Overview

overview

10

Static

static

10

APLICATIVO...AL.msi

windows7-x64

10

APLICATIVO...AL.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    06-01-2025 11:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    APLICATIVO-WINDOWS-NOTA-FISCAL.msi

  • Size

    2.9MB

  • MD5

    7ce6669643890d209540d68e76c0cfcc

  • SHA1

    c49df2e823d5e2461a11c96ad4d36974c7fffc9a

  • SHA256

    27f1cdf3422c4c87d9d273a62df4404339119e416d16d8512479d87acd07c12b

  • SHA512

    dfb7cde9198fe29e9b8738ab2ddca34db87c3be6d9eb1c68e507ffb59f4f9e66761ab84a1e40b4fa040aa061f214c2e2ea1efcfc875bcca44bdf947639ef10ed

  • SSDEEP

    49152:a+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:a+lUlz9FKbsodq0YaH7ZPxMb8tT

Score
10/10
ateraagentdiscoverypersistenceprivilege_escalationrat

Malware Config

Signatures

  • AteraAgent

    AteraAgent is a remote monitoring and management tool.

    ratateraagent
  • Ateraagent family
    ateraagent
  • Detects AteraAgent 1 IoCs
  • Blocklisted process makes network request 7 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 20 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 18 IoCs
  • Drops file in Windows directory 37 IoCs
  • Executes dropped EXE 3 IoCs
  • Launches sc.exe 1 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Loads dropped DLL 35 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Kills process with taskkill 1 IoCs
    evasion
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 22 IoCs
  • Modifies system certificate store 2 TTPs 4 IoCs
    evasionspywaretrojan
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 63 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\APLICATIVO-WINDOWS-NOTA-FISCAL.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:1896
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2724
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 86FC0E5117DF6651A3DE8EA16C52C134
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1048
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSID625.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259446510 1 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
        3⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:2028
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSID971.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259447228 5 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
        3⤵
        • Blocklisted process makes network request
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:1168
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSIE9F6.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259451471 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
        3⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:900
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSIF6C9.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259454654 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
        3⤵
        • Blocklisted process makes network request
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:1696
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 312942498176D9E12E1D545168B13FA4 M Global\MSI0000
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1284
      • C:\Windows\syswow64\NET.exe
        "NET" STOP AteraAgent
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2816
        • C:\Windows\SysWOW64\net1.exe
          C:\Windows\system32\net1 STOP AteraAgent
          4⤵
          • System Location Discovery: System Language Discovery
          PID:3040
      • C:\Windows\syswow64\TaskKill.exe
        "TaskKill.exe" /f /im AteraAgent.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Kills process with taskkill
        PID:2648
    • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
      "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="[email protected]" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000P2oAPIAZ" /AgentId="c3feda4d-79ee-4b78-ac68-ba17febe39da"
      2⤵
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      PID:2768
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2760
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000003E0" "00000000000005A4"
    1⤵
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    PID:580
  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
    "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Executes dropped EXE
    • Modifies data under HKEY_USERS
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:664
    • C:\Windows\System32\sc.exe
      "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
      2⤵
      • Launches sc.exe
      PID:1804
    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" c3feda4d-79ee-4b78-ac68-ba17febe39da "47ec5e9e-beb6-4010-bb1b-8d7dd4cb2400" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000P2oAPIAZ
      2⤵
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      PID:2136

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Config.Msi\f76d5b8.rbs
    Filesize

    8KB

    MD5

    fac0dc5bc2c9a769a444ad0fc7ea2968

    SHA1

    3be7991c1f0b9f54eec29f541f86b5d6f4153e33

    SHA256

    c0a015a5f8acb6d5df125ca7d0b14b3a3d1aae89fbb9a57db143e2450a7301a1

    SHA512

    cd397d1f4b527f697abfe3aff765de7bbb1e7dc4891a1cf25693436cd4b0e30181e17d19072f7dd57a699b1804645124a93ac4d008051df9f0c3f8f7a12ca034

