Overview

overview

10

Static

static

10

CKKA7_setup.msi

windows7-x64

10

CKKA7_setup.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    02-12-2024 19:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CKKA7_setup.msi

  • Size

    2.9MB

  • MD5

    adf916501d23322eaf3451311f3c29a9

  • SHA1

    66f27ec7161b1678a3cb33c7f0ef5a32687dd198

  • SHA256

    44ccba8b52af7ec64fc97943186ed735518b027a38e6559e0a17980c4c0c7a44

  • SHA512

    db74407e25953d4221d9282ac655a5788e2149663cbf12013e647ddb16147f729d419e2c6f51991da1e4a45bea696a00428801b5b93adf175b0fd1ada56a6d9f

  • SSDEEP

    49152:q+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:q+lUlz9FKbsodq0YaH7ZPxMb8tT

Score
10/10
ateraagentdiscoverypersistenceprivilege_escalationrat

Malware Config

Signatures

  • AteraAgent

    AteraAgent is a remote monitoring and management tool.

    ratateraagent
  • Ateraagent family
    ateraagent
  • Detects AteraAgent 1 IoCs
  • Blocklisted process makes network request 7 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 18 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 18 IoCs
  • Drops file in Windows directory 37 IoCs
  • Executes dropped EXE 3 IoCs
  • Launches sc.exe 1 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Loads dropped DLL 35 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Kills process with taskkill 1 IoCs
    evasion
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 22 IoCs
  • Modifies system certificate store 2 TTPs 4 IoCs
    evasionspywaretrojan
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 63 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\CKKA7_setup.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2644
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2552
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 31A7F1DC438CF3CE63C0002453510ABB
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1636
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI1A94.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259464014 1 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
        3⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:2012
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI1DA1.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259464622 5 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
        3⤵
        • Blocklisted process makes network request
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:2192
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI2F5E.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259469271 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
        3⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:996
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI3CCD.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259472718 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
        3⤵
        • Blocklisted process makes network request
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:2340
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding A87BA4A55E061B3C32C7B10A05174522 M Global\MSI0000
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2392
      • C:\Windows\syswow64\NET.exe
        "NET" STOP AteraAgent
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2588
        • C:\Windows\SysWOW64\net1.exe
          C:\Windows\system32\net1 STOP AteraAgent
          4⤵
          • System Location Discovery: System Language Discovery
          PID:2884
      • C:\Windows\syswow64\TaskKill.exe
        "TaskKill.exe" /f /im AteraAgent.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Kills process with taskkill
        PID:2188
    • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
      "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="[email protected]" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="<redacted>" /AgentId="b49e73f2-8d0a-4f1b-9d16-b2eb7bebd2bd"
      2⤵
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      PID:1280
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2628
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000003D4" "00000000000005B8"
    1⤵
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    PID:484
  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
    "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Executes dropped EXE
    • Modifies data under HKEY_USERS
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:408
    • C:\Windows\System32\sc.exe
      "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
      2⤵
      • Launches sc.exe
      PID:568
    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" b49e73f2-8d0a-4f1b-9d16-b2eb7bebd2bd "0d67784e-8822-45bb-966f-397ea076a556" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" <redacted>
      2⤵
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      PID:2464

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Config.Msi\f771a18.rbs
    Filesize

    8KB

    MD5

    b1154fe41f13b8e02f5075ea7d9b0721

    SHA1

    29eeddf51ba00ca34b1f48772161ccf14ee7a386

    SHA256

    d43a2f8b28bd610642b5ea56d5dd77ea8eb22bd31b73d67f72800ce3579fe0d0

    SHA512

    5b62c154091102178fd82d0c54540e58efed43606b09009fdeda06a9ccf95776c54da83aef8e6490ad3dcfc8e095d45e2f5d11ed188497a24c1501413ad4a9a3

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
    Filesize

    753B

    MD5

    8298451e4dee214334dd2e22b8996bdc

    SHA1

    bc429029cc6b42c59c417773ea5df8ae54dbb971

    SHA256

    6fbf5845a6738e2dc2aa67dd5f78da2c8f8cb41d866bbba10e5336787c731b25

    SHA512

    cda4ffd7d6c6dff90521c6a67a3dba27bf172cc87cee2986ae46dccd02f771d7e784dcad8aea0ad10decf46a1c8ae1041c184206ec2796e54756e49b9217d7ba

