Overview

overview

10

Static

static

10

f681328a88...e1.msi

windows7-x64

10

f681328a88...e1.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21/01/2025, 04:26 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f681328a883ca5f414f92c49dbe20d06d6f65d5f45dac594de9af983908174e1.msi

  • Size

    2.9MB

  • MD5

    666994c1545b1e6b686ccd8668df24a4

  • SHA1

    5f38a286fcd1c675a23ec0d67bab426d48065911

  • SHA256

    f681328a883ca5f414f92c49dbe20d06d6f65d5f45dac594de9af983908174e1

  • SHA512

    2a4355f962ceb82827c044fddc581e02a15ec10f8f78a322ea19ab4a131f948a91716f1294979b50a0934b64173a37e1329e69612d43aa29d1d2823e5c393497

  • SSDEEP

    49152:7+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:7+lUlz9FKbsodq0YaH7ZPxMb8tT

Score
10/10
ateraagentdiscoverypersistenceprivilege_escalationrat

Malware Config

Signatures

  • AteraAgent

    AteraAgent is a remote monitoring and management tool.

    ratateraagent
  • Ateraagent family
    ateraagent
  • Detects AteraAgent 1 IoCs
  • Blocklisted process makes network request 7 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 20 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 18 IoCs
  • Drops file in Windows directory 37 IoCs
  • Executes dropped EXE 3 IoCs
  • Launches sc.exe 1 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Loads dropped DLL 35 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Kills process with taskkill 1 IoCs
    defense_evasion
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 22 IoCs
  • Modifies system certificate store 2 TTPs 4 IoCs
    defense_evasionspywaretrojan
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 63 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\f681328a883ca5f414f92c49dbe20d06d6f65d5f45dac594de9af983908174e1.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2868
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1260
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 89C0A7E1B215A4F3DD5315668C27E459
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2380
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSIA9C9.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259435107 1 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
        3⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:1720
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSIACB6.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259435715 5 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
        3⤵
        • Blocklisted process makes network request
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:1924
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSIBDA8.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259440099 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
        3⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:2888
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSIC83A.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259442735 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
        3⤵
        • Blocklisted process makes network request
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:2932
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 85C09F66DB7612CFB1A8F91B85A55CC1 M Global\MSI0000
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2124
      • C:\Windows\syswow64\NET.exe
        "NET" STOP AteraAgent
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2264
        • C:\Windows\SysWOW64\net1.exe
          C:\Windows\system32\net1 STOP AteraAgent
          4⤵
          • System Location Discovery: System Language Discovery
          PID:2408
      • C:\Windows\syswow64\TaskKill.exe
        "TaskKill.exe" /f /im AteraAgent.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Kills process with taskkill
        PID:2112
    • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
      "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="financeiro@brasmasdistribuicao.com.br" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000PPiXTIA1" /AgentId="1121b586-8090-48ac-b05c-0b3a17eae791"
      2⤵
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      PID:2728
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2116
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000005C0" "00000000000005C8"
    1⤵
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    PID:2620
  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
    "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Executes dropped EXE
    • Modifies data under HKEY_USERS
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1720
    • C:\Windows\System32\sc.exe
      "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
      2⤵
      • Launches sc.exe
      PID:2812
    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 1121b586-8090-48ac-b05c-0b3a17eae791 "dcb16245-becd-4cb2-bbbe-7c009cf0c0e8" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000PPiXTIA1
      2⤵
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      PID:2400