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
    Filesize

    753B

    MD5

    8298451e4dee214334dd2e22b8996bdc

    SHA1

    bc429029cc6b42c59c417773ea5df8ae54dbb971

    SHA256

    6fbf5845a6738e2dc2aa67dd5f78da2c8f8cb41d866bbba10e5336787c731b25

    SHA512

    cda4ffd7d6c6dff90521c6a67a3dba27bf172cc87cee2986ae46dccd02f771d7e784dcad8aea0ad10decf46a1c8ae1041c184206ec2796e54756e49b9217d7ba

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
    Filesize

    142KB

    MD5

    477293f80461713d51a98a24023d45e8

    SHA1

    e9aa4e6c514ee951665a7cd6f0b4a4c49146241d

    SHA256

    a96a0ba7998a6956c8073b6eff9306398cc03fb9866e4cabf0810a69bb2a43b2

    SHA512

    23f3bd44a5fb66be7fea3f7d6440742b657e4050b565c1f8f4684722502d46b68c9e54dcc2486e7de441482fcc6aa4ad54e94b1d73992eb5d070e2a17f35de2f

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config
    Filesize

    1KB

    MD5

    b3bb71f9bb4de4236c26578a8fae2dcd

    SHA1

    1ad6a034ccfdce5e3a3ced93068aa216bd0c6e0e

    SHA256

    e505b08308622ad12d98e1c7a07e5dc619a2a00bcd4a5cbe04fe8b078bcf94a2

    SHA512

    fb6a46708d048a8f964839a514315b9c76659c8e1ab2cd8c5c5d8f312aa4fb628ab3ce5d23a793c41c13a2aa6a95106a47964dad72a5ecb8d035106fc5b7ba71

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll
    Filesize

    210KB

    MD5

    c106df1b5b43af3b937ace19d92b42f3

    SHA1

    7670fc4b6369e3fb705200050618acaa5213637f

    SHA256

    2b5b7a2afbc88a4f674e1d7836119b57e65fae6863f4be6832c38e08341f2d68

    SHA512

    616e45e1f15486787418a2b2b8eca50cacac6145d353ff66bf2c13839cd3db6592953bf6feed1469db7ddf2f223416d5651cd013fb32f64dc6c72561ab2449ae

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll
    Filesize

    693KB

    MD5

    2c4d25b7fbd1adfd4471052fa482af72

    SHA1

    fd6cd773d241b581e3c856f9e6cd06cb31a01407

    SHA256

    2a7a84768cc09a15362878b270371daad9872caacbbeebe7f30c4a7ed6c03ca7

    SHA512

    f7f94ec00435466db2fb535a490162b906d60a3cfa531a36c4c552183d62d58ccc9a6bb8bbfe39815844b0c3a861d3e1f1178e29dbcb6c09fa2e6ebbb7ab943a

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.INI
    Filesize

    12B

    MD5

    3fa173e4e1e00396a06e409935a1e7f9

    SHA1

    089b85e04c266edd6dbb678ee91da656b19674b3

    SHA256

    297a53db6da22aa3ee4ce849c9952f08bb7296303a170c9ddc7acede10b64c25

    SHA512

    d0c34b51e5599c01edf4ca6acc89186bcea5b97a598c4f120b3063c171b9a1668ba5ff87014565360471973b30733a5521783fa3446bf376332aad23a4325d26

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
    Filesize

    182KB

    MD5

    9d8d50d2789c2a8d847d7953518a96f6

    SHA1

    42621852b40f3f068da5494c9879f846b4869399

    SHA256

    76aefe9205bce78d4533500e6839e892b7d80edc39abcd30ca67952925302b29

    SHA512

    91ea7152762f00fdfbc6cb8d5d15c2e07bc298af8958406b0b0fb652ee3d4a4da9d79ca7dde47dc7700285b20cba089f35745c2b3b84b9dc0d258bd9bdc89f56

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config
    Filesize

    546B

    MD5

    158fb7d9323c6ce69d4fce11486a40a1

    SHA1

    29ab26f5728f6ba6f0e5636bf47149bd9851f532

    SHA256

    5e38ef232f42f9b0474f8ce937a478200f7a8926b90e45cb375ffda339ec3c21

    SHA512

    7eefcc5e65ab4110655e71bc282587e88242c15292d9c670885f0daae30fa19a4b059390eb8e934607b8b14105e3e25d7c5c1b926b6f93bdd40cbd284aaa3ceb