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
    Filesize

    142KB

    MD5

    477293f80461713d51a98a24023d45e8

    SHA1

    e9aa4e6c514ee951665a7cd6f0b4a4c49146241d

    SHA256

    a96a0ba7998a6956c8073b6eff9306398cc03fb9866e4cabf0810a69bb2a43b2

    SHA512

    23f3bd44a5fb66be7fea3f7d6440742b657e4050b565c1f8f4684722502d46b68c9e54dcc2486e7de441482fcc6aa4ad54e94b1d73992eb5d070e2a17f35de2f

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config
    Filesize

    1KB

    MD5

    b3bb71f9bb4de4236c26578a8fae2dcd

    SHA1

    1ad6a034ccfdce5e3a3ced93068aa216bd0c6e0e

    SHA256

    e505b08308622ad12d98e1c7a07e5dc619a2a00bcd4a5cbe04fe8b078bcf94a2

    SHA512

    fb6a46708d048a8f964839a514315b9c76659c8e1ab2cd8c5c5d8f312aa4fb628ab3ce5d23a793c41c13a2aa6a95106a47964dad72a5ecb8d035106fc5b7ba71

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll
    Filesize

    210KB

    MD5

    c106df1b5b43af3b937ace19d92b42f3

    SHA1

    7670fc4b6369e3fb705200050618acaa5213637f

    SHA256

    2b5b7a2afbc88a4f674e1d7836119b57e65fae6863f4be6832c38e08341f2d68

    SHA512

    616e45e1f15486787418a2b2b8eca50cacac6145d353ff66bf2c13839cd3db6592953bf6feed1469db7ddf2f223416d5651cd013fb32f64dc6c72561ab2449ae

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll
    Filesize

    693KB

    MD5

    2c4d25b7fbd1adfd4471052fa482af72

    SHA1

    fd6cd773d241b581e3c856f9e6cd06cb31a01407

    SHA256

    2a7a84768cc09a15362878b270371daad9872caacbbeebe7f30c4a7ed6c03ca7

    SHA512

    f7f94ec00435466db2fb535a490162b906d60a3cfa531a36c4c552183d62d58ccc9a6bb8bbfe39815844b0c3a861d3e1f1178e29dbcb6c09fa2e6ebbb7ab943a

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.INI
    Filesize

    12B

    MD5

    eb053699fc80499a7185f6d5f7d55bfe

    SHA1

    9700472d22b1995c320507917fa35088ae4e5f05

    SHA256

    bce3dfdca8f0b57846e914d497f4bb262e3275f05ea761d0b4f4b778974e6967

    SHA512

    d66fa39c69d9c6448518cb9f98cbdad4ce5e93ceef8d20ce0deef91fb3e512b5d5a9458f7b8a53d4b68d693107872c5445e99f87c948878f712f8a79bc761dbf

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
    Filesize

    173KB

    MD5

    fd9df72620bca7c4d48bc105c89dffd2

    SHA1

    2e537e504704670b52ce775943f14bfbaf175c1b

    SHA256

    847d0cd49cce4975bafdeb67295ed7d2a3b059661560ca5e222544e9dfc5e760

    SHA512

    47228cbdba54cd4e747dba152feb76a42bfc6cd781054998a249b62dd0426c5e26854ce87b6373f213b4e538a62c08a89a488e719e2e763b7b968e77fbf4fc02

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config
    Filesize

    546B

    MD5

    158fb7d9323c6ce69d4fce11486a40a1

    SHA1

    29ab26f5728f6ba6f0e5636bf47149bd9851f532

    SHA256

    5e38ef232f42f9b0474f8ce937a478200f7a8926b90e45cb375ffda339ec3c21

    SHA512

    7eefcc5e65ab4110655e71bc282587e88242c15292d9c670885f0daae30fa19a4b059390eb8e934607b8b14105e3e25d7c5c1b926b6f93bdd40cbd284aaa3ceb

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\log.txt
    Filesize

    23KB

    MD5

    761e1a5fc8542703545c3c31af7096b8

    SHA1

    7dbea0ddc760f3e210975e2184bf03fa91fdb2d3

    SHA256

    567d0c35a0eae0db70329afbd3c83b1d9eec4a029afe3f434461fa125a2c1bf1

    SHA512

    0884a17a58cdc43edad88942899e7e0ec7237e9da19bb79021abd12f17e40ae366bef77837f11ee74094917d6d1a79de3772c6b5c5217b8bcdbfd5d03466174c