Network

  • flag-us
    DNS
    agent-api.atera.com
    AteraAgent.exe
    Remote address:
    8.8.8.8:53
    Request
    agent-api.atera.com
    IN A
    Response
    agent-api.atera.com
    IN CNAME
    agentsapi.trafficmanager.net
    agentsapi.trafficmanager.net
    IN CNAME
    atera-agent-api-eu.westeurope.cloudapp.azure.com
    atera-agent-api-eu.westeurope.cloudapp.azure.com
    IN A
    40.119.152.241
  • flag-us
    DNS
    www.microsoft.com
    AteraAgent.exe
    Remote address:
    8.8.8.8:53
    Request
    www.microsoft.com
    IN A
    Response
    www.microsoft.com
    IN CNAME
    www.microsoft.com-c-3.edgekey.net
    www.microsoft.com-c-3.edgekey.net
    IN CNAME
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    IN CNAME
    e13678.dscb.akamaiedge.net
    e13678.dscb.akamaiedge.net
    IN A
    95.100.245.144
  • flag-us
    DNS
    ps.pndsn.com
    AteraAgent.exe
    Remote address:
    8.8.8.8:53
    Request
    ps.pndsn.com
    IN A
    Response
    ps.pndsn.com
    IN A
    35.157.63.228
    ps.pndsn.com
    IN A
    35.157.63.229
  • flag-de
    GET
    https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=a5e67df4-695e-4529-af99-56a79632b410&uuid=1121b586-8090-48ac-b05c-0b3a17eae791
    AteraAgent.exe
    Remote address:
    35.157.63.228:443
    Request
    GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=a5e67df4-695e-4529-af99-56a79632b410&uuid=1121b586-8090-48ac-b05c-0b3a17eae791 HTTP/1.1
    Host: ps.pndsn.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Tue, 21 Jan 2025 04:27:16 GMT
    Content-Type: text/javascript; charset="UTF-8"
    Connection: keep-alive
    Content-Length: 19
    Cache-Control: no-cache
    Access-Control-Allow-Credentials: true
    Access-Control-Expose-Headers: *
  • flag-de
    GET
    https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=b9e267b9-5d0b-4376-9154-9dc719f36b3d&uuid=1121b586-8090-48ac-b05c-0b3a17eae791
    AteraAgent.exe
    Remote address:
    35.157.63.228:443
    Request
    GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=b9e267b9-5d0b-4376-9154-9dc719f36b3d&uuid=1121b586-8090-48ac-b05c-0b3a17eae791 HTTP/1.1
    Host: ps.pndsn.com
    Response
    HTTP/1.1 200 OK
    Date: Tue, 21 Jan 2025 04:27:16 GMT
    Content-Type: text/javascript; charset="UTF-8"
    Connection: keep-alive
    Content-Length: 19
    Cache-Control: no-cache
    Access-Control-Allow-Credentials: true
    Access-Control-Expose-Headers: *
  • flag-de
    GET
    https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=dbb40d63-ac1f-4b26-9e9a-1009825c16fc&uuid=1121b586-8090-48ac-b05c-0b3a17eae791
    AteraAgent.exe
    Remote address:
    35.157.63.228:443
    Request
    GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=dbb40d63-ac1f-4b26-9e9a-1009825c16fc&uuid=1121b586-8090-48ac-b05c-0b3a17eae791 HTTP/1.1
    Host: ps.pndsn.com
    Response
    HTTP/1.1 200 OK
    Date: Tue, 21 Jan 2025 04:27:18 GMT
    Content-Type: text/javascript; charset="UTF-8"
    Connection: keep-alive
    Content-Length: 19
    Cache-Control: no-cache
    Access-Control-Allow-Credentials: true
    Access-Control-Expose-Headers: *
  • flag-de
    GET
    https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=577fdb3c-2655-4f0d-b363-276609cd638f&uuid=1121b586-8090-48ac-b05c-0b3a17eae791
    AteraAgent.exe
    Remote address:
    35.157.63.228:443
    Request
    GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=577fdb3c-2655-4f0d-b363-276609cd638f&uuid=1121b586-8090-48ac-b05c-0b3a17eae791 HTTP/1.1
    Host: ps.pndsn.com
    Response
    HTTP/1.1 200 OK
    Date: Tue, 21 Jan 2025 04:28:03 GMT
    Content-Type: text/javascript; charset="UTF-8"
    Connection: keep-alive
    Content-Length: 19
    Cache-Control: no-cache
    Access-Control-Allow-Credentials: true
    Access-Control-Expose-Headers: *
  • flag-de
    GET
    https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/1121b586-8090-48ac-b05c-0b3a17eae791/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=b955a737-954c-42c8-9f04-0f8815c41b8f&uuid=1121b586-8090-48ac-b05c-0b3a17eae791
    AteraAgent.exe
    Remote address:
    35.157.63.228:443
    Request
    GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/1121b586-8090-48ac-b05c-0b3a17eae791/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=b955a737-954c-42c8-9f04-0f8815c41b8f&uuid=1121b586-8090-48ac-b05c-0b3a17eae791 HTTP/1.1
    Cache-Control: no-cache
    Pragma: no-cache
    Content-Type: application/json
    Host: ps.pndsn.com
    Response
    HTTP/1.1 200 OK
    Date: Tue, 21 Jan 2025 04:28:03 GMT
    Content-Type: text/javascript; charset="UTF-8"
    Content-Length: 55
    Connection: keep-alive
    Access-Control-Allow-Methods: OPTIONS, GET, POST
    Age: 0
    Cache-Control: no-cache
    Accept-Ranges: bytes
    Access-Control-Allow-Credentials: true
    Access-Control-Expose-Headers: *
  • flag-de
    GET
