Overview

overview

10

Static

static

10

z1eCAC2025.msi

windows7-x64

10

z1eCAC2025.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/01/2025, 18:01 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    z1eCAC2025.msi

  • Size

    2.9MB

  • MD5

    30c87bf81a6b9da8c2d2196d4471f056

  • SHA1

    a8c45bd3cb66256a07ba8c4047aa88db5c72c50b

  • SHA256

    40c90476979303f54df8bf6ac6ba10a252623cf18519b492b77d8988cb6bd216

  • SHA512

    066c4c9922994259cdb62d9cbc21fa6e63b1c765a18a1c4e94b1741e60b580ddb132134f13d6ad0f86285c618243ca6849dc5aac92fb8b8be014610a6159bf06

  • SSDEEP

    49152:N+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:N+lUlz9FKbsodq0YaH7ZPxMb8tT

Score
10/10
ateraagentdiscoverypersistenceprivilege_escalationrat

Malware Config

Signatures

  • AteraAgent

    AteraAgent is a remote monitoring and management tool.

    ratateraagent
  • Ateraagent family
    ateraagent
  • Detects AteraAgent 1 IoCs
  • Blocklisted process makes network request 4 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 14 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 17 IoCs
  • Drops file in Windows directory 35 IoCs
  • Executes dropped EXE 4 IoCs
  • Launches sc.exe 1 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Loads dropped DLL 31 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Kills process with taskkill 1 IoCs
    defense_evasion
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 22 IoCs
  • Modifies system certificate store 2 TTPs 8 IoCs
    defense_evasionspywaretrojan
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 37 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\z1eCAC2025.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4144
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3384
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1220
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding B9E2C0BD1844001DD7C07B40610251F8
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:864
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSIE1F4.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240640796 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
        3⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:4428
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSIE715.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240641843 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
        3⤵
        • Blocklisted process makes network request
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:4412
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSIF186.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240644546 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
        3⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:2948
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSIFF95.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240648109 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
        3⤵
        • Blocklisted process makes network request
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:392
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 3A91B200A9965DDBE5462F48FE2AB5DA E Global\MSI0000
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4440
      • C:\Windows\SysWOW64\NET.exe
        "NET" STOP AteraAgent
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3144
        • C:\Windows\SysWOW64\net1.exe
          C:\Windows\system32\net1 STOP AteraAgent
          4⤵
          • System Location Discovery: System Language Discovery
          PID:2608
      • C:\Windows\SysWOW64\TaskKill.exe
        "TaskKill.exe" /f /im AteraAgent.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:4348
    • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
      "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="financeiro@brasmasdistribuicao.com.br" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000PPiXTIA1" /AgentId="947a9008-1c28-4f55-9671-dc0371ff0c73"
      2⤵
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      PID:832
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious use of AdjustPrivilegeToken
    PID:4568
  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
    "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Executes dropped EXE
    • Modifies data under HKEY_USERS
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4736
    • C:\Windows\System32\sc.exe
      "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
      2⤵
      • Launches sc.exe
      PID:4592
    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 947a9008-1c28-4f55-9671-dc0371ff0c73 "0f05d8d3-3f08-4113-a8ba-2d0a5007bfb9" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000PPiXTIA1
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:3440
    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 947a9008-1c28-4f55-9671-dc0371ff0c73 "9f4d1ce7-e106-4d01-81eb-baef6d7f0b7a" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000PPiXTIA1
      2⤵
      • Drops file in System32 directory
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:4272