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll
    Filesize

    588KB

    MD5

    17d74c03b6bcbcd88b46fcc58fc79a0d

    SHA1

    bc0316e11c119806907c058d62513eb8ce32288c

    SHA256

    13774cc16c1254752ea801538bfb9a9d1328f8b4dd3ff41760ac492a245fbb15

    SHA512

    f1457a8596a4d4f9b98a7dcb79f79885fa28bd7fc09a606ad3cd6f37d732ec7e334a64458e51e65d839ddfcdf20b8b5676267aa8ced0080e8cf81a1b2291f030

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt
    Filesize

    204B

    MD5

    f4079154c1caf0e546c91b145a48b008

    SHA1

    69c9e274808b9ad87d07cc98fa116b982627760e

    SHA256

    2bd9ef67e035882058aed5b354a13e4007d0aba5f9e2bd2704d3249bbe970ecf

    SHA512

    d5eae4b711d4f0962606c99bbc96fe6489f16c64fa3f0b1375f5c9aa7b0cf28500dbdec8a7a37fd56909e7a73c4678a4c6e2fc8d28880abc6bacc3ae5dcd4d8b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
    Filesize

    471B

    MD5

    b6102b47f3d2450f02c1167e5b337e9b

    SHA1

    91a6e5d7b3540556c971bcd6cdf52abd2cffcbfe

    SHA256

    e0c2d57c8661d444666ae009725ee84cd33a29ac48738277ea37bfd56b3cf8c4

    SHA512

    62bb67b325b56c41544956928ef0991262df019a470fc5792ba5abb7096e419f7ea3c8326560ffbe2b50ed0612fbc968fdf7564793a4d550b2465b799cbfcedf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
    Filesize

    727B

    MD5

    a433d0bd40ae75fbd372efe3fd3e2bc6

    SHA1

    137005873f5a1d269a7047adbcd08f5d204a323b

    SHA256

    83599ee2c90c3ef5da0f1d87bb6155bdcd2e70b97ad2163e4247f74f0925e1ec

    SHA512

    dca032c59d56db32821d19d913cb7519fbc0545bdc5b19cc6ca9eebf2faa8dca9739d4190b269c34438bca85879a271108f0641c2b653df37f08bfb9224150cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
    Filesize

    727B

    MD5

    1dc1121e24814ab2e9102c631f6368e5

    SHA1

    55f7935319102e893d0df7ba28c35343456300ee

    SHA256

    8ed09687565336351ef88085dcf6cfc841af12a63433ecc12c2f13a9557c3c59

    SHA512

    132158f8f2bdf5d66cd4f3fed37405027d4233c79a365027e5d8d0ea20c5d23805bd298358df371b625486282867ba93a3ff5945dddf3ae8d91dd2630e477df4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
    Filesize

    400B

    MD5

    e26d6f04096ea5ca31b6de04eb35b9c2

    SHA1

    7f3b16db96fe86c30148e9cc1404c8b9d638aa8b

    SHA256

    2e29a4a64c2c94a8878c3d7c51d717dc7bfdaab64f64211575632a55dac4bc25

    SHA512

    3e9530a702177bde52d88582ed5b9bed3f987a3eb2479225a72f84f625d286e79a45bc2cff88778fe55ad676bc10e7b77dbd68d37ccd835151c6eb34485140fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
    Filesize

    404B

    MD5

    a4dc4c0205cb78b2e2916bf292f6678c

    SHA1

    f6d1bf253dccbbea041c5cb2e2a31591cdbb9c98

    SHA256

    7b6c8706dc57cb76e7d9da75892825a1fffb95278872175b94c520bd08cc3847

    SHA512

    6b1bd31d751356010819294bb747b184d1d7c34021557bbf1b1878c4d5dc21fb7e7217c8ebce70c33ad6c290dc22258d635140ade2f88c36aa67e171cb6aee9a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b663cfd916e59bce00d6286662b46a1e

    SHA1

    815484f27bf78605ec5e5d0308c5da36a7b99236

    SHA256

    fb6e0e1cea46b9b41ae92f5a8f894cbfa95c8a1d467352358676c4304af0375f

    SHA512

    f3cc68ad74f02d35db8a6fa9cfcc9fe2f1fd6fac8254253e5020413ee0919cd6f62cfdbf9e508299e473e19fd8a0c0665dc312b6bcc2b70a7aef7ae66cde3b57