    https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=c43b48aa-bda1-4645-ae31-46448ad5dfd8&uuid=1121b586-8090-48ac-b05c-0b3a17eae791
    AteraAgent.exe
    Remote address:
    35.157.63.228:443
    Request
    GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=c43b48aa-bda1-4645-ae31-46448ad5dfd8&uuid=1121b586-8090-48ac-b05c-0b3a17eae791 HTTP/1.1
    Host: ps.pndsn.com
    Response
    HTTP/1.1 200 OK
    Date: Tue, 21 Jan 2025 04:28:36 GMT
    Content-Type: text/javascript; charset="UTF-8"
    Connection: keep-alive
    Content-Length: 19
    Cache-Control: no-cache
    Access-Control-Allow-Credentials: true
    Access-Control-Expose-Headers: *
  • flag-de
    GET
    https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=de8817f0-2bd1-4e9c-b8aa-8e7d08d964ba&uuid=1121b586-8090-48ac-b05c-0b3a17eae791
    AteraAgent.exe
    Remote address:
    35.157.63.228:443
    Request
    GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=de8817f0-2bd1-4e9c-b8aa-8e7d08d964ba&uuid=1121b586-8090-48ac-b05c-0b3a17eae791 HTTP/1.1
    Host: ps.pndsn.com
    Response
    HTTP/1.1 200 OK
    Date: Tue, 21 Jan 2025 04:28:38 GMT
    Content-Type: text/javascript; charset="UTF-8"
    Connection: keep-alive
    Content-Length: 19
    Cache-Control: no-cache
    Access-Control-Allow-Credentials: true
    Access-Control-Expose-Headers: *
  • flag-de
    GET
    https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=99afaaf5-12d8-45b6-9117-c999ad29ef38&uuid=1121b586-8090-48ac-b05c-0b3a17eae791
    AteraAgent.exe
    Remote address:
    35.157.63.228:443
    Request
    GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=99afaaf5-12d8-45b6-9117-c999ad29ef38&uuid=1121b586-8090-48ac-b05c-0b3a17eae791 HTTP/1.1
    Host: ps.pndsn.com
    Response
    HTTP/1.1 200 OK
    Date: Tue, 21 Jan 2025 04:29:23 GMT
    Content-Type: text/javascript; charset="UTF-8"
    Connection: keep-alive
    Content-Length: 19
    Cache-Control: no-cache
    Access-Control-Allow-Credentials: true
    Access-Control-Expose-Headers: *
  • flag-de
    GET
    https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/1121b586-8090-48ac-b05c-0b3a17eae791/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=325a436e-1c33-44e7-a677-512f3a856bcd&uuid=1121b586-8090-48ac-b05c-0b3a17eae791
    AteraAgent.exe
    Remote address:
    35.157.63.228:443
    Request
    GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/1121b586-8090-48ac-b05c-0b3a17eae791/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=325a436e-1c33-44e7-a677-512f3a856bcd&uuid=1121b586-8090-48ac-b05c-0b3a17eae791 HTTP/1.1
    Cache-Control: no-cache
    Pragma: no-cache
    Content-Type: application/json
    Host: ps.pndsn.com
    Response
    HTTP/1.1 200 OK
    Date: Tue, 21 Jan 2025 04:29:23 GMT
    Content-Type: text/javascript; charset="UTF-8"
    Content-Length: 55
    Connection: keep-alive
    Access-Control-Allow-Methods: OPTIONS, GET, POST
    Age: 0
    Cache-Control: no-cache
    Accept-Ranges: bytes
    Access-Control-Allow-Credentials: true
    Access-Control-Expose-Headers: *
  • flag-de
    GET
    https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/1121b586-8090-48ac-b05c-0b3a17eae791/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=e77f0a86-fde2-487a-89fd-96b85e56097d&tt=0&uuid=1121b586-8090-48ac-b05c-0b3a17eae791
    AteraAgent.exe
    Remote address:
    35.157.63.228:443
    Request
    GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/1121b586-8090-48ac-b05c-0b3a17eae791/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=e77f0a86-fde2-487a-89fd-96b85e56097d&tt=0&uuid=1121b586-8090-48ac-b05c-0b3a17eae791 HTTP/1.1
    Cache-Control: no-cache
    Pragma: no-cache
    Content-Type: application/json
    Host: ps.pndsn.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Tue, 21 Jan 2025 04:27:16 GMT
    Content-Type: text/javascript; charset="UTF-8"
    Content-Length: 45
    Connection: keep-alive
    Cache-Control: no-cache
    Access-Control-Allow-Methods: GET
    Access-Control-Allow-Credentials: true
    Access-Control-Expose-Headers: *
  • flag-de
    GET
    https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/1121b586-8090-48ac-b05c-0b3a17eae791/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f03af06a-17bd-4ad2-9409-a9be001d110a&tr=42&tt=17374336361651817&uuid=1121b586-8090-48ac-b05c-0b3a17eae791
    AteraAgent.exe
    Remote address:
    35.157.63.228:443
    Request
    GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/1121b586-8090-48ac-b05c-0b3a17eae791/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f03af06a-17bd-4ad2-9409-a9be001d110a&tr=42&tt=17374336361651817&uuid=1121b586-8090-48ac-b05c-0b3a17eae791 HTTP/1.1
    Cache-Control: no-cache
    Pragma: no-cache
    Content-Type: application/json
    Host: ps.pndsn.com
    Response
    HTTP/1.1 200 OK
    Date: Tue, 21 Jan 2025 04:27:18 GMT
    Content-Type: text/javascript; charset="UTF-8"
    Content-Length: 1859
    Connection: keep-alive