Network

  • flag-us
    DNS
    97.17.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.17.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    97.17.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.17.167.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    29.153.16.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    29.153.16.2.in-addr.arpa
    IN PTR
    Response
    29.153.16.2.in-addr.arpa
    IN PTR
    a2-16-153-29deploystaticakamaitechnologiescom
  • flag-us
    DNS
    167.173.78.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    167.173.78.104.in-addr.arpa
    IN PTR
    Response
    167.173.78.104.in-addr.arpa
    IN PTR
    a104-78-173-167deploystaticakamaitechnologiescom
  • flag-us
    DNS
    4.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    4.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    13.86.106.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.86.106.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    13.86.106.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.86.106.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    167.57.26.184.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    167.57.26.184.in-addr.arpa
    IN PTR
    Response
    167.57.26.184.in-addr.arpa
    IN PTR
    a184-26-57-167deploystaticakamaitechnologiescom
  • flag-us
    DNS
    agent-api.atera.com
    AgentPackageAgentInformation.exe
    Remote address:
    8.8.8.8:53
    Request
    agent-api.atera.com
    IN A
    Response
    agent-api.atera.com
    IN CNAME
    agentsapi.trafficmanager.net
    agentsapi.trafficmanager.net
    IN CNAME
    atera-agent-api-eu.westeurope.cloudapp.azure.com
    atera-agent-api-eu.westeurope.cloudapp.azure.com
    IN A
    40.119.152.241
  • flag-us
    DNS
    agent-api.atera.com
    AgentPackageAgentInformation.exe
    Remote address:
    8.8.8.8:53
    Request
    agent-api.atera.com
    IN A
  • flag-nl
    POST
    https://agent-api.atera.com/Production/Agent/track-event
    rundll32.exe
    Remote address:
    40.119.152.241:443
    Request
    POST /Production/Agent/track-event HTTP/1.1
    X-Atera-AccountId: 001Q300000PPiXTIA1
    Content-Type: application/json
    Host: agent-api.atera.com
    Content-Length: 130
    Expect: 100-continue
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Mon, 20 Jan 2025 18:01:24 GMT
    Content-Length: 0
    Connection: keep-alive
    Request-Context: appId=cid-v1:dab78164-68e3-479b-97e3-bbc6914c52dc
  • flag-us
    DNS
    241.152.119.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.152.119.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    241.152.119.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.152.119.40.in-addr.arpa
    IN PTR
  • flag-nl
    POST
    https://agent-api.atera.com/Production/Agent/GetEnvironmentStatus
    AteraAgent.exe
    Remote address:
    40.119.152.241:443
    Request
    POST /Production/Agent/GetEnvironmentStatus HTTP/1.1
    Content-Type: application/json
    Host: agent-api.atera.com
    Content-Length: 39
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Mon, 20 Jan 2025 18:01:28 GMT
    Content-Type: application/json; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Request-Context: appId=cid-v1:dab78164-68e3-479b-97e3-bbc6914c52dc
  • flag-nl
    POST
    https://agent-api.atera.com/Production/Agent/GetCommands
    AteraAgent.exe
    Remote address:
    40.119.152.241:443
    Request
    POST /Production/Agent/GetCommands HTTP/1.1
    Content-Type: application/x-www-form-urlencoded
    Host: agent-api.atera.com
    Content-Length: 98
    Connection: Close
    Response
    HTTP/1.1 204 No Content
    Date: Mon, 20 Jan 2025 18:01:29 GMT
    Connection: close
    Request-Context: appId=cid-v1:dab78164-68e3-479b-97e3-bbc6914c52dc
  • flag-nl
    POST
    https://agent-api.atera.com/Production/Agent/track-event
    rundll32.exe
    Remote address:
    40.119.152.241:443
    Request
    POST /Production/Agent/track-event HTTP/1.1
    X-Atera-AccountId: 001Q300000PPiXTIA1
    Content-Type: application/json
    Host: agent-api.atera.com
    Content-Length: 142
    Expect: 100-continue
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Mon, 20 Jan 2025 18:01:28 GMT
    Content-Length: 0
    Connection: keep-alive
    Request-Context: appId=cid-v1:dab78164-68e3-479b-97e3-bbc6914c52dc
  • flag-nl
    POST
    https://agent-api.atera.com/Production/Agent/GetRecurringPackages
    AteraAgent.exe
    Remote address:
    40.119.152.241:443
    Request
    POST /Production/Agent/GetRecurringPackages HTTP/1.1
    Content-Type: application/x-www-form-urlencoded
    Host: agent-api.atera.com
    Content-Length: 44
    Response
    HTTP/1.1 200 OK
    Date: Mon, 20 Jan 2025 18:01:29 GMT
    Content-Type: application/json; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Request-Context: appId=cid-v1:dab78164-68e3-479b-97e3-bbc6914c52dc
  • flag-nl
    POST
    https://agent-api.atera.com/Production/Agent/AgentStarting
    AteraAgent.exe
    Remote address:
    40.119.152.241:443
    Request
    POST /Production/Agent/AgentStarting HTTP/1.1
    Content-Type: application/x-www-form-urlencoded
    Host: agent-api.atera.com
    Content-Length: 98
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Date: Mon, 20 Jan 2025 18:01:30 GMT
    Content-Type: application/json; charset=utf-8
    Transfer-Encoding: chunked
    Connection: close
    Request-Context: appId=cid-v1:dab78164-68e3-479b-97e3-bbc6914c52dc
  • flag-us
    DNS
    ps.pndsn.com
    AteraAgent.exe
    Remote address:
    8.8.8.8:53
    Request
    ps.pndsn.com
    IN A
    Response
    ps.pndsn.com
    IN A
    35.157.63.227
    ps.pndsn.com
    IN A
    35.157.63.228
  • flag-de
    GET
    https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=00d14cf7-df2f-415e-901d-189f6e1d9762&uuid=947a9008-1c28-4f55-9671-dc0371ff0c73
    AteraAgent.exe
    Remote address:
    35.157.63.227:443
    Request
    GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=00d14cf7-df2f-415e-901d-189f6e1d9762&uuid=947a9008-1c28-4f55-9671-dc0371ff0c73 HTTP/1.1
    Host: ps.pndsn.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Mon, 20 Jan 2025 18:01:29 GMT
    Content-Type: text/javascript; charset="UTF-8"
    Connection: keep-alive
    Content-Length: 19
    Cache-Control: no-cache
    Access-Control-Allow-Credentials: true
    Access-Control-Expose-Headers: *
  • flag-de
    GET
    https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=c90407cd-4ede-4823-a31a-9903c8d72b69&uuid=947a9008-1c28-4f55-9671-dc0371ff0c73
    AteraAgent.exe
    Remote address:
    35.157.63.227:443
    Request
    GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=c90407cd-4ede-4823-a31a-9903c8d72b69&uuid=947a9008-1c28-4f55-9671-dc0371ff0c73 HTTP/1.1
    Host: ps.pndsn.com
    Response
    HTTP/1.1 200 OK
    Date: Mon, 20 Jan 2025 18:01:30 GMT
    Content-Type: text/javascript; charset="UTF-8"
    Connection: keep-alive
    Content-Length: 19
    Cache-Control: no-cache
    Access-Control-Allow-Credentials: true
    Access-Control-Expose-Headers: *
  • flag-de
    GET