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3e481b555c2178a98d7493c1119b5512

    SHA1

    51745a9476278937ff736a4573ad349175f61106

    SHA256

    5b4f35d54c9578919c6f362eb7a0873af5841a8c2d1aaaf77fe4cbbcce887bfc

    SHA512

    80508c0c74830c72c766cd214593f0198941665613a7e581a2cf2fc6c462e187aae43e47d6a20de62e72bdb469b4f7980b02184daa3a2584da152741208e9db7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
    Filesize

    412B

    MD5

    1f8d17d394dc2d38fc90d63cfc857862

    SHA1

    d4984ca3d4bc85a34118c46a2ee88e13e5147659

    SHA256

    d3ec4d762218872bf75c5b36368be746489fa28895935f3098b97e86c1d41cb6

    SHA512

    bb1bfdd9d62f7438215c82336a33381065e2269c8943c0a11418e4b1149cf116262e1907c685cd47b340941a96cb659d4ef9210f2d56927cbf00c693598cda5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF48E.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF5E8.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\Installer\MSI1A94.tmp
    Filesize

    509KB

    MD5

    88d29734f37bdcffd202eafcdd082f9d

    SHA1

    823b40d05a1cab06b857ed87451bf683fdd56a5e

    SHA256

    87c97269e2b68898be87b884cd6a21880e6f15336b1194713e12a2db45f1dccf

    SHA512

    1343ed80dccf0fa4e7ae837b68926619d734bc52785b586a4f4102d205497d2715f951d9acacc8c3e5434a94837820493173040dc90fb7339a34b6f3ef0288d0

    Download Submit

  • C:\Windows\Installer\MSI1DA1.tmp-\CustomAction.config
    Filesize

    1KB

    MD5

    bc17e956cde8dd5425f2b2a68ed919f8

    SHA1

    5e3736331e9e2f6bf851e3355f31006ccd8caa99

    SHA256

    e4ff538599c2d8e898d7f90ccf74081192d5afa8040e6b6c180f3aa0f46ad2c5

    SHA512

    02090daf1d5226b33edaae80263431a7a5b35a2ece97f74f494cc138002211e71498d42c260395ed40aee8e4a40474b395690b8b24e4aee19f0231da7377a940

    Download Submit

  • C:\Windows\Installer\MSI1DA1.tmp-\Newtonsoft.Json.dll
    Filesize

    695KB

    MD5

    715a1fbee4665e99e859eda667fe8034

    SHA1

    e13c6e4210043c4976dcdc447ea2b32854f70cc6

    SHA256

    c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

    SHA512

    bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

    Download Submit

  • C:\Windows\Installer\MSI325C.tmp
    Filesize

    211KB

    MD5

    a3ae5d86ecf38db9427359ea37a5f646

    SHA1

    eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

    SHA256

    c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

    SHA512

    96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

    Download Submit

  • C:\Windows\Installer\f771a16.msi
    Filesize

    2.9MB

    MD5

    adf916501d23322eaf3451311f3c29a9

    SHA1

    66f27ec7161b1678a3cb33c7f0ef5a32687dd198

    SHA256

    44ccba8b52af7ec64fc97943186ed735518b027a38e6559e0a17980c4c0c7a44

    SHA512

    db74407e25953d4221d9282ac655a5788e2149663cbf12013e647ddb16147f729d419e2c6f51991da1e4a45bea696a00428801b5b93adf175b0fd1ada56a6d9f

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
    Filesize

    1KB

    MD5

    55540a230bdab55187a841cfe1aa1545

    SHA1

    363e4734f757bdeb89868efe94907774a327695e

    SHA256

    d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

    SHA512

    c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eeb436217d8a182f3ad38cea1a34c338

    SHA1

    458a596297c24e76766204475f31a82e52240b68

    SHA256

    975c0b4f35d88026578807bcfc696bb34d28c107786faa89f99761fc426d1031

    SHA512

    3e8da9babef598823b4b599b3cd24e5e37812c3d2908bacdaa6528410a38766ad7cc9781a7bfdd3184627d2afd8b6628243ffdd9d5ded7c747177d7efeda013c

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9a27b547bb7011524b583a6abde17b0a

    SHA1

    c516733b94217191c91f50be2eb167407b24504f

    SHA256

    4460fd398afca879b22cda9f50c1ce79f4cee9c813214f0d08ed61d952c5260a

    SHA512

    81812f7d9dc8f0fce4c7132fd27a3757f31cd003b0fe8043529b6cdb9616b2e7857f60e11f43dc02ae5d7ef13920820eeb4d070c976871a1f509fea904d540dc