    Cache-Control: no-cache
    Access-Control-Allow-Methods: GET
    Access-Control-Allow-Credentials: true
    Access-Control-Expose-Headers: *
  • flag-de
    GET
    https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/1121b586-8090-48ac-b05c-0b3a17eae791/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=ffb14ac1-a380-4d64-a417-f8666ed78841&tr=42&tt=17374336386371029&uuid=1121b586-8090-48ac-b05c-0b3a17eae791
    AteraAgent.exe
    Remote address:
    35.157.63.228:443
    Request
    GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/1121b586-8090-48ac-b05c-0b3a17eae791/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=ffb14ac1-a380-4d64-a417-f8666ed78841&tr=42&tt=17374336386371029&uuid=1121b586-8090-48ac-b05c-0b3a17eae791 HTTP/1.1
    Cache-Control: no-cache
    Pragma: no-cache
    Content-Type: application/json
    Host: ps.pndsn.com
    Response
    HTTP/1.1 200 OK
    Date: Tue, 21 Jan 2025 04:28:36 GMT
    Content-Type: text/javascript; charset="UTF-8"
    Content-Length: 45
    Connection: keep-alive
    Cache-Control: no-cache
    Access-Control-Allow-Methods: GET
    Access-Control-Allow-Credentials: true
    Access-Control-Expose-Headers: *
  • flag-de
    GET
    https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/1121b586-8090-48ac-b05c-0b3a17eae791/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=bfb7112e-5deb-4bf0-b561-fd15e633ff44&tr=42&tt=17374336386371029&uuid=1121b586-8090-48ac-b05c-0b3a17eae791
    AteraAgent.exe
    Remote address:
    35.157.63.228:443
    Request
    GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/1121b586-8090-48ac-b05c-0b3a17eae791/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=bfb7112e-5deb-4bf0-b561-fd15e633ff44&tr=42&tt=17374336386371029&uuid=1121b586-8090-48ac-b05c-0b3a17eae791 HTTP/1.1
    Cache-Control: no-cache
    Pragma: no-cache
    Content-Type: application/json
    Host: ps.pndsn.com
    Response
    HTTP/1.1 200 OK
    Date: Tue, 21 Jan 2025 04:28:38 GMT
    Content-Type: text/javascript; charset="UTF-8"
    Content-Length: 45
    Connection: keep-alive
    Cache-Control: no-cache
    Access-Control-Allow-Methods: GET
    Access-Control-Allow-Credentials: true
    Access-Control-Expose-Headers: *
  • flag-de
    GET
    https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/1121b586-8090-48ac-b05c-0b3a17eae791/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=93f86205-3a11-48b9-bff5-95e5c9f440d8&tr=42&tt=17374336386371029&uuid=1121b586-8090-48ac-b05c-0b3a17eae791
    AteraAgent.exe
    Remote address:
    35.157.63.228:443
    Request
    GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/1121b586-8090-48ac-b05c-0b3a17eae791/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=93f86205-3a11-48b9-bff5-95e5c9f440d8&tr=42&tt=17374336386371029&uuid=1121b586-8090-48ac-b05c-0b3a17eae791 HTTP/1.1
    Cache-Control: no-cache
    Pragma: no-cache
    Content-Type: application/json
    Host: ps.pndsn.com
  • flag-us
    DNS
    ps.atera.com
    AteraAgent.exe
    Remote address:
    8.8.8.8:53
    Request
    ps.atera.com
    IN A
    Response
    ps.atera.com
    IN CNAME
    d25btwd9wax8gu.cloudfront.net
    d25btwd9wax8gu.cloudfront.net
    IN A
    3.165.136.45
    d25btwd9wax8gu.cloudfront.net
    IN A
    3.165.136.99
    d25btwd9wax8gu.cloudfront.net
    IN A
    3.165.136.91
    d25btwd9wax8gu.cloudfront.net
    IN A
    3.165.136.42
  • flag-fr
    GET
    https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/38.9/AgentPackageAgentInformation.zip?jprRs5LIdA0UNKEIEaR0nWcTfC1sFr83TtZeBd5AdfcoRpAa2lP1Mwy81kCIXlNo
    AteraAgent.exe
    Remote address:
    3.165.136.45:443
    Request
    GET /agentpackagesnet45/AgentPackageAgentInformation/38.9/AgentPackageAgentInformation.zip?jprRs5LIdA0UNKEIEaR0nWcTfC1sFr83TtZeBd5AdfcoRpAa2lP1Mwy81kCIXlNo HTTP/1.1
    Host: ps.atera.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Content-Type: application/octet-stream
    Content-Length: 392705
    Connection: keep-alive
    Content-MD5: InI9MK2XWjOhKKIMr9tmhA==
    Last-Modified: Mon, 20 Jan 2025 15:32:16 GMT
    ETag: 0x8DD39679F007D26
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 94c0104f-201e-0018-3f51-6ba2ad000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 Jan 2025 15:41:34 GMT
    X-Cache: Hit from cloudfront
    Via: 1.1 ee4bf60e5de76fd95c22ec9a88f5625e.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: CDG52-P3
    X-Amz-Cf-Id: CsaExh2ALRZTh4kVYVFAzYYnaudWnIaOAdS40A1O3Evhw6OMDltusA==
    Age: 45944
  • flag-us
    DNS
    crt.rootg2.amazontrust.com
    AteraAgent.exe
    Remote address:
    8.8.8.8:53
    Request
    crt.rootg2.amazontrust.com
    IN A
    Response
    crt.rootg2.amazontrust.com
    IN A
    3.164.163.127
    crt.rootg2.amazontrust.com
    IN A
    3.164.163.59
    crt.rootg2.amazontrust.com
    IN A
    3.164.163.90
    crt.rootg2.amazontrust.com
    IN A
    3.164.163.87
  • flag-fr
    GET