    https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=cd46a75e-3cdb-4894-a1e0-f9e107e20425&uuid=947a9008-1c28-4f55-9671-dc0371ff0c73
    AteraAgent.exe
    Remote address:
    35.157.63.227:443
    Request
    GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=cd46a75e-3cdb-4894-a1e0-f9e107e20425&uuid=947a9008-1c28-4f55-9671-dc0371ff0c73 HTTP/1.1
    Host: ps.pndsn.com
    Response
    HTTP/1.1 200 OK
    Date: Mon, 20 Jan 2025 18:01:44 GMT
    Content-Type: text/javascript; charset="UTF-8"
    Connection: keep-alive
    Content-Length: 19
    Cache-Control: no-cache
    Access-Control-Allow-Credentials: true
    Access-Control-Expose-Headers: *
  • flag-de
    GET
    https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=23116936-77a9-40b6-a3de-071810b40aac&uuid=947a9008-1c28-4f55-9671-dc0371ff0c73
    AteraAgent.exe
    Remote address:
    35.157.63.227:443
    Request
    GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=23116936-77a9-40b6-a3de-071810b40aac&uuid=947a9008-1c28-4f55-9671-dc0371ff0c73 HTTP/1.1
    Host: ps.pndsn.com
    Response
    HTTP/1.1 200 OK
    Date: Mon, 20 Jan 2025 18:01:45 GMT
    Content-Type: text/javascript; charset="UTF-8"
    Connection: keep-alive
    Content-Length: 19
    Cache-Control: no-cache
    Access-Control-Allow-Credentials: true
    Access-Control-Expose-Headers: *
  • flag-de
    GET
    https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=fd50af99-6aa4-4534-9600-171e01379044&uuid=947a9008-1c28-4f55-9671-dc0371ff0c73
    AteraAgent.exe
    Remote address:
    35.157.63.227:443
    Request
    GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=fd50af99-6aa4-4534-9600-171e01379044&uuid=947a9008-1c28-4f55-9671-dc0371ff0c73 HTTP/1.1
    Host: ps.pndsn.com
    Response
    HTTP/1.1 200 OK
    Date: Mon, 20 Jan 2025 18:02:30 GMT
    Content-Type: text/javascript; charset="UTF-8"
    Connection: keep-alive
    Content-Length: 19
    Cache-Control: no-cache
    Access-Control-Allow-Credentials: true
    Access-Control-Expose-Headers: *
  • flag-de
    GET
    https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/947a9008-1c28-4f55-9671-dc0371ff0c73/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=c2e2c184-e863-4e45-b93f-47bb92a9138e&uuid=947a9008-1c28-4f55-9671-dc0371ff0c73
    AteraAgent.exe
    Remote address:
    35.157.63.227:443
    Request
    GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/947a9008-1c28-4f55-9671-dc0371ff0c73/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=c2e2c184-e863-4e45-b93f-47bb92a9138e&uuid=947a9008-1c28-4f55-9671-dc0371ff0c73 HTTP/1.1
    Cache-Control: no-cache
    Pragma: no-cache
    Content-Type: application/json
    Host: ps.pndsn.com
    Response
    HTTP/1.1 200 OK
    Date: Mon, 20 Jan 2025 18:02:30 GMT
    Content-Type: text/javascript; charset="UTF-8"
    Content-Length: 55
    Connection: keep-alive
    Access-Control-Allow-Methods: OPTIONS, GET, POST
    Age: 0
    Cache-Control: no-cache
    Accept-Ranges: bytes
    Access-Control-Allow-Credentials: true
    Access-Control-Expose-Headers: *
  • flag-de
    GET
    https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=36fe9743-c909-4acb-a7f0-291a7f4a9f85&uuid=947a9008-1c28-4f55-9671-dc0371ff0c73
    AteraAgent.exe
    Remote address:
    35.157.63.227:443
    Request
    GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=36fe9743-c909-4acb-a7f0-291a7f4a9f85&uuid=947a9008-1c28-4f55-9671-dc0371ff0c73 HTTP/1.1
    Host: ps.pndsn.com
    Response
    HTTP/1.1 200 OK
    Date: Mon, 20 Jan 2025 18:03:04 GMT
    Content-Type: text/javascript; charset="UTF-8"
    Connection: keep-alive
    Content-Length: 19
    Cache-Control: no-cache
    Access-Control-Allow-Credentials: true
    Access-Control-Expose-Headers: *
  • flag-de
    GET
    https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/947a9008-1c28-4f55-9671-dc0371ff0c73/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=0c28f481-1f9a-4ac4-9cb9-0cca941b7ed0&tt=0&uuid=947a9008-1c28-4f55-9671-dc0371ff0c73
    AteraAgent.exe
    Remote address:
    35.157.63.227:443
    Request
    GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/947a9008-1c28-4f55-9671-dc0371ff0c73/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=0c28f481-1f9a-4ac4-9cb9-0cca941b7ed0&tt=0&uuid=947a9008-1c28-4f55-9671-dc0371ff0c73 HTTP/1.1
    Cache-Control: no-cache
    Pragma: no-cache
    Content-Type: application/json
    Host: ps.pndsn.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Mon, 20 Jan 2025 18:01:29 GMT
    Content-Type: text/javascript; charset="UTF-8"
    Content-Length: 45
    Connection: keep-alive
    Cache-Control: no-cache
    Access-Control-Allow-Methods: GET
    Access-Control-Allow-Credentials: true
    Access-Control-Expose-Headers: *
  • flag-de
    GET
    https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/947a9008-1c28-4f55-9671-dc0371ff0c73/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=a399027a-f25e-4a1e-91fa-4fe7eeefc92b&tr=41&tt=17373960898347171&uuid=947a9008-1c28-4f55-9671-dc0371ff0c73
    AteraAgent.exe
    Remote address:
    35.157.63.227:443
    Request
    GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/947a9008-1c28-4f55-9671-dc0371ff0c73/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=a399027a-f25e-4a1e-91fa-4fe7eeefc92b&tr=41&tt=17373960898347171&uuid=947a9008-1c28-4f55-9671-dc0371ff0c73 HTTP/1.1
    Cache-Control: no-cache
    Pragma: no-cache
    Content-Type: application/json
    Host: ps.pndsn.com
    Response
    HTTP/1.1 200 OK
    Date: Mon, 20 Jan 2025 18:01:44 GMT
    Content-Type: text/javascript; charset="UTF-8"
    Content-Length: 1884
    Connection: keep-alive
    Cache-Control: no-cache
    Access-Control-Allow-Methods: GET
    Access-Control-Allow-Credentials: true
    Access-Control-Expose-Headers: *
  • flag-de
    GET
    https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/947a9008-1c28-4f55-9671-dc0371ff0c73/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=a1cc679a-1e56-4dab-b90c-85db41cfc04e&tr=41&tt=17373961042415944&uuid=947a9008-1c28-4f55-9671-dc0371ff0c73
    AteraAgent.exe
    Remote address:
    35.157.63.227:443
    Request
    GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/947a9008-1c28-4f55-9671-dc0371ff0c73/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=a1cc679a-1e56-4dab-b90c-85db41cfc04e&tr=41&tt=17373961042415944&uuid=947a9008-1c28-4f55-9671-dc0371ff0c73 HTTP/1.1
    Cache-Control: no-cache
    Pragma: no-cache
    Content-Type: application/json
    Host: ps.pndsn.com
    Response
    HTTP/1.1 200 OK
    Date: Mon, 20 Jan 2025 18:01:45 GMT
    Content-Type: text/javascript; charset="UTF-8"
    Content-Length: 1874
    Connection: keep-alive
    Cache-Control: no-cache
    Access-Control-Allow-Methods: GET
    Access-Control-Allow-Credentials: true
    Access-Control-Expose-Headers: *
  • flag-de
    GET
    https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/947a9008-1c28-4f55-9671-dc0371ff0c73/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=0307b428-c1a5-4238-a773-1bcc9206cfad&tr=41&tt=17373961054587351&uuid=947a9008-1c28-4f55-9671-dc0371ff0c73
    AteraAgent.exe
    Remote address:
