2448e8e43af23c08f7a8621817a49f7b0f5956d0539333a6df334cc3e517255242e572eaef02a7bbf4bc141a438bf9eb9

      Download Submit

    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll
      Filesize

      688KB

      MD5

      3ef8d12aa1d48dec3ac19a0ceabd4fd8

      SHA1

      c81b7229a9bd55185a0edccb7e6df3b8e25791cf

      SHA256

      18c1ddbdbf47370cc85fa2cf7ba043711ab3eadbd8da367638686dfd6b735c85

      SHA512

      0ff2e8dbfef7164b22f9ae9865e83154096971c3f0b236d988ab947e803c1ed03d86529ab80d2be9ff33af305d34c9b30082f8c26e575f0979ca9287b415f9f9

      Download Submit

    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll
      Filesize

      588KB

      MD5

      17d74c03b6bcbcd88b46fcc58fc79a0d

      SHA1

      bc0316e11c119806907c058d62513eb8ce32288c

      SHA256

      13774cc16c1254752ea801538bfb9a9d1328f8b4dd3ff41760ac492a245fbb15

      SHA512

      f1457a8596a4d4f9b98a7dcb79f79885fa28bd7fc09a606ad3cd6f37d732ec7e334a64458e51e65d839ddfcdf20b8b5676267aa8ced0080e8cf81a1b2291f030

      Download Submit

    • C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt
      Filesize

      223B

      MD5

      6c39a18b1a5b7a2bb3e3812bccdad700

      SHA1

      375130a1ea10a121dbbd2b70488370573beaca12

      SHA256

      db99395bf7d5db42eb0e887ef2486c936ee2b48a68516aa6b547083327e2195a

      SHA512

      347e2125ca429b7bd35c35ee44666c66c9ce2ddccfd960bdeb6ded640c47d0ff16c3a429cb8fba10b64e78e1ab13f3bbe3a99b5aeddcb87934fed28eaf2fe255

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
      Filesize

      471B

      MD5

      b6102b47f3d2450f02c1167e5b337e9b

      SHA1

      91a6e5d7b3540556c971bcd6cdf52abd2cffcbfe

      SHA256

      e0c2d57c8661d444666ae009725ee84cd33a29ac48738277ea37bfd56b3cf8c4

      SHA512

      62bb67b325b56c41544956928ef0991262df019a470fc5792ba5abb7096e419f7ea3c8326560ffbe2b50ed0612fbc968fdf7564793a4d550b2465b799cbfcedf

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
      Filesize

      727B

      MD5

      a433d0bd40ae75fbd372efe3fd3e2bc6

      SHA1

      137005873f5a1d269a7047adbcd08f5d204a323b

      SHA256

      83599ee2c90c3ef5da0f1d87bb6155bdcd2e70b97ad2163e4247f74f0925e1ec

      SHA512

      dca032c59d56db32821d19d913cb7519fbc0545bdc5b19cc6ca9eebf2faa8dca9739d4190b269c34438bca85879a271108f0641c2b653df37f08bfb9224150cb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
      Filesize

      727B

      MD5

      dd4a6de11c5aca03831ce2c397816af4

      SHA1

      98aa2153abf98ed443bb2214471fad28f61db070

      SHA256

      49f3eb5a31dc7c52694a2baa6defe57f668a679c3fc5cc736162b6e1e2cf4bb3

      SHA512

      8c0de17a3838d920121901226aa8d72b8434b8ea00f6d9a0e354d05049b5cb56c6bb7f9f9325e882077cbfb43f8da5f71b8f50675569c9a3a163c20a457c9694

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
      Filesize

      400B

      MD5

      401545c116dac002b1d76cd3d59c21f0

      SHA1

      84e1748b46521bb5e562e89bdaddc0712dd4ee67

      SHA256

      4df5360e2583bceeaed04b7109516fa375168c40855e643935deee016761b657

      SHA512

      1545434370315b44432636aad7e53de8b3e43ac8b96f9fcb124b01bf2c9e55907e9cf11d8f14c1e378705dc81214200339635999582ff919f3bd3ddca9ce52ff