    http://crt.rootg2.amazontrust.com/rootg2.cer
    AteraAgent.exe
    Remote address:
    3.164.163.127:80
    Request
    GET /rootg2.cer HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: crt.rootg2.amazontrust.com
    Response
    HTTP/1.1 200 OK
    Content-Type: binary/octet-stream
    Content-Length: 1145
    Connection: keep-alive
    Last-Modified: Thu, 16 Jan 2025 01:44:58 GMT
    x-amz-server-side-encryption: AES256
    x-amz-version-id: HsSi.kG5CSeE8N6EhxREKWGwDzNGQrXl
    Accept-Ranges: bytes
    Server: AmazonS3
    Date: Tue, 21 Jan 2025 03:52:06 GMT
    ETag: "c6150925cfea5941ddc7ff2a0a506692"
    X-Cache: Hit from cloudfront
    Via: 1.1 fd18baafadec0908f0d8ee9569158eaa.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: CDG55-P3
    X-Amz-Cf-Id: c8MwaaUTO5Tv2B8BZ-IGBEBQvYUNMEgFpD9y8-Gq2eQ58xmCHBY_rw==
    Age: 2112
  • flag-us
    DNS
    agent-api.atera.com
    AteraAgent.exe
    Remote address:
    8.8.8.8:53
    Request
    agent-api.atera.com
    IN A
    Response
    agent-api.atera.com
    IN CNAME
    agentsapi.trafficmanager.net
    agentsapi.trafficmanager.net
    IN CNAME
    atera-agent-api-eu.westeurope.cloudapp.azure.com
    atera-agent-api-eu.westeurope.cloudapp.azure.com
    IN A
    40.119.152.241
  • flag-us
    DNS
    crl.microsoft.com
    Remote address:
    8.8.8.8:53
    Request
    crl.microsoft.com
    IN A
    Response
    crl.microsoft.com
    IN CNAME
    crl.www.ms.akadns.net
    crl.www.ms.akadns.net
    IN CNAME
    a1363.dscg.akamai.net
    a1363.dscg.akamai.net
    IN A
    2.19.252.157
    a1363.dscg.akamai.net
    IN A
    2.19.252.143
  • flag-gb
    GET
    http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
    Remote address:
    2.19.252.157:80
    Request
    GET /pki/crl/products/MicRooCerAut2011_2011_03_22.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    If-Modified-Since: Thu, 11 Jul 2024 01:45:51 GMT
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: crl.microsoft.com
    Response
    HTTP/1.1 200 OK
    Content-Length: 1036
    Content-Type: application/octet-stream
    Content-MD5: +oTkvMkqpdtzWrUHEQQM3g==
    Last-Modified: Thu, 12 Dec 2024 00:06:56 GMT
    ETag: 0x8DD1A40E476D877
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 4de8ec0b-c01e-0047-3936-4c3cb1000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 21 Jan 2025 04:27:25 GMT
    Connection: keep-alive
  • flag-gb
    GET
    http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
    Remote address:
    95.100.245.144:80
    Request
    GET /pkiops/crl/MicCodSigPCA2011_2011-07-08.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    If-Modified-Since: Sun, 18 Aug 2024 00:23:49 GMT
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: www.microsoft.com
    Response
    HTTP/1.1 200 OK
    Content-Length: 1078
    Content-Type: application/octet-stream
    Content-MD5: HqJzZuA065RHozzmOcAUiQ==
    Last-Modified: Tue, 14 Jan 2025 20:41:31 GMT
    ETag: 0x8DD34DBD43549F4
    x-ms-request-id: 52abe94e-a01e-006e-46ca-6602c5000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 21 Jan 2025 04:27:25 GMT
    Connection: keep-alive
    TLS_version: UNKNOWN
    ms-cv: CASMicrosoftCV318d190c.0
    ms-cv-esi: CASMicrosoftCV318d190c.0
    X-RTag: RT
  • flag-us
    DNS
    agent-api.atera.com
    AteraAgent.exe
    Remote address:
    8.8.8.8:53
    Request
    agent-api.atera.com
    IN A
    Response
    agent-api.atera.com
    IN CNAME
    agentsapi.trafficmanager.net
    agentsapi.trafficmanager.net
    IN CNAME
    atera-agent-api-eu.westeurope.cloudapp.azure.com
    atera-agent-api-eu.westeurope.cloudapp.azure.com
    IN A
    40.119.152.241
  • flag-us
    DNS
    agent-api.atera.com
    AteraAgent.exe
    Remote address:
    8.8.8.8:53
    Request
    agent-api.atera.com
    IN A
    Response
    agent-api.atera.com
    IN CNAME
    agentsapi.trafficmanager.net
    agentsapi.trafficmanager.net
    IN CNAME
    atera-agent-api-eu.westeurope.cloudapp.azure.com
    atera-agent-api-eu.westeurope.cloudapp.azure.com
    IN A
    40.119.152.241
  • 40.119.152.241:443
    agent-api.atera.com
    tls
    rundll32.exe
    735 B
     5.0kB
     9
    8
  • 40.119.152.241:443
    agent-api.atera.com
    tls
    rundll32.exe
    735 B
     5.0kB
     9
    8
  • 40.119.152.241:443
    agent-api.atera.com
    tls
    AteraAgent.exe
    735 B
     5.0kB
     9
    8
  • 40.119.152.241:443
    agent-api.atera.com
    tls
    AteraAgent.exe
    767 B
     5.0kB
     9
    8
  • 40.119.152.241:443
    agent-api.atera.com
    tls
    AteraAgent.exe
    767 B
     5.0kB
     9
    8
  • 35.157.63.228:443
    https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/1121b586-8090-48ac-b05c-0b3a17eae791/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=325a436e-1c33-44e7-a677-512f3a856bcd&uuid=1121b586-8090-48ac-b05c-0b3a17eae791
    tls, http
    AteraAgent.exe
    3.9kB
     9.8kB
     27
    29