    35.157.63.227:443
    Request
    GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/947a9008-1c28-4f55-9671-dc0371ff0c73/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=0307b428-c1a5-4238-a773-1bcc9206cfad&tr=41&tt=17373961054587351&uuid=947a9008-1c28-4f55-9671-dc0371ff0c73 HTTP/1.1
    Cache-Control: no-cache
    Pragma: no-cache
    Content-Type: application/json
    Host: ps.pndsn.com
    Response
    HTTP/1.1 200 OK
    Date: Mon, 20 Jan 2025 18:03:04 GMT
    Content-Type: text/javascript; charset="UTF-8"
    Content-Length: 45
    Connection: keep-alive
    Cache-Control: no-cache
    Access-Control-Allow-Methods: GET
    Access-Control-Allow-Credentials: true
    Access-Control-Expose-Headers: *
  • flag-de
    GET
    https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/947a9008-1c28-4f55-9671-dc0371ff0c73/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=e4a77797-f4d2-43d2-bfd1-d765a6442f53&tr=41&tt=17373961054587351&uuid=947a9008-1c28-4f55-9671-dc0371ff0c73
    AteraAgent.exe
    Remote address:
    35.157.63.227:443
    Request
    GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/947a9008-1c28-4f55-9671-dc0371ff0c73/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=e4a77797-f4d2-43d2-bfd1-d765a6442f53&tr=41&tt=17373961054587351&uuid=947a9008-1c28-4f55-9671-dc0371ff0c73 HTTP/1.1
    Cache-Control: no-cache
    Pragma: no-cache
    Content-Type: application/json
    Host: ps.pndsn.com
  • flag-us
    DNS
    227.63.157.35.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    227.63.157.35.in-addr.arpa
    IN PTR
    Response
    227.63.157.35.in-addr.arpa
    IN PTR
    ec2-35-157-63-227 eu-central-1compute amazonawscom
  • flag-us
    DNS
    197.87.175.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    197.87.175.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    197.87.175.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    197.87.175.4.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    18.31.95.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.31.95.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-nl
    POST
    https://agent-api.atera.com/Production/Agent/AcknowledgeCommands
    AteraAgent.exe
    Remote address:
    40.119.152.241:443
    Request
    POST /Production/Agent/AcknowledgeCommands HTTP/1.1
    Content-Type: application/json
    Host: agent-api.atera.com
    Content-Length: 104
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Date: Mon, 20 Jan 2025 18:01:44 GMT
    Content-Type: application/json; charset=utf-8
    Transfer-Encoding: chunked
    Connection: close
    Request-Context: appId=cid-v1:dab78164-68e3-479b-97e3-bbc6914c52dc
  • flag-us
    DNS
    ps.atera.com
    AteraAgent.exe
    Remote address:
    8.8.8.8:53
    Request
    ps.atera.com
    IN A
    Response
    ps.atera.com
    IN CNAME
    d25btwd9wax8gu.cloudfront.net
    d25btwd9wax8gu.cloudfront.net
    IN A
    99.84.9.89
    d25btwd9wax8gu.cloudfront.net
    IN A
    99.84.9.56
    d25btwd9wax8gu.cloudfront.net
    IN A
    99.84.9.5
    d25btwd9wax8gu.cloudfront.net
    IN A
    99.84.9.72
  • flag-gb
    GET
    https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/38.9/AgentPackageAgentInformation.zip?cbPE7HhXVwVxCL/+uNxZnr+pf+AexLWE0lCxJHzwvWxI7jB4tsD4a4dGqOwWXafI
    AteraAgent.exe
    Remote address:
    99.84.9.89:443
    Request
    GET /agentpackagesnet45/AgentPackageAgentInformation/38.9/AgentPackageAgentInformation.zip?cbPE7HhXVwVxCL/+uNxZnr+pf+AexLWE0lCxJHzwvWxI7jB4tsD4a4dGqOwWXafI HTTP/1.1
    Host: ps.atera.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Content-Type: application/octet-stream
    Content-Length: 392705
    Connection: keep-alive
    Content-MD5: InI9MK2XWjOhKKIMr9tmhA==
    Last-Modified: Mon, 20 Jan 2025 15:32:16 GMT
    ETag: 0x8DD39679F007D26
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 94c0104f-201e-0018-3f51-6ba2ad000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 Jan 2025 15:41:34 GMT
    X-Cache: Hit from cloudfront
    Via: 1.1 8583f64172baf458ac5712a4d1815fec.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: LHR62-C2
    X-Amz-Cf-Id: D_aC4Zp08hc5DIX4zMUt4F22iZtB87U3n-3uP9WDE51sTn0IUJCPPw==
    Age: 8409
  • flag-nl
    POST
    https://agent-api.atera.com/Production/Agent/AcknowledgeCommands
    AteraAgent.exe
    Remote address:
    40.119.152.241:443
    Request
    POST /Production/Agent/AcknowledgeCommands HTTP/1.1
    Content-Type: application/json
    Host: agent-api.atera.com
    Content-Length: 104
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Date: Mon, 20 Jan 2025 18:01:45 GMT
    Content-Type: application/json; charset=utf-8
    Transfer-Encoding: chunked
    Connection: close
    Request-Context: appId=cid-v1:dab78164-68e3-479b-97e3-bbc6914c52dc
  • flag-us
    DNS
    agent-api.atera.com
    AgentPackageAgentInformation.exe
    Remote address:
    8.8.8.8:53
    Request
    agent-api.atera.com
    IN A
    Response
    agent-api.atera.com
    IN CNAME
    agentsapi.trafficmanager.net
    agentsapi.trafficmanager.net
    IN CNAME
    atera-agent-api-eu.westeurope.cloudapp.azure.com
    atera-agent-api-eu.westeurope.cloudapp.azure.com
    IN A
    40.119.152.241
  • flag-nl
    POST
    https://agent-api.atera.com/Production/Agent/CommandResult
    AgentPackageAgentInformation.exe
    Remote address:
    40.119.152.241:443
    Request
    POST /Production/Agent/CommandResult HTTP/1.1
    X-PackageName: AgentPackageAgentInformation
    X-PackageVersion: 38.9.0.0
    X-AccountId: 001Q300000PPiXTIA1
    Content-Type: application/json
    Host: agent-api.atera.com
    Content-Length: 469
    Expect: 100-continue
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Mon, 20 Jan 2025 18:01:46 GMT
    Content-Length: 0
    Connection: keep-alive
    Request-Context: appId=cid-v1:dab78164-68e3-479b-97e3-bbc6914c52dc
  • flag-nl
    POST
    https://agent-api.atera.com/Production/Agent/CommandResult
    AgentPackageAgentInformation.exe
    Remote address:
    40.119.152.241:443
    Request
    POST /Production/Agent/CommandResult HTTP/1.1
    X-PackageName: AgentPackageAgentInformation
    X-PackageVersion: 38.9.0.0
    X-AccountId: 001Q300000PPiXTIA1
    Content-Type: application/json
    Host: agent-api.atera.com
    Content-Length: 469
    Expect: 100-continue
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Mon, 20 Jan 2025 18:01:46 GMT
    Content-Length: 0
    Connection: keep-alive
    Request-Context: appId=cid-v1:dab78164-68e3-479b-97e3-bbc6914c52dc
  • flag-us
    DNS
    89.9.84.99.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    89.9.84.99.in-addr.arpa
    IN PTR
    Response
    89.9.84.99.in-addr.arpa
    IN PTR
    server-99-84-9-89lhr62r cloudfrontnet
  • flag-us
    DNS
    14.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    14.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    90.65.42.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    90.65.42.20.in-addr.arpa
    IN PTR
    Response
  • 40.119.152.241:443
    https://agent-api.atera.com/Production/Agent/track-event
    tls, http
    rundll32.exe
    1.5kB
     5.5kB
     11
    9