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
      Filesize

      404B

      MD5

      9abbbaedb3c7404b0b4ba3eab124fcae

      SHA1

      d019019b967eea8243479b36e0257c9be9dd3777

      SHA256

      c7ca742eba5af3c7410fa941bf0dd75812ca92d26f43303af72c4247967ba69d

      SHA512

      c00eea4bd47681de9b1ad7b5a3d1e24546c1f02fdbe269069914c2cf15dd5fcd2db635d565123199c06d45b290b958b39a1dd23cc2558fb945c78c796252e8c5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
      Filesize

      412B

      MD5

      3801e20fcf3e6c1a62efb936153567ad

      SHA1

      591e80382ae1cad969f047678cf9d2ec750a3988

      SHA256

      bc447eecade3b2d8d59fc0f02d22f2e91f396351f30a7774f2c4829a4b09d8ed

      SHA512

      d10c5083bfc0ce6b32a20a712669d478584cc704c43357c82103e0476298f6c7e826147c8ce8bc31a6576c65bc473cca20adb25f201f256a8cb846a16ab94201

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log
      Filesize

      651B

      MD5

      9bbfe11735bac43a2ed1be18d0655fe2

      SHA1

      61141928bb248fd6e9cd5084a9db05a9b980fb3a

      SHA256

      549953bd4fc8acc868a9374ec684ebd9e7b23939adf551016f3433b642697b74

      SHA512

      a78c52b2ddc057dabf260eeb744b9f55eab3374ad96e1938a291d2b17f204a0d6e1aa02802de75f0b2cd6d156540d2ddee15e889b89d5e619207054df4c1d483

      Download Submit

    • C:\Windows\Installer\MSIEF13.tmp
      Filesize

      509KB

      MD5

      88d29734f37bdcffd202eafcdd082f9d

      SHA1

      823b40d05a1cab06b857ed87451bf683fdd56a5e

      SHA256

      87c97269e2b68898be87b884cd6a21880e6f15336b1194713e12a2db45f1dccf

      SHA512

      1343ed80dccf0fa4e7ae837b68926619d734bc52785b586a4f4102d205497d2715f951d9acacc8c3e5434a94837820493173040dc90fb7339a34b6f3ef0288d0

      Download Submit

    • C:\Windows\Installer\MSIEF13.tmp-\AlphaControlAgentInstallation.dll
      Filesize

      25KB

      MD5

      aa1b9c5c685173fad2dabebeb3171f01

      SHA1

      ed756b1760e563ce888276ff248c734b7dd851fb

      SHA256

      e44a6582cd3f84f4255d3c230e0a2c284e0cffa0ca5e62e4d749e089555494c7

      SHA512

      d3bfb4bd7e7fdb7159fbfc14056067c813ce52cdd91e885bdaac36820b5385fb70077bf58ec434d31a5a48245eb62b6794794618c73fe7953f79a4fc26592334

      Download Submit

    • C:\Windows\Installer\MSIEF13.tmp-\Microsoft.Deployment.WindowsInstaller.dll
      Filesize

      179KB

      MD5

      1a5caea6734fdd07caa514c3f3fb75da

      SHA1

      f070ac0d91bd337d7952abd1ddf19a737b94510c

      SHA256

      cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

      SHA512

      a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

      Download Submit

    • C:\Windows\Installer\MSIF2CD.tmp-\CustomAction.config
      Filesize

      1KB

      MD5

      bc17e956cde8dd5425f2b2a68ed919f8

      SHA1

      5e3736331e9e2f6bf851e3355f31006ccd8caa99

      SHA256

      e4ff538599c2d8e898d7f90ccf74081192d5afa8040e6b6c180f3aa0f46ad2c5

      SHA512

      02090daf1d5226b33edaae80263431a7a5b35a2ece97f74f494cc138002211e71498d42c260395ed40aee8e4a40474b395690b8b24e4aee19f0231da7377a940

      Download Submit

    • C:\Windows\Installer\MSIF2CD.tmp-\Newtonsoft.Json.dll
      Filesize

      695KB

      MD5

      715a1fbee4665e99e859eda667fe8034

      SHA1

      e13c6e4210043c4976dcdc447ea2b32854f70cc6

      SHA256

      c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

      SHA512

      bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

      Download Submit

    • C:\Windows\Installer\MSIFCC3.tmp
      Filesize

      211KB

      MD5

      a3ae5d86ecf38db9427359ea37a5f646

      SHA1

      eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

      SHA256

      c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

      SHA512

      96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

      Download Submit

    • C:\Windows\Installer\e57ee57.msi
      Filesize

      2.9MB

      MD5

      fdfc57001755f3030667eac89cf2a00f

      SHA1

      0fc06e0a19bbefa90f6cd1e395c494cf867f22f2

      SHA256

      d0ee910218126f3e67dc00d8e8b525577cf447d91e4f9559b8d0fdbef7f27670

      SHA512

      82df214e3be28bca5b063a9a08201ff380e53e445fbd31bbb26f9f9804a22a30a1b573821a3ca368481832ab21d46b140848022b7ee6d9c8e4cd75c570e9975f