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll
    Filesize

    94KB

    MD5

    93d5e2aafbe16cada057bf880002b2f7

    SHA1

    095832afb05852d692bd40d5f77ebbdd339bc545

    SHA256

    83333ce938e943ac54ea0428722d8f9d64d2be993502cd0e95b39e2d78956484

    SHA512

    2e2391c315fd173634f262011a25c9e397bc8a1dac8e86a039f52ff733534f57f2e00adc995900823448a45933864e814e89549f41271fc9d7effd116bbf3854

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll
    Filesize

    688KB

    MD5

    50e3f5a0e04cbd99d4be8cfe914c7bbe

    SHA1

    19d99ae964f490e055942d516c60dfdedc585825

    SHA256

    89ed8cbc24723d67ac7e47d0d018ea293f15fc210d9b3e26dc555f464e9b15cd

    SHA512

    2f67dbb41631b6134414d1685815daea7f38120d88f83cb8f83763cf18b1f6aa2b9a5a7eaef816eb8a24998536556128c15128b4e301b765c859a9741d69ba25

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\log.txt
    Filesize

    23KB

    MD5

    1e47f4a00db150b5b1ccf961eac711cc

    SHA1

    f37c720669b40bc2fbdc3eb7eee62682c5eb6ca8

    SHA256

    5f6bd5b5b9d480ab186d7f8cf873320449fbecd5f69e6f6ae6b6ac8513adf18a

    SHA512

    dd3b8ce45d9667cc2a7ed1c1c0cbf859f0b36c45e0fd85e507de1e62e4ae7718058d99b644a16dc24b1e462c82390889b11fbebb8dd1652157dea0a9386d052e

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll
    Filesize

    588KB

    MD5

    17d74c03b6bcbcd88b46fcc58fc79a0d

    SHA1

    bc0316e11c119806907c058d62513eb8ce32288c

    SHA256

    13774cc16c1254752ea801538bfb9a9d1328f8b4dd3ff41760ac492a245fbb15

    SHA512

    f1457a8596a4d4f9b98a7dcb79f79885fa28bd7fc09a606ad3cd6f37d732ec7e334a64458e51e65d839ddfcdf20b8b5676267aa8ced0080e8cf81a1b2291f030

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt
    Filesize

    226B

    MD5

    548a7401f3b0cde21064c5a32e58e183

    SHA1

    1d86246e8950c8f8bc9c9a8c3ecb7330012e5bf3

    SHA256

    b8ba1281c4e6d999e96c8c13a48ef28a3af48e14dbd3d9b3a3f627721a237862

    SHA512

    6a0761a4890d1c79831c6e6abc31b90f367e571dd735c3c930c548f9125a0dfbbc99416242f256c0a438b9638db17c98a282274e91e95ffdfbdc701042f5bc83

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
    Filesize

    471B

    MD5

    93540fc05230487c467a36aafbe3bb8e

    SHA1

    e9b78901234bb595b31e038a34bdc9feab30c36e

    SHA256

    1b798bda44609cc5fdf00e33018ede7d9e5c7315db28439e3648d353e45e1269

    SHA512

    bcff33619ba84374a50a77785db022673f7c59a4adb9825e856c5f95ac7a3102cfc6f3e9398ebfbf1610a9fa79a623375cee55170d844c424b0de56815ed2650

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
    Filesize

    727B

    MD5

    de33d7f19862684188632305c34a38b1

    SHA1

    c4916e5f70146dd008cebb154c0dfb1d7c4a271f

    SHA256

    ea05998307af355c25c30dc2186798d5d19a2ae9d79d7a061c9a4cd101be68cc

    SHA512

    802dc1547c87e1e034b4e6cd25d6e49f9f357299481a905a9522b1163ab45e95d7821bf3774f9cbe42e9bb9355525c492b58d2e11571859d0ff8a229c9b686fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
    Filesize