    HTTP Request

    GET https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=a5e67df4-695e-4529-af99-56a79632b410&uuid=1121b586-8090-48ac-b05c-0b3a17eae791

    HTTP Response

    200

    HTTP Request

    GET https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=b9e267b9-5d0b-4376-9154-9dc719f36b3d&uuid=1121b586-8090-48ac-b05c-0b3a17eae791

    HTTP Response

    200

    HTTP Request

    GET https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=dbb40d63-ac1f-4b26-9e9a-1009825c16fc&uuid=1121b586-8090-48ac-b05c-0b3a17eae791

    HTTP Response

    200

    HTTP Request

    GET https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=577fdb3c-2655-4f0d-b363-276609cd638f&uuid=1121b586-8090-48ac-b05c-0b3a17eae791

    HTTP Response

    200

    HTTP Request

    GET https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/1121b586-8090-48ac-b05c-0b3a17eae791/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=b955a737-954c-42c8-9f04-0f8815c41b8f&uuid=1121b586-8090-48ac-b05c-0b3a17eae791

    HTTP Response

    200

    HTTP Request

    GET https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=c43b48aa-bda1-4645-ae31-46448ad5dfd8&uuid=1121b586-8090-48ac-b05c-0b3a17eae791

    HTTP Response

    200

    HTTP Request

    GET https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=de8817f0-2bd1-4e9c-b8aa-8e7d08d964ba&uuid=1121b586-8090-48ac-b05c-0b3a17eae791

    HTTP Response

    200

    HTTP Request

    GET https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=99afaaf5-12d8-45b6-9117-c999ad29ef38&uuid=1121b586-8090-48ac-b05c-0b3a17eae791

    HTTP Response

    200

    HTTP Request

    GET https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/1121b586-8090-48ac-b05c-0b3a17eae791/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=325a436e-1c33-44e7-a677-512f3a856bcd&uuid=1121b586-8090-48ac-b05c-0b3a17eae791

    HTTP Response

    200
  • 35.157.63.228:443
    https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/1121b586-8090-48ac-b05c-0b3a17eae791/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=93f86205-3a11-48b9-bff5-95e5c9f440d8&tr=42&tt=17374336386371029&uuid=1121b586-8090-48ac-b05c-0b3a17eae791
    tls, http
    AteraAgent.exe
    3.4kB
     10.0kB
     21
    28

    HTTP Request

    GET https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/1121b586-8090-48ac-b05c-0b3a17eae791/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=e77f0a86-fde2-487a-89fd-96b85e56097d&tt=0&uuid=1121b586-8090-48ac-b05c-0b3a17eae791

    HTTP Response

    200

    HTTP Request

    GET https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/1121b586-8090-48ac-b05c-0b3a17eae791/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f03af06a-17bd-4ad2-9409-a9be001d110a&tr=42&tt=17374336361651817&uuid=1121b586-8090-48ac-b05c-0b3a17eae791

    HTTP Response

    200

    HTTP Request

    GET https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/1121b586-8090-48ac-b05c-0b3a17eae791/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=ffb14ac1-a380-4d64-a417-f8666ed78841&tr=42&tt=17374336386371029&uuid=1121b586-8090-48ac-b05c-0b3a17eae791

    HTTP Response

    200

    HTTP Request

    GET https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/1121b586-8090-48ac-b05c-0b3a17eae791/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=bfb7112e-5deb-4bf0-b561-fd15e633ff44&tr=42&tt=17374336386371029&uuid=1121b586-8090-48ac-b05c-0b3a17eae791

    HTTP Response

    200

    HTTP Request

    GET https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/1121b586-8090-48ac-b05c-0b3a17eae791/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=93f86205-3a11-48b9-bff5-95e5c9f440d8&tr=42&tt=17374336386371029&uuid=1121b586-8090-48ac-b05c-0b3a17eae791
  • 40.119.152.241:443
    agent-api.atera.com
    tls
    AteraAgent.exe
    773 B
     5.2kB
     9
    9
  • 40.119.152.241:443
    agent-api.atera.com
    tls
    AteraAgent.exe
    773 B
     5.2kB
     9
    9
  • 3.165.136.45:443
    https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/38.9/AgentPackageAgentInformation.zip?jprRs5LIdA0UNKEIEaR0nWcTfC1sFr83TtZeBd5AdfcoRpAa2lP1Mwy81kCIXlNo
    tls, http
    AteraAgent.exe
    7.8kB
     411.6kB
     157
    304

    HTTP Request

    GET https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/38.9/AgentPackageAgentInformation.zip?jprRs5LIdA0UNKEIEaR0nWcTfC1sFr83TtZeBd5AdfcoRpAa2lP1Mwy81kCIXlNo