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e62e3c6fa8a5f15bd53009728bfc03b5

    SHA1

    67b90237712a5b9fc4a8b170739836022f693acd

    SHA256

    86823a78d316d22fa5eb335b97b559a028637f2d3431399d6e117e73c984ac1c

    SHA512

    9cdd58eda0c7cdb400f52d041cfc9f62da179b23c82802acb7c7d8cb6c8edfa45f85e6b553220a79e9ff99076340ad147972826ce668b1748196d685e1c059e7

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f7536bf7600e5d7c3e0b83a0b39ebc8b

    SHA1

    9e7822d129e5d3bc792db0a3d1ffe1b1a700dd5c

    SHA256

    2f67cd95f974e784468f4826c7a446bf86ddc67add8fac01f6d6ea06fb648392

    SHA512

    70311a7e0de2f6483b33705b597f5a8773083af5c6409c6c7e85ea54e8948f749dc8092ebb30132a11ebe1a3fb68f3826a143936a744a89b11d87d77e0831878

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2ea3b149d50b91acb09bfe01af60a9ce

    SHA1

    f8e64d95e5e943ebdbcd273cc94081f3a4d334ee

    SHA256

    28cddccf3d61748ab58e29e4bdf6c534c8839f02de8e1e72c0fa0343beb04888

    SHA512

    3bf8b574f5887a12f9c765f62d5a2313830e12de1929bf7fa80541cb52c6b7f3be39df277886847365fd7e503bf2fdbef0ff1cad0b2fbe1bc7544fcc6b734ca0

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e4d5c1156b2ef95fa5d74ce7f35150e8

    SHA1

    515a03040842f0fbfa96f6fd58231e389c60cbaf

    SHA256

    e4e32b19c029cd81e86fdcb132b821342f1d6ccc43ce37c2139196e22761ec55

    SHA512

    ba682f48bdc80fd9de07f093bcae8238f96bcee948ae9602bdc7dbe3d69bcd05335daab42bdc670a2ede997ae9e9f5057448e8fcbd1cbdf8a17a12e28694d8bb

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    af56c108c7db90d2fc818c5f4526276d

    SHA1

    2c987be1c1f2d9784924cd340a687a8125cf8ecc

    SHA256

    90c9218fe1d8ac767678ce7c9a3c834f4ff5be1c30139b78f5626d088ff1ae2e

    SHA512

    3e4a729423c43cc09a644f7221680ef5c375a5bfe4fdfca1a038314927f37244484fcaa6232d442768e818671e85d9067d725bcc459b896fc9d1afe8be6f6cde

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9069fc1e5763757b727a92647be65c2a

    SHA1

    a300ac3d6e1801ae128472b39139cb9866c9b61f

    SHA256

    579576b7e4d7f8a607f3b32c9578d172a4ef20d8c1483bde43f4c599b9cdfbf8

    SHA512

    e73c79ac3445ebe209754b025457be7884a8d67b0d33ba572fa4a2cfe8b99ca9d5e42194f9d3763a2177179448a002e4e9b8d51dec8ff65eddc8d37e047e19b0

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f2ffbfa39cc8276b30640b793c9c8942

    SHA1

    8e7c19102684244945e0a977b391290983a9ac5b

    SHA256

    62faa4b5d9a95854c454051e0e93e8c1efaeeef35e108bcf3064cdc7b83be12a

    SHA512

    b0077d60aec87904f5f42e722889886459dad02bd6a0516873e9bd37c1dc1245dccbc2d1d81d6c10e8be8ef87ab05f18083a1a249182ba4ceadce2729faa2cf4

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fea7f4c00ac1b02020b9ce45718925a3

    SHA1

    602123d18ccb0704fed2166d920dd8ebb0d74c58

    SHA256

    b82285e15554c324352fafc4b2555bf0ba87f2c3df5f8aaaf206161697d5f6f0

    SHA512

    b4bf880201f23e1ce55d43912427e4bdbf29c9bd8532d4db0a2e5f54fea0cb7bab35655d7f6f529ee549c75852dbd7fe56361074ec92cc784a4f64e6af77de8d

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b02abb05818cf7ca7e527a4f450ce59b