    727B

    MD5

    05164d501071a25477ece52f898cfed8

    SHA1

    64b2f1b1a66e45ff79655e2cf007068e58deda19

    SHA256

    0f6d822546a0a7b6dbb98817d454cce45e65859ece9b5851f8e51df7ee91fff0

    SHA512

    a095944f38f285a408fd58539102aec0325a428513c84c4df793137f532b364cdcd1a8efc79b1669846882ec5744d711309ef62705834e900f79ee507a4ce255

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
    Filesize

    400B

    MD5

    b0a29b98bf7a13ac7bf52d1cfbf56045

    SHA1

    c6947fb7fce1a78c348a362d06700c8d97382f14

    SHA256

    0a5ec4daef69df1a1328bbb88877b07e86a97624d55b01597c7bcb53b129f609

    SHA512

    77f6b973db6f4313d020538230b7b34774455665618539149da7c21a2532fdafa11ed493ec1e6d7a7139c259c0a45ab5d6502e1c2fe97a63f5bbb2584ff3b4c7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
    Filesize

    404B

    MD5

    78d5f27b7c54959341feeff70ed038aa

    SHA1

    c5a100c5c589ff90b8ee80522304f135e341cb27

    SHA256

    f36e0f8ecc5e6ce1266c582ddf8bcd48bb4350af5b6e602d0a1ff8e070e18b6f

    SHA512

    55d62cd3305ea46dae626b13ee6adb942d80bf5cd627edfa5e83022a573f1d6cae65b6c58d93d961fb982b3dddcb90db3f62a66e62cb15359f0a131b21f20365

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d6759ad4b57a2228f9932b6c67f7f4d9

    SHA1

    264fe7b3230bc0dd3834371d07670cba8011f2ef

    SHA256

    593419277fc313f52deec8db95aca26fc87cd0e804f13a7b926e4eb57dd45926

    SHA512

    ff54cdd9a58f68e8093deb38c31d16b3d49228eff263e32516fb4683dea4fc4911b36cdd15889c40021b918abb675fe6c72b212eb59c2bdd6bde518d2c1f45c7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    169957824b9450449d9c6f4ae36b416e

    SHA1

    18d33f05a82b41c2f1185f2ab92043a6188d7efc

    SHA256

    b17e17c6e964501a99884938d00544b19cb69ccf3932c7d9d58ab30415d1336f

    SHA512

    5f3d674ed72b9a122b68a0b03a5da96ca7d2d41d53627b2ce10a1a088184b44f388eb4679cc8bf54f40f45683719a16bec33cac9a1a983d355b0bbd06d2edad1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
    Filesize

    412B

    MD5

    bfbc1a618bdd15cc2e111e7e5c69ddbb

    SHA1

    5e012c5c89541a57aef029d7f317e2ac2cb18ef2

    SHA256

    4a5cd287e5d381d7887f42b94a71b12caa5cccfdf95cb72ab6ad84cce26e5beb

    SHA512

    2074282ac843fb79483408bfc6c2a7685ba8af5f849c66919f0199057066f40e49081ddb0606b95bddd5780f41406f08d52cdb9d8e031344ae1c81df99c05ffe

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB425.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB5BD.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\Installer\MSID625.tmp
    Filesize

    509KB

    MD5

    88d29734f37bdcffd202eafcdd082f9d

    SHA1

    823b40d05a1cab06b857ed87451bf683fdd56a5e

    SHA256

    87c97269e2b68898be87b884cd6a21880e6f15336b1194713e12a2db45f1dccf

    SHA512

    1343ed80dccf0fa4e7ae837b68926619d734bc52785b586a4f4102d205497d2715f951d9acacc8c3e5434a94837820493173040dc90fb7339a34b6f3ef0288d0

    Download Submit

  • C:\Windows\Installer\MSID971.tmp-\CustomAction.config
    Filesize

    1KB

    MD5

    bc17e956cde8dd5425f2b2a68ed919f8

    SHA1

    5e3736331e9e2f6bf851e3355f31006ccd8caa99

    SHA256

    e4ff538599c2d8e898d7f90ccf74081192d5afa8040e6b6c180f3aa0f46ad2c5

    SHA512

    02090daf1d5226b33edaae80263431a7a5b35a2ece97f74f494cc138002211e71498d42c260395ed40aee8e4a40474b395690b8b24e4aee19f0231da7377a940