    HTTP Request

    POST https://agent-api.atera.com/Production/Agent/track-event

    HTTP Response

    200
  • 40.119.152.241:443
    https://agent-api.atera.com/Production/Agent/GetCommands
    tls, http
    AteraAgent.exe
    1.4kB
     6.0kB
     13
    15

    HTTP Request

    POST https://agent-api.atera.com/Production/Agent/GetEnvironmentStatus

    HTTP Response

    200

    HTTP Request

    POST https://agent-api.atera.com/Production/Agent/GetCommands

    HTTP Response

    204
  • 40.119.152.241:443
    https://agent-api.atera.com/Production/Agent/track-event
    tls, http
    rundll32.exe
    1.1kB
     5.5kB
     9
    9

    HTTP Request

    POST https://agent-api.atera.com/Production/Agent/track-event

    HTTP Response

    200
  • 40.119.152.241:443
    https://agent-api.atera.com/Production/Agent/AgentStarting
    tls, http
    AteraAgent.exe
    1.8kB
     28.0kB
     20
    30

    HTTP Request

    POST https://agent-api.atera.com/Production/Agent/GetRecurringPackages

    HTTP Response

    200

    HTTP Request

    POST https://agent-api.atera.com/Production/Agent/AgentStarting

    HTTP Response

    200
  • 35.157.63.227:443
    https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=36fe9743-c909-4acb-a7f0-291a7f4a9f85&uuid=947a9008-1c28-4f55-9671-dc0371ff0c73
    tls, http
    AteraAgent.exe
    3.0kB
     9.0kB
     26
    26

    HTTP Request

    GET https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=00d14cf7-df2f-415e-901d-189f6e1d9762&uuid=947a9008-1c28-4f55-9671-dc0371ff0c73

    HTTP Response

    200

    HTTP Request

    GET https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=c90407cd-4ede-4823-a31a-9903c8d72b69&uuid=947a9008-1c28-4f55-9671-dc0371ff0c73

    HTTP Response

    200

    HTTP Request

    GET https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=cd46a75e-3cdb-4894-a1e0-f9e107e20425&uuid=947a9008-1c28-4f55-9671-dc0371ff0c73

    HTTP Response

    200

    HTTP Request

    GET https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=23116936-77a9-40b6-a3de-071810b40aac&uuid=947a9008-1c28-4f55-9671-dc0371ff0c73

    HTTP Response

    200

    HTTP Request

    GET https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=fd50af99-6aa4-4534-9600-171e01379044&uuid=947a9008-1c28-4f55-9671-dc0371ff0c73

    HTTP Response

    200

    HTTP Request

    GET https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/947a9008-1c28-4f55-9671-dc0371ff0c73/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=c2e2c184-e863-4e45-b93f-47bb92a9138e&uuid=947a9008-1c28-4f55-9671-dc0371ff0c73

    HTTP Response

    200

    HTTP Request

    GET https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=36fe9743-c909-4acb-a7f0-291a7f4a9f85&uuid=947a9008-1c28-4f55-9671-dc0371ff0c73

    HTTP Response

    200
  • 35.157.63.227:443
    https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/947a9008-1c28-4f55-9671-dc0371ff0c73/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=e4a77797-f4d2-43d2-bfd1-d765a6442f53&tr=41&tt=17373961054587351&uuid=947a9008-1c28-4f55-9671-dc0371ff0c73
    tls, http
    AteraAgent.exe
    3.3kB
     11.8kB
     23
    29

    HTTP Request

    GET https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/947a9008-1c28-4f55-9671-dc0371ff0c73/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=0c28f481-1f9a-4ac4-9cb9-0cca941b7ed0&tt=0&uuid=947a9008-1c28-4f55-9671-dc0371ff0c73

    HTTP Response

    200

    HTTP Request

    GET https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/947a9008-1c28-4f55-9671-dc0371ff0c73/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=a399027a-f25e-4a1e-91fa-4fe7eeefc92b&tr=41&tt=17373960898347171&uuid=947a9008-1c28-4f55-9671-dc0371ff0c73

    HTTP Response

    200

    HTTP Request

    GET https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/947a9008-1c28-4f55-9671-dc0371ff0c73/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=a1cc679a-1e56-4dab-b90c-85db41cfc04e&tr=41&tt=17373961042415944&uuid=947a9008-1c28-4f55-9671-dc0371ff0c73

    HTTP Response

    200

    HTTP Request

    GET https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/947a9008-1c28-4f55-9671-dc0371ff0c73/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=0307b428-c1a5-4238-a773-1bcc9206cfad&tr=41&tt=17373961054587351&uuid=947a9008-1c28-4f55-9671-dc0371ff0c73

    HTTP Response

    200

    HTTP Request

    GET https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/947a9008-1c28-4f55-9671-dc0371ff0c73/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=e4a77797-f4d2-43d2-bfd1-d765a6442f53&tr=41&tt=17373961054587351&uuid=947a9008-1c28-4f55-9671-dc0371ff0c73
  • 40.119.152.241:443
    https://agent-api.atera.com/Production/Agent/AcknowledgeCommands
    tls, http
    AteraAgent.exe
    1.6kB
     6.4kB
     15
    12

    HTTP Request

    POST https://agent-api.atera.com/Production/Agent/AcknowledgeCommands

    HTTP Response

    200
  • 99.84.9.89:443
    https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/38.9/AgentPackageAgentInformation.zip?cbPE7HhXVwVxCL/+uNxZnr+pf+AexLWE0lCxJHzwvWxI7jB4tsD4a4dGqOwWXafI
    tls, http
    AteraAgent.exe
    13.3kB
     410.6kB
     220
    301

    HTTP Request

    GET https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/38.9/AgentPackageAgentInformation.zip?cbPE7HhXVwVxCL/+uNxZnr+pf+AexLWE0lCxJHzwvWxI7jB4tsD4a4dGqOwWXafI

    HTTP Response

    200
  • 40.119.152.241:443
    https://agent-api.atera.com/Production/Agent/AcknowledgeCommands
    tls, http
    AteraAgent.exe
    1.1kB
     5.6kB
     10
    12

    HTTP Request

    POST https://agent-api.atera.com/Production/Agent/AcknowledgeCommands

    HTTP Response

    200
  • 40.119.152.241:443
    https://agent-api.atera.com/Production/Agent/CommandResult
    tls, http
    AgentPackageAgentInformation.exe
    2.1kB
     5.6kB
     11
    11

    HTTP Request

    POST https://agent-api.atera.com/Production/Agent/CommandResult

    HTTP Response

    200
  • 40.119.152.241:443
    https://agent-api.atera.com/Production/Agent/CommandResult
    tls, http
    AgentPackageAgentInformation.exe
    2.1kB
     5.6kB
     11
    10

    HTTP Request

    POST https://agent-api.atera.com/Production/Agent/CommandResult

    HTTP Response

    200
  • 8.8.8.8:53
    97.17.167.52.in-addr.arpa
    dns
    142 B
     145 B
     2
    1

    DNS Request

    97.17.167.52.in-addr.arpa

    DNS Request

    97.17.167.52.in-addr.arpa

  • 8.8.8.8:53
    29.153.16.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    29.153.16.2.in-addr.arpa

  • 8.8.8.8:53
    167.173.78.104.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    167.173.78.104.in-addr.arpa