      Download Submit

    • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
      Filesize

      404B

      MD5

      cf56716f15a6b92a4de5828b9b29e67d

      SHA1

      3aa183c78cdecb8e098664b06287a005d5912696

      SHA256

      9a9b190d155432236bfd3bbaf47ff8fc3b0259abef85f52b11a665f3ddd69efc

      SHA512

      6339d4e1787121af840b404e4636c86f95f26f80122a951331088c6c444cc3450853cddad0ada063517d195c30cf40a714b199b639b3ef16457d3786e19dd11a

      Download Submit

    • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
      Filesize

      412B

      MD5

      0327dc6e7c46182bcf3022bd88642f0f

      SHA1

      4ceed2c64f1a7103078baa20e032bf8d68b39a9e

      SHA256

      e561e95d052c21f1f959ec35db696690b61861915e6745b94bf48d0a7ff99fe3

      SHA512

      0402455dc9cfec82db24a7a6b8bd95ba220954ee9c42cfc4d3c4f017cfc3578b872c58a6651e7384d45cb653ade3771afb6d138286ca83ec7aac6c6b1dd6312c

      Download Submit

    • \??\Volume{ff55ba41-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{cde3979f-fdb6-49ac-9909-bdd50bc075a1}_OnDiskSnapshotProp
      Filesize

      6KB

      MD5

      bde2b76c307f67c65a2f8f1ddbbdcdb9

      SHA1

      3562e2a2954de35249b05c10bf37ab32f5913917

      SHA256

      7f110f019c0d736b2df846850edef6f83d6f3bdf8b548a492b681c9c339efac9

      SHA512

      d3a8622c498753b3671438d974589bd2a8be2d565d854d7d10d08623327714fb5787a744ae53097c56aef3db620efab8ee48aea04bc53d43bb502b0398e63859

      Download Submit

    • memory/1164-39-0x0000000004EC0000-0x0000000004EEE000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1164-43-0x0000000004F00000-0x0000000004F0C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/2724-274-0x0000026CD16A0000-0x0000026CD16D0000-memory.dmp

      Filesize

      192KB

      Download

    • memory/2724-279-0x0000026CD1A90000-0x0000026CD1AAC000-memory.dmp

      Filesize

      112KB

      Download

    • memory/2724-277-0x0000026CEA8A0000-0x0000026CEA950000-memory.dmp

      Filesize

      704KB

      Download

    • memory/3896-111-0x0000000004CB0000-0x0000000004D16000-memory.dmp

      Filesize

      408KB

      Download

    • memory/4248-161-0x00000198FBE40000-0x00000198FBED8000-memory.dmp

      Filesize

      608KB

      Download

    • memory/4248-166-0x00000198FBDA0000-0x00000198FBDDC000-memory.dmp

      Filesize

      240KB

      Download

    • memory/4248-165-0x00000198FB500000-0x00000198FB512000-memory.dmp

      Filesize

      72KB

      Download

    • memory/4248-149-0x00000198F9840000-0x00000198F9868000-memory.dmp

      Filesize

      160KB

      Download

    • memory/4664-243-0x0000022B46440000-0x0000022B46478000-memory.dmp

      Filesize

      224KB

      Download

    • memory/4664-202-0x0000022B45E60000-0x0000022B45E82000-memory.dmp

      Filesize

      136KB

      Download

    • memory/4664-194-0x0000022B45EF0000-0x0000022B45FA2000-memory.dmp

      Filesize

      712KB

      Download

    • memory/4868-80-0x0000000004CF0000-0x0000000005044000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/4868-79-0x0000000004B70000-0x0000000004B92000-memory.dmp

      Filesize

      136KB

      Download

    • memory/4868-76-0x0000000004C30000-0x0000000004CE2000-memory.dmp

      Filesize

      712KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.