    Download Submit

  • C:\Windows\Installer\MSIEC1A.tmp
    Filesize

    211KB

    MD5

    a3ae5d86ecf38db9427359ea37a5f646

    SHA1

    eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

    SHA256

    c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

    SHA512

    96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

    Download Submit

  • C:\Windows\Installer\f76d5b6.msi
    Filesize

    2.9MB

    MD5

    7ce6669643890d209540d68e76c0cfcc

    SHA1

    c49df2e823d5e2461a11c96ad4d36974c7fffc9a

    SHA256

    27f1cdf3422c4c87d9d273a62df4404339119e416d16d8512479d87acd07c12b

    SHA512

    dfb7cde9198fe29e9b8738ab2ddca34db87c3be6d9eb1c68e507ffb59f4f9e66761ab84a1e40b4fa040aa061f214c2e2ea1efcfc875bcca44bdf947639ef10ed

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
    Filesize

    1KB

    MD5

    55540a230bdab55187a841cfe1aa1545

    SHA1

    363e4734f757bdeb89868efe94907774a327695e

    SHA256

    d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

    SHA512

    c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
    Filesize

    230B

    MD5

    a3a280d74f7524601ac76046664a74f0

    SHA1

    4f755d587083c475c3a30c2e74f23c30076d16dd

    SHA256

    2d602272e50ef7aa525b067e84cb226af9e3170e52e2e5d4ba970c4e804f7bb2

    SHA512

    52b5d1d3bd33729e5746b40aaa507496360554c89a6dedce9a60b47a00164a9d006eef73ee08e57964010ea9cc76694956e4d84bb51aa0b29de5878d9571447f

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    931b73c0e61c220d9e72f60b490c7a82

    SHA1

    b16b61c999391b182b4a4d7d15d64b6f65aba3f4

    SHA256

    082d16c56eee7b3aff183053d2092120c019798343501a5002c7b5dbf4787408

    SHA512

    715d33357abede81983bf2038c65d01ab267c918d13273cede8a36b17be04f8c4938e71808faa91c9fbe8c4c6b88c331948a5e6fbcf3ec0e1b08f1288b248efd

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7aef6d94c70f740ad0475f00cff14111

    SHA1

    49e6c5ea90ba05d2db416050cc41eecd4a0a12de

    SHA256

    ec7953e0ab8b74ff9bb7d90049e88db2278be02d72546b74a8a23c0843925f47

    SHA512

    bfb078c07201a8d06fdc7bd23992b6de757fbdb76cb869daaf4392f0696c462948bec26ba1b9fce8155e2cfd100b59f2864db9d1c1ce4c064dcc00832cb127a7

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    993eb000cd90521205317fb900005116

    SHA1

    0ada1c4c01298b24ff0d24278ee5e1a01aabb96c

    SHA256

    714814a8a4758225d2633c1c05cb491d9594520b7d6729dac00640b3df43dcca

    SHA512

    65d9447547d3fa6d0ccff4dcfc9be6731d21f221ad20a930eced58782b5180332756e2ccf93be8888c79fb7628ccd4f239b9fe92421168ce59b2d91e32a20266

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e399088c49e5c3dc7204da25a00f847f

    SHA1

    09459a0a7489c059b7d9426c8fdbeae2c9e2db02

    SHA256

    2e003c86f4d76b900f6d26411048bdee2f7c0f66c8fff7a9ee8f3d274851b1e3

    SHA512

    5396c77a63dbf4b38091a6ebc3b0d17f80497dd7ca5234563baae9010d90cdd16972c815305627347f2335d7e7a6ed1b43ea8d4d5808e9ef387b86634cd13b70

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b7506ee92d39c26eb1f03ba0f851267d