  • 8.8.8.8:53
    4.159.190.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    4.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    13.86.106.20.in-addr.arpa
    dns
    142 B
     157 B
     2
    1

    DNS Request

    13.86.106.20.in-addr.arpa

    DNS Request

    13.86.106.20.in-addr.arpa

  • 8.8.8.8:53
    167.57.26.184.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    167.57.26.184.in-addr.arpa

  • 8.8.8.8:53
    agent-api.atera.com
    dns
    AgentPackageAgentInformation.exe
    130 B
     182 B
     2
    1

    DNS Request

    agent-api.atera.com

    DNS Request

    agent-api.atera.com

    DNS Response

    40.119.152.241

  • 8.8.8.8:53
    241.152.119.40.in-addr.arpa
    dns
    146 B
     147 B
     2
    1

    DNS Request

    241.152.119.40.in-addr.arpa

    DNS Request

    241.152.119.40.in-addr.arpa

  • 8.8.8.8:53
    ps.pndsn.com
    dns
    AteraAgent.exe
    58 B
     90 B
     1
    1

    DNS Request

    ps.pndsn.com

    DNS Response

    35.157.63.227
    35.157.63.228

  • 8.8.8.8:53
    227.63.157.35.in-addr.arpa
    dns
    72 B
     138 B
     1
    1

    DNS Request

    227.63.157.35.in-addr.arpa

  • 8.8.8.8:53
    197.87.175.4.in-addr.arpa
    dns
    142 B
     157 B
     2
    1

    DNS Request

    197.87.175.4.in-addr.arpa

    DNS Request

    197.87.175.4.in-addr.arpa

  • 8.8.8.8:53
    18.31.95.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    18.31.95.13.in-addr.arpa

  • 8.8.8.8:53
    172.214.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.214.232.199.in-addr.arpa

  • 8.8.8.8:53
    ps.atera.com
    dns
    AteraAgent.exe
    58 B
     165 B
     1
    1

    DNS Request

    ps.atera.com

    DNS Response

    99.84.9.89
    99.84.9.56
    99.84.9.5
    99.84.9.72

  • 8.8.8.8:53
    agent-api.atera.com
    dns
    AgentPackageAgentInformation.exe
    65 B
     182 B
     1
    1

    DNS Request

    agent-api.atera.com

    DNS Response

    40.119.152.241

  • 8.8.8.8:53
    89.9.84.99.in-addr.arpa
    dns
    69 B
     123 B
     1
    1

    DNS Request

    89.9.84.99.in-addr.arpa

  • 8.8.8.8:53
    14.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    14.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    90.65.42.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    90.65.42.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Config.Msi\e57e129.rbs
    Filesize

    8KB

    MD5

    93936099b1b307d4857838566fb97932

    SHA1

    687aff99b2699db1caeb71ec7f97bb1f24bc3062

    SHA256

    0425d37e74a9f42c39b08f09b3287b5dcce6693ac5daa4780cad34b49d39819d

    SHA512

    4d95b50c331d9b96ca0a3cb8d0c2bedd46aa56126dcede9c3f5eba3cb90ff2e62dd54d5fe937bb01d4ee0f2d8fd7d2737269965a080424cea682dd9585ca8095

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
    Filesize

    753B

    MD5

    8298451e4dee214334dd2e22b8996bdc

    SHA1

    bc429029cc6b42c59c417773ea5df8ae54dbb971

    SHA256

    6fbf5845a6738e2dc2aa67dd5f78da2c8f8cb41d866bbba10e5336787c731b25

    SHA512

    cda4ffd7d6c6dff90521c6a67a3dba27bf172cc87cee2986ae46dccd02f771d7e784dcad8aea0ad10decf46a1c8ae1041c184206ec2796e54756e49b9217d7ba

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
    Filesize

    142KB

    MD5

    477293f80461713d51a98a24023d45e8

    SHA1

    e9aa4e6c514ee951665a7cd6f0b4a4c49146241d

    SHA256

    a96a0ba7998a6956c8073b6eff9306398cc03fb9866e4cabf0810a69bb2a43b2

    SHA512

    23f3bd44a5fb66be7fea3f7d6440742b657e4050b565c1f8f4684722502d46b68c9e54dcc2486e7de441482fcc6aa4ad54e94b1d73992eb5d070e2a17f35de2f

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config
    Filesize

    1KB

    MD5

    b3bb71f9bb4de4236c26578a8fae2dcd

    SHA1

    1ad6a034ccfdce5e3a3ced93068aa216bd0c6e0e

    SHA256

    e505b08308622ad12d98e1c7a07e5dc619a2a00bcd4a5cbe04fe8b078bcf94a2

    SHA512

    fb6a46708d048a8f964839a514315b9c76659c8e1ab2cd8c5c5d8f312aa4fb628ab3ce5d23a793c41c13a2aa6a95106a47964dad72a5ecb8d035106fc5b7ba71

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll
    Filesize

    210KB

    MD5

    c106df1b5b43af3b937ace19d92b42f3

    SHA1

    7670fc4b6369e3fb705200050618acaa5213637f

    SHA256

    2b5b7a2afbc88a4f674e1d7836119b57e65fae6863f4be6832c38e08341f2d68

    SHA512

    616e45e1f15486787418a2b2b8eca50cacac6145d353ff66bf2c13839cd3db6592953bf6feed1469db7ddf2f223416d5651cd013fb32f64dc6c72561ab2449ae

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll
    Filesize

    693KB

    MD5

    2c4d25b7fbd1adfd4471052fa482af72

    SHA1

    fd6cd773d241b581e3c856f9e6cd06cb31a01407

    SHA256

    2a7a84768cc09a15362878b270371daad9872caacbbeebe7f30c4a7ed6c03ca7

    SHA512

    f7f94ec00435466db2fb535a490162b906d60a3cfa531a36c4c552183d62d58ccc9a6bb8bbfe39815844b0c3a861d3e1f1178e29dbcb6c09fa2e6ebbb7ab943a

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.INI
    Filesize

    12B

    MD5

    e7d76972b7bcee4b8e7ff558c4b5332f

    SHA1

    6925ef528563be830aa054df66fb5359aa5e1442

    SHA256

    39d7fb8d9cdf74d5b1fec800b082936486ce182fffc619f1bb7176611b1a1336

    SHA512

    f3eff8f7e02374f100db3148952c4d145b56686057af20aa989311958ed03db2c12da038db12be02aca6430812eb4474c704cb65a39b5566c972c33d0a6b6251

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
    Filesize

    248KB

    MD5

    02c5e1d68418152679c58cd3c8130aeb

    SHA1

    ba1e87324cd9ce568584ded884be8967311495d6

    SHA256

    8d21a793b93af34f0de79094be326e543e7a2a18aed77e4e12f0fe5969b9868d

    SHA512

    0aee6baf3a77341b0c111137f81215b481bd7a0e9f6ba871941bf3cf547e9f66adf61cf781d46c04a773eee5762f73221d3094f64d3470d49e7eabf1f774ce08