    HTTP Response

    200
  • 3.164.163.127:80
    http://crt.rootg2.amazontrust.com/rootg2.cer
    http
    AteraAgent.exe
    366 B
     1.9kB
     5
    4

    HTTP Request

    GET http://crt.rootg2.amazontrust.com/rootg2.cer

    HTTP Response

    200
  • 40.119.152.241:443
    agent-api.atera.com
    tls
    AteraAgent.exe
    819 B
     5.2kB
     10
    9
  • 40.119.152.241:443
    agent-api.atera.com
    tls
    AteraAgent.exe
    819 B
     5.2kB
     10
    9
  • 40.119.152.241:443
    agent-api.atera.com
    tls
    AgentPackageAgentInformation.exe
    787 B
     5.2kB
     10
    9
  • 40.119.152.241:443
    agent-api.atera.com
    tls
    AgentPackageAgentInformation.exe
    819 B
     5.2kB
     10
    9
  • 2.19.252.157:80
    http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
    http
    451 B
     1.7kB
     5
    5

    HTTP Request

    GET http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl

    HTTP Response

    200
  • 95.100.245.144:80
    http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
    http
    393 B
     1.7kB
     4
    4

    HTTP Request

    GET http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl

    HTTP Response

    200
  • 40.119.152.241:443
    agent-api.atera.com
    tls
    AteraAgent.exe
    819 B
     5.2kB
     10
    9
  • 40.119.152.241:443
    agent-api.atera.com
    tls
    AteraAgent.exe
    767 B
     5.0kB
     9
    8
  • 40.119.152.241:443
    agent-api.atera.com
    tls
    AgentPackageAgentInformation.exe
    767 B
     5.0kB
     9
    8
  • 40.119.152.241:443
    agent-api.atera.com
    tls
    AgentPackageAgentInformation.exe
    767 B
     5.0kB
     9
    8
  • 40.119.152.241:443
    agent-api.atera.com
    tls
    AteraAgent.exe
    819 B
     5.2kB
     10
    9
  • 40.119.152.241:443
    agent-api.atera.com
    tls
    AgentPackageAgentInformation.exe
    819 B
     5.2kB
     10
    9
  • 40.119.152.241:443
    agent-api.atera.com
    tls
    AgentPackageAgentInformation.exe
    773 B
     5.2kB
     9
    9
  • 40.119.152.241:443
    agent-api.atera.com
    tls
    AteraAgent.exe
    767 B
     5.0kB
     9
    8
  • 40.119.152.241:443
    agent-api.atera.com
    tls
    AteraAgent.exe
    767 B
     5.0kB
     9
    8
  • 40.119.152.241:443
    agent-api.atera.com
    tls
    AteraAgent.exe
    819 B
     5.2kB
     10
    9
  • 40.119.152.241:443
    agent-api.atera.com
    tls
    AteraAgent.exe
    767 B
     5.0kB
     9
    8
  • 40.119.152.241:443
    agent-api.atera.com
    tls
    AteraAgent.exe
    767 B
     5.0kB
     9
    8
  • 40.119.152.241:443
    agent-api.atera.com
    tls
    AteraAgent.exe
    767 B
     5.0kB
     9
    8
  • 40.119.152.241:443
    agent-api.atera.com
    tls
    AteraAgent.exe
    767 B
     5.0kB
     9
    8
  • 40.119.152.241:443
    agent-api.atera.com
    tls
    AteraAgent.exe
    819 B
     5.2kB
     10
    9
  • 40.119.152.241:443
    agent-api.atera.com
    tls
    AteraAgent.exe
    767 B
     5.0kB
     9
    8
  • 40.119.152.241:443
    agent-api.atera.com
    tls
    AteraAgent.exe
    767 B
     5.0kB
     9
    8
  • 40.119.152.241:443
    agent-api.atera.com
    tls
    AteraAgent.exe
    819 B
     5.2kB
     10
    9
  • 40.119.152.241:443
    agent-api.atera.com
    tls
    AteraAgent.exe
    819 B
     5.2kB
     10
    9
  • 40.119.152.241:443
    agent-api.atera.com
    tls
    AteraAgent.exe
    767 B
     5.0kB
     9
    8
  • 40.119.152.241:443
    agent-api.atera.com
    tls
    AteraAgent.exe
    767 B
     5.0kB
     9
    8
  • 40.119.152.241:443
    agent-api.atera.com
    tls
    AteraAgent.exe
    773 B
     5.2kB
     9
    9
  • 40.119.152.241:443
    agent-api.atera.com
    tls
    AteraAgent.exe
    819 B
     5.2kB
     10
    9
  • 40.119.152.241:443
    agent-api.atera.com
    tls
    AteraAgent.exe
    767 B
     5.0kB
     9
    8
  • 40.119.152.241:443
    agent-api.atera.com
    tls
    AteraAgent.exe
    767 B
     5.0kB
     9
    8
  • 40.119.152.241:443
    agent-api.atera.com
    tls
    AteraAgent.exe
    767 B
     5.0kB
     9
    8
  • 40.119.152.241:443
    agent-api.atera.com
    tls
    AteraAgent.exe
    767 B
     5.0kB
     9
    8
  • 8.8.8.8:53
    agent-api.atera.com
    dns
    AteraAgent.exe
    65 B
     182 B
     1
    1