    SHA1

    e0a75548adacaef5aab6acda7cecf7e6c8ce61db

    SHA256

    ac764dc6f95d38cad61919e888044d45ac2ba9758eb29a50bdcf7a7e6f68d556

    SHA512

    36cf756f56bd96df027ddfdb01422d33b265d3649549382343ef5ce449ad6159ce94eca091bb6fafc474fd58b540228c676798364b2d38763518777bc5287067

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    055e781fce578ab9d4d4904a81f95009

    SHA1

    f3a8aec61023366b078c89b77e973ef9e4d0dc2e

    SHA256

    e5a65ca74079bbd34a231eb00cb062c0c365deeb7c2f8b5b10a13b6bf6342a32

    SHA512

    3d4ec1af1a93ce87543538935f556ba7fadb6c853aa73c568ed1629f5f42d39f4d80cb9d342df59f9a8bbdb10ae02b737a9b34e662ddb27f06f28aab0dabb581

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f6f79bdf512ee62c2707dcd235c9006d

    SHA1

    17af4e2605a548370968769696b2def9332f10e3

    SHA256

    08c8ad055e66dd1998a08fdf6957739bab8cbeb6e462f49226fac14b992b73a5

    SHA512

    99f004be5c0b02156f8ee1e28c7454c4ffaf486e190775625e035ef9ab5246a9c26a2733395178c42ab6518297a5c47b86a7e2fcd12fd1b4c987c89876824da9

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    252fabf4b5c5abe4c38282afea511708

    SHA1

    729887bd72fbfbbbb23793bba3f87e284af61a41

    SHA256

    f2ebcefaa4951f9523598dfa154b9e8b38a6680e69136866003f30141663b818

    SHA512

    c9a5bee97ee03d2a38014e3f16d0faf23001392e7d278739f78b46e9da1e6783d7d1b00b228c6ce16f193edbabf6d0861ce8e6e4cc29a454cb585ab42899f2d6

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aaa30698760ba6d0b852dcd3ec4274c4

    SHA1

    fad1ac48e3856bc49edefbefbd7b9aa25808cc69

    SHA256

    7f0bfbdb8900cc534b8e88a212ec19aede563a21e3fedad5f2b9fa1af6bc9be4

    SHA512

    262991f8801f8da10d3242d6483d8378604b6e2d2432c20a0a688aa368c5016340f26e2dbb4fbf2fa7acb9bc80a46c8d642005eca0c7d136c188409f72b19318

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c5fde32532ac6712f38cc33e51c6735f

    SHA1

    a2b5e9060b83f58533680ae4472151651ad1ab98

    SHA256

    9f3280b562cf7824b878400b4265811cea85050fbd54650d1ee620390e788953

    SHA512

    4f438c077b28d2448ba9655a1a68093b5726345fcf379fba70b87228828e5f38b2edc17a874b55b8e4b2f0897296fd4f06cf2530e21b2e40b521404d4f877274

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    707a3f5296c4e402597ce49b129b8485

    SHA1

    6b0be548de25f36d529b976736464472e3d4f872

    SHA256

    41f9d23fdffcce352190cdc22b94b53819ea7b1c865e8d814cb77bd2f60ed2db

    SHA512

    35004983dd69666d44e7ffb87d8b8ae2060d5a9050d64ba885c6c2c6f0b97c7e57dfdb12d839f7d7c76d84ac2dbdee2c5c78bd8990b9918ccb38b476267a7d58

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0767c5ca86abdf3a95011610f21c76e6

    SHA1

    4491c7c44eb9688172151af18ace5de03270cd74

    SHA256

    32c164a366fc1cd00055c60117bbc3eca155b2a9a1ef40944342e6246890f341

    SHA512

    f259896a86f124926b2135a90a49515a89f869f569b5dc777a91b4147a5fbfc4e75a738fcdd4790c439f51c91302a21eeb308b69c9acbd10b1b7d28b7b9b4fdb

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    6922b6bd9fb1aa7a3862743315dde212