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config
    Filesize

    546B

    MD5

    158fb7d9323c6ce69d4fce11486a40a1

    SHA1

    29ab26f5728f6ba6f0e5636bf47149bd9851f532

    SHA256

    5e38ef232f42f9b0474f8ce937a478200f7a8926b90e45cb375ffda339ec3c21

    SHA512

    7eefcc5e65ab4110655e71bc282587e88242c15292d9c670885f0daae30fa19a4b059390eb8e934607b8b14105e3e25d7c5c1b926b6f93bdd40cbd284aaa3ceb

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll
    Filesize

    688KB

    MD5

    c63e1d81d747a07f62c914fe92e7e62b

    SHA1

    793dce4607d78d95df754f57c6857e80adb4d1fe

    SHA256

    a7b3fc2f4aac37f80052515b92e514210920adf05c096a7bd85af51b0c3ebe66

    SHA512

    d3cb63dc5699e8c775fcd82de6d19cdeabf7aae39f040ad477995945a3e4cee5c34a07d5f1b0b884de6180e84a576366b1a9af7deb6aaec929ea5ee2e810f1a0

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll
    Filesize

    588KB

    MD5

    17d74c03b6bcbcd88b46fcc58fc79a0d

    SHA1

    bc0316e11c119806907c058d62513eb8ce32288c

    SHA256

    13774cc16c1254752ea801538bfb9a9d1328f8b4dd3ff41760ac492a245fbb15

    SHA512

    f1457a8596a4d4f9b98a7dcb79f79885fa28bd7fc09a606ad3cd6f37d732ec7e334a64458e51e65d839ddfcdf20b8b5676267aa8ced0080e8cf81a1b2291f030

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt
    Filesize

    229B

    MD5

    11f7643cc107bff03052756f49956e02

    SHA1

    c3eb7de68d1a7e46de5248ef6f0aba1a01a52515

    SHA256

    c77eb4c87e9e17bdd84c9d17052c7f5008124b39a87b2195b189d697f353946c

    SHA512

    753143d7cb759484d08664bc4d6294e0d47d7f0b64bc710306efe6b5b0cf8337ce3850c577f9a6dbcfa95272587c05ef966af49d1bff36f0305fb7aaac77303b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
    Filesize

    471B

    MD5

    71bd195d7c58500ba8a871cf9308a385

    SHA1

    4ccbbd6d61a80f21a86adb44adbe9018fcc0d09a

    SHA256

    adea38b7c56668aaf6e0536f8aa40de32e398d248a975b573becfdbf880499ae

    SHA512

    9b230b2a5073903847e17c5835f7ffba35647925e742a4e82dbac36e22fe6d74ebe3c686e38c1c8762db82c034480be83202f58424515603c572551e3b93ef02

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
    Filesize

    727B

    MD5

    56e77f27ce4a9d1138cf5be406879ce9

    SHA1

    9b747d0ed77969273462ebff0d2c8ff3da74fe49

    SHA256

    e053f29d0a4a9ec9504a28363b9d6bdd5a28287cbe98f5f02b7e8ad0bc4c5c40

    SHA512

    57478aa6ad295eb6cd6986a4d748d55b1bb5d1bf28f022e5a2cd105fe3718abda82a39d0d8111cffb8bef066e6271905daaa8a7d83e9e006944020bc7f39bdf4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
    Filesize

    727B

    MD5

    a0cb20d98fd71cf57d7da90834608d35

    SHA1

    806211b77bd71026a6f3c6cdb10f5f7724563aa0

    SHA256

    4d246aba43cc43ee629a9879f6bd3502b3d3656dfe11f0c9a29c7a7a89ad722c

    SHA512

    fa7543436d91734abc480114024f041989d8b780d0e01d63224ea41be0e1c4e9901dc04111db6e499c479ea0d52d6e78f630ae8a8fa46e0a22d315f47ff01358

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
    Filesize

    400B

    MD5

    c8f78ba12906059228a5e0218982a08f

    SHA1

    3e17308b4c7539f6c8d8396d5c23d6d6d0687b36

    SHA256

    7153e4fd16b460274ae069afbb21d3420636b6e187b5b2e30399c76530dee1ef

    SHA512

    a0e241313249a6f6de89aeb4e5b68ad4d99241f0f500b4399ab52a02f3455eb59b3b73ae176c5585b8d81d712ceba4a2ffb27c61f7b0bc431a446bb1cba67576

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
    Filesize

    404B

    MD5

    23cd00740f610018c2d2802ba3a6b9a2

    SHA1

    bd6873dffd86e65645417907c19c3eeb88170f19

    SHA256

    d071f88c716cbbfbab88fd1b59500c8a23595d5e3e9a14d9f51a758a3a58e900

    SHA512

    e842873d279032ba0e6fd10d4d6201884a0b6ea68defc12847230bb17c4dc60ccf805c3e1a5f52c118aeecc270693edf52b24cc2476f0f54afd9a3cd3ebb2e8f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
    Filesize

    412B

    MD5

    28395cb3d1e5c9aadd09ef628be11d5c

    SHA1

    afda84d5f2da04099f525daab92beef00100807c

    SHA256

    92bc23e5ceeb48603def66b1a394278cf0f1444219a3ad43d19264e76b561450

    SHA512

    666d82ba5c210717aa983f4ab7315ec3f4fe89c635072119991b3cd0f19f78abb62e1075932ac4d15565a4ca5fc22eb13b2bb6fa0a3512d3196a34bc761f6fd4

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log
    Filesize

    651B

    MD5

    9bbfe11735bac43a2ed1be18d0655fe2

    SHA1

    61141928bb248fd6e9cd5084a9db05a9b980fb3a

    SHA256

    549953bd4fc8acc868a9374ec684ebd9e7b23939adf551016f3433b642697b74

    SHA512

    a78c52b2ddc057dabf260eeb744b9f55eab3374ad96e1938a291d2b17f204a0d6e1aa02802de75f0b2cd6d156540d2ddee15e889b89d5e619207054df4c1d483

    Download Submit

  • C:\Windows\Installer\MSIE1F4.tmp
    Filesize

    509KB

    MD5

    88d29734f37bdcffd202eafcdd082f9d

    SHA1

    823b40d05a1cab06b857ed87451bf683fdd56a5e

    SHA256

    87c97269e2b68898be87b884cd6a21880e6f15336b1194713e12a2db45f1dccf

    SHA512

    1343ed80dccf0fa4e7ae837b68926619d734bc52785b586a4f4102d205497d2715f951d9acacc8c3e5434a94837820493173040dc90fb7339a34b6f3ef0288d0

    Download Submit

  • C:\Windows\Installer\MSIE1F4.tmp-\AlphaControlAgentInstallation.dll
    Filesize