    SHA1

    ff6e05354f2ebd3af9c9e4c8421562fda72076d8

    SHA256

    c2c443c36390a4c00b294744642fff8e1026890fc5eb07a6e8a2b53ad170accb

    SHA512

    e53989655ab9fd9899e21c808198b5460c48fec8227e38dbe38a636890a70f0232be1735acd2c29cf53a477c9db0a6f7a5b564abc39a1d5f6fb15724ea3ea236

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    c1ae8f6da12f0247ba72721b0069d279

    SHA1

    6005bb1d7275720dbc3cebbffd0acfec4ce9c5e2

    SHA256

    79aa1d955fa3b3c66e130e4f0adf0550c391e60ad03d3639d2780d153d6d2884

    SHA512

    2ae3e4f09eb9aabaffa1914feccd85b4e11a0132144ce9195f0b6b684de18ff9b8bf261442abfdff53fe7f41cbb6dc76a2148ddba1c9e7a5aad36025df2e850e

    Download Submit

  • C:\Windows\Temp\Cab4A97.tmp
    Filesize

    29KB

    MD5

    d59a6b36c5a94916241a3ead50222b6f

    SHA1

    e274e9486d318c383bc4b9812844ba56f0cff3c6

    SHA256

    a38d01d3f024e626d579cf052ac3bd4260bb00c34bc6085977a5f4135ab09b53

    SHA512

    17012307955fef045e7c13bf0613bd40df27c29778ba6572640b76c18d379e02dc478e855c9276737363d0ad09b9a94f2adaa85da9c77ebb3c2d427aa68e2489

    Download Submit

  • C:\Windows\Temp\Tar4AAA.tmp
    Filesize

    81KB

    MD5

    b13f51572f55a2d31ed9f266d581e9ea

    SHA1

    7eef3111b878e159e520f34410ad87adecf0ca92

    SHA256

    725980edc240c928bec5a5f743fdabeee1692144da7091cf836dc7d0997cef15

    SHA512

    f437202723b2817f2fef64b53d4eb67f782bdc61884c0c1890b46deca7ca63313ee2ad093428481f94edfcecd9c77da6e72b604998f7d551af959dbd6915809c

    Download Submit

  • \Windows\Installer\MSI1A94.tmp-\AlphaControlAgentInstallation.dll
    Filesize

    25KB

    MD5

    aa1b9c5c685173fad2dabebeb3171f01

    SHA1

    ed756b1760e563ce888276ff248c734b7dd851fb

    SHA256

    e44a6582cd3f84f4255d3c230e0a2c284e0cffa0ca5e62e4d749e089555494c7

    SHA512

    d3bfb4bd7e7fdb7159fbfc14056067c813ce52cdd91e885bdaac36820b5385fb70077bf58ec434d31a5a48245eb62b6794794618c73fe7953f79a4fc26592334

    Download Submit

  • \Windows\Installer\MSI1A94.tmp-\Microsoft.Deployment.WindowsInstaller.dll
    Filesize

    179KB

    MD5

    1a5caea6734fdd07caa514c3f3fb75da

    SHA1

    f070ac0d91bd337d7952abd1ddf19a737b94510c

    SHA256

    cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

    SHA512

    a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

    Download Submit

  • memory/408-292-0x000000001A8C0000-0x000000001A972000-memory.dmp

    Filesize

    712KB

    Download

  • memory/408-1074-0x0000000019560000-0x0000000019598000-memory.dmp

    Filesize

    224KB

    Download

  • memory/1280-233-0x00000000013B0000-0x00000000013D8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/1280-245-0x0000000000B50000-0x0000000000BE8000-memory.dmp

    Filesize

    608KB

    Download

  • memory/2012-72-0x00000000002B0000-0x00000000002DE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2012-76-0x0000000000360000-0x000000000036C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2192-101-0x0000000000580000-0x00000000005AE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2192-109-0x0000000002560000-0x0000000002612000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2192-105-0x00000000005E0000-0x00000000005EC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2340-313-0x0000000001FD0000-0x0000000002082000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2340-309-0x0000000001FC0000-0x0000000001FCC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2340-305-0x00000000004D0000-0x00000000004FE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2464-1183-0x00000000012F0000-0x0000000001320000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2464-1185-0x0000000000BF0000-0x0000000000CA0000-memory.dmp

    Filesize

    704KB

    Download

  • memory/2464-1186-0x0000000000CA0000-0x0000000000CBC000-memory.dmp

    Filesize

    112KB

    Download