    SHA1

    6468cc238aba25c0adedea40a009a257a1734f69

    SHA256

    0560358aaaac7bc36bc2d18ffad9d7324ec526dfaba29715bc96d6b6f85f0540

    SHA512

    5fd5a233ef0f91498a0928c614be6bf76e75040808b493df76c87f9aa1217b732c1bd12ad1e067bba697109265c1b8e9549fdf07468ebc7db9a566b3c5afee75

    Download Submit

  • C:\Windows\Temp\Cab464.tmp
    Filesize

    29KB

    MD5

    d59a6b36c5a94916241a3ead50222b6f

    SHA1

    e274e9486d318c383bc4b9812844ba56f0cff3c6

    SHA256

    a38d01d3f024e626d579cf052ac3bd4260bb00c34bc6085977a5f4135ab09b53

    SHA512

    17012307955fef045e7c13bf0613bd40df27c29778ba6572640b76c18d379e02dc478e855c9276737363d0ad09b9a94f2adaa85da9c77ebb3c2d427aa68e2489

    Download Submit

  • C:\Windows\Temp\Tar477.tmp
    Filesize

    81KB

    MD5

    b13f51572f55a2d31ed9f266d581e9ea

    SHA1

    7eef3111b878e159e520f34410ad87adecf0ca92

    SHA256

    725980edc240c928bec5a5f743fdabeee1692144da7091cf836dc7d0997cef15

    SHA512

    f437202723b2817f2fef64b53d4eb67f782bdc61884c0c1890b46deca7ca63313ee2ad093428481f94edfcecd9c77da6e72b604998f7d551af959dbd6915809c

    Download Submit

  • \Windows\Installer\MSID625.tmp-\AlphaControlAgentInstallation.dll
    Filesize

    25KB

    MD5

    aa1b9c5c685173fad2dabebeb3171f01

    SHA1

    ed756b1760e563ce888276ff248c734b7dd851fb

    SHA256

    e44a6582cd3f84f4255d3c230e0a2c284e0cffa0ca5e62e4d749e089555494c7

    SHA512

    d3bfb4bd7e7fdb7159fbfc14056067c813ce52cdd91e885bdaac36820b5385fb70077bf58ec434d31a5a48245eb62b6794794618c73fe7953f79a4fc26592334

    Download Submit

  • \Windows\Installer\MSID625.tmp-\Microsoft.Deployment.WindowsInstaller.dll
    Filesize

    179KB

    MD5

    1a5caea6734fdd07caa514c3f3fb75da

    SHA1

    f070ac0d91bd337d7952abd1ddf19a737b94510c

    SHA256

    cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

    SHA512

    a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

    Download Submit

  • \Windows\Installer\MSID971.tmp-\Newtonsoft.Json.dll
    Filesize

    695KB

    MD5

    715a1fbee4665e99e859eda667fe8034

    SHA1

    e13c6e4210043c4976dcdc447ea2b32854f70cc6

    SHA256

    c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

    SHA512

    bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

    Download Submit

  • memory/664-1271-0x0000000019C00000-0x0000000019C38000-memory.dmp

    Filesize

    224KB

    Download

  • memory/664-293-0x0000000000DD0000-0x0000000000E82000-memory.dmp

    Filesize

    712KB

    Download

  • memory/1168-101-0x00000000003A0000-0x00000000003CE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1168-109-0x0000000004870000-0x0000000004922000-memory.dmp

    Filesize

    712KB

    Download

  • memory/1168-105-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1696-313-0x0000000004C20000-0x0000000004CD2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/1696-309-0x0000000000760000-0x000000000076C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1696-305-0x0000000000500000-0x000000000052E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2028-76-0x0000000000740000-0x000000000074C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2028-72-0x0000000000630000-0x000000000065E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2136-1368-0x0000000000340000-0x0000000000372000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2136-1371-0x0000000000580000-0x0000000000630000-memory.dmp

    Filesize

    704KB

    Download

  • memory/2136-1373-0x0000000000300000-0x000000000031C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/2768-245-0x00000000003F0000-0x0000000000488000-memory.dmp

    Filesize

    608KB

    Download

  • memory/2768-233-0x0000000000A10000-0x0000000000A38000-memory.dmp

    Filesize

    160KB

    Download