    25KB

    MD5

    aa1b9c5c685173fad2dabebeb3171f01

    SHA1

    ed756b1760e563ce888276ff248c734b7dd851fb

    SHA256

    e44a6582cd3f84f4255d3c230e0a2c284e0cffa0ca5e62e4d749e089555494c7

    SHA512

    d3bfb4bd7e7fdb7159fbfc14056067c813ce52cdd91e885bdaac36820b5385fb70077bf58ec434d31a5a48245eb62b6794794618c73fe7953f79a4fc26592334

    Download Submit

  • C:\Windows\Installer\MSIE1F4.tmp-\Microsoft.Deployment.WindowsInstaller.dll
    Filesize

    179KB

    MD5

    1a5caea6734fdd07caa514c3f3fb75da

    SHA1

    f070ac0d91bd337d7952abd1ddf19a737b94510c

    SHA256

    cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

    SHA512

    a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

    Download Submit

  • C:\Windows\Installer\MSIE715.tmp-\CustomAction.config
    Filesize

    1KB

    MD5

    bc17e956cde8dd5425f2b2a68ed919f8

    SHA1

    5e3736331e9e2f6bf851e3355f31006ccd8caa99

    SHA256

    e4ff538599c2d8e898d7f90ccf74081192d5afa8040e6b6c180f3aa0f46ad2c5

    SHA512

    02090daf1d5226b33edaae80263431a7a5b35a2ece97f74f494cc138002211e71498d42c260395ed40aee8e4a40474b395690b8b24e4aee19f0231da7377a940

    Download Submit

  • C:\Windows\Installer\MSIE715.tmp-\Newtonsoft.Json.dll
    Filesize

    695KB

    MD5

    715a1fbee4665e99e859eda667fe8034

    SHA1

    e13c6e4210043c4976dcdc447ea2b32854f70cc6

    SHA256

    c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

    SHA512

    bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

    Download Submit

  • C:\Windows\Installer\MSIF33D.tmp
    Filesize

    211KB

    MD5

    a3ae5d86ecf38db9427359ea37a5f646

    SHA1

    eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

    SHA256

    c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

    SHA512

    96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

    Download Submit

  • C:\Windows\Installer\e57e128.msi
    Filesize

    2.9MB

    MD5

    30c87bf81a6b9da8c2d2196d4471f056

    SHA1

    a8c45bd3cb66256a07ba8c4047aa88db5c72c50b

    SHA256

    40c90476979303f54df8bf6ac6ba10a252623cf18519b492b77d8988cb6bd216

    SHA512

    066c4c9922994259cdb62d9cbc21fa6e63b1c765a18a1c4e94b1741e60b580ddb132134f13d6ad0f86285c618243ca6849dc5aac92fb8b8be014610a6159bf06

    Download Submit

  • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
    Filesize

    404B

    MD5

    633abf4507488de7cdb00418e478690a

    SHA1

    f153daebdd5de79a60c3b99b251f1fae26170e4c

    SHA256

    fdc499ba1c02dc0d90be15ff55c29e8dbb3d62ffe22a48966b3b4b01b1dc8203

    SHA512

    9aca065029dabac5e53937c39824bb8f65a3247421bf2e2b7ffa65dd01ecc8192f5734f988f002a478138e90a0963caeef8fa7bcd045a374e9a3989aae47864b

    Download Submit

  • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
    Filesize

    412B

    MD5

    53afbb6afa6075c92b170f111be2d62c

    SHA1

    81bd124208a94fecd1acdcea5141c4fc387b0e4c

    SHA256

    41503bd5f919c0ac1cdb180ea4a3dd0f94063d1404316b58be7bbedb4fe98820

    SHA512

    30319e340d1fd0bb9983dca2b64c51fdc8c53b3c29e28e137f6bb6962f1abca18e508739690cdbf8f2ca4687b5366cdbb25731435df41d128e029a72f3182e2f

    Download Submit

  • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
    Filesize

    24.1MB

    MD5

    9891182c298a6d7d7d75f878cef79ad3

    SHA1

    ec82cb1ec392ccb880f35615e8ab1483df023eee

    SHA256

    1fbac662ad2a94929866061f7158f9cef62a7afdf3e02004bda17021ec65f795

    SHA512

    bbb3d6de15ad40c9253590dc146d41cc5b1707a498f5cdf103ae7e25c89826bbb1ba5c94e059a75bda247133095fac11b0ec83629640fa0cfc52e153d1d4686a

    Download Submit

  • \??\Volume{f0eec59f-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{62e72642-e9d6-4270-be80-a1f14268870c}_OnDiskSnapshotProp
    Filesize

    6KB

    MD5

    5c8206ea1fcbecf8dfbcb758b275ede7

    SHA1

    f696107283d888391ec7b7eb25980dd17bd57ebd

    SHA256

    f879e194e8615eba05af3679aec5a3a4418dbc261935d2429acf654ae0b12f4f

    SHA512

    0f12cc2fd2684d009accb6c735310b80abe73bf4cd44547baa337815cf02d87989f16c5f6c6812ce1c5bdcb4347d31b725a393c8cf6b349c9540baa7fc0c5819

    Download Submit

  • memory/832-150-0x0000021EF8960000-0x0000021EF8988000-memory.dmp

    Filesize

    160KB

    Download

  • memory/832-167-0x0000021EFB220000-0x0000021EFB25C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/832-162-0x0000021EFB280000-0x0000021EFB318000-memory.dmp

    Filesize

    608KB

    Download

  • memory/832-166-0x0000021EFA520000-0x0000021EFA532000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2948-112-0x0000000004720000-0x0000000004786000-memory.dmp

    Filesize

    408KB

    Download

  • memory/3440-278-0x000002BCB38E0000-0x000002BCB38FC000-memory.dmp

    Filesize

    112KB

    Download

  • memory/3440-277-0x000002BCCC1E0000-0x000002BCCC290000-memory.dmp

    Filesize

    704KB

    Download

  • memory/3440-274-0x000002BCB3050000-0x000002BCB3092000-memory.dmp

    Filesize

    264KB

    Download

  • memory/4412-81-0x00000000054C0000-0x00000000054E2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4412-82-0x0000000005640000-0x0000000005994000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/4412-78-0x0000000005580000-0x0000000005632000-memory.dmp

    Filesize

    712KB

    Download

  • memory/4428-45-0x00000000052A0000-0x00000000052AC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/4428-41-0x0000000005260000-0x000000000528E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/4736-197-0x00000297E21E0000-0x00000297E2292000-memory.dmp

    Filesize

    712KB

    Download

  • memory/4736-243-0x00000297E2A70000-0x00000297E2AA8000-memory.dmp

    Filesize

    224KB

    Download

  • memory/4736-198-0x00000297E2150000-0x00000297E2172000-memory.dmp

    Filesize

    136KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.