    DNS Request

    agent-api.atera.com

    DNS Response

    40.119.152.241

  • 8.8.8.8:53
    www.microsoft.com
    dns
    AteraAgent.exe
    63 B
     230 B
     1
    1

    DNS Request

    www.microsoft.com

    DNS Response

    95.100.245.144

  • 8.8.8.8:53
    ps.pndsn.com
    dns
    AteraAgent.exe
    58 B
     90 B
     1
    1

    DNS Request

    ps.pndsn.com

    DNS Response

    35.157.63.228
    35.157.63.229

  • 8.8.8.8:53
    ps.atera.com
    dns
    AteraAgent.exe
    58 B
     165 B
     1
    1

    DNS Request

    ps.atera.com

    DNS Response

    3.165.136.45
    3.165.136.99
    3.165.136.91
    3.165.136.42

  • 8.8.8.8:53
    crt.rootg2.amazontrust.com
    dns
    AteraAgent.exe
    72 B
     136 B
     1
    1

    DNS Request

    crt.rootg2.amazontrust.com

    DNS Response

    3.164.163.127
    3.164.163.59
    3.164.163.90
    3.164.163.87

  • 8.8.8.8:53
    agent-api.atera.com
    dns
    AteraAgent.exe
    65 B
     182 B
     1
    1

    DNS Request

    agent-api.atera.com

    DNS Response

    40.119.152.241

  • 8.8.8.8:53
    crl.microsoft.com
    dns
    63 B
     162 B
     1
    1

    DNS Request

    crl.microsoft.com

    DNS Response

    2.19.252.157
    2.19.252.143

  • 8.8.8.8:53
    agent-api.atera.com
    dns
    AteraAgent.exe
    65 B
     182 B
     1
    1

    DNS Request

    agent-api.atera.com

    DNS Response

    40.119.152.241

  • 8.8.8.8:53
    agent-api.atera.com
    dns
    AteraAgent.exe
    65 B
     182 B
     1
    1

    DNS Request

    agent-api.atera.com

    DNS Response

    40.119.152.241

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Config.Msi\f76a96b.rbs
    Filesize

    8KB

    MD5

    ac29cd1c04a25b17624c85c4f7371d82

    SHA1

    209b63d18c54b41979f13046b260f3a94fb88b21

    SHA256

    6be9337f41dd45a8e45fe3338bc5af27954ffa45732cba7631d62d0411bef14d

    SHA512

    2748180eae3ef35154893954861c1f6ad32469b49a94f7389c99c998d3f87b8347df4c5eaf4e7864c3f60b59844a627fa524bb3e5640d521747ea40219707d13

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
    Filesize

    753B

    MD5

    8298451e4dee214334dd2e22b8996bdc

    SHA1

    bc429029cc6b42c59c417773ea5df8ae54dbb971

    SHA256

    6fbf5845a6738e2dc2aa67dd5f78da2c8f8cb41d866bbba10e5336787c731b25

    SHA512

    cda4ffd7d6c6dff90521c6a67a3dba27bf172cc87cee2986ae46dccd02f771d7e784dcad8aea0ad10decf46a1c8ae1041c184206ec2796e54756e49b9217d7ba

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
    Filesize

    142KB

    MD5

    477293f80461713d51a98a24023d45e8

    SHA1

    e9aa4e6c514ee951665a7cd6f0b4a4c49146241d

    SHA256

    a96a0ba7998a6956c8073b6eff9306398cc03fb9866e4cabf0810a69bb2a43b2

    SHA512

    23f3bd44a5fb66be7fea3f7d6440742b657e4050b565c1f8f4684722502d46b68c9e54dcc2486e7de441482fcc6aa4ad54e94b1d73992eb5d070e2a17f35de2f

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config
    Filesize

    1KB

    MD5

    b3bb71f9bb4de4236c26578a8fae2dcd

    SHA1

    1ad6a034ccfdce5e3a3ced93068aa216bd0c6e0e

    SHA256

    e505b08308622ad12d98e1c7a07e5dc619a2a00bcd4a5cbe04fe8b078bcf94a2

    SHA512

    fb6a46708d048a8f964839a514315b9c76659c8e1ab2cd8c5c5d8f312aa4fb628ab3ce5d23a793c41c13a2aa6a95106a47964dad72a5ecb8d035106fc5b7ba71

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll
    Filesize

    210KB

    MD5

    c106df1b5b43af3b937ace19d92b42f3

    SHA1

    7670fc4b6369e3fb705200050618acaa5213637f

    SHA256

    2b5b7a2afbc88a4f674e1d7836119b57e65fae6863f4be6832c38e08341f2d68

    SHA512

    616e45e1f15486787418a2b2b8eca50cacac6145d353ff66bf2c13839cd3db6592953bf6feed1469db7ddf2f223416d5651cd013fb32f64dc6c72561ab2449ae

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll
    Filesize

    693KB

    MD5

    2c4d25b7fbd1adfd4471052fa482af72

    SHA1

    fd6cd773d241b581e3c856f9e6cd06cb31a01407

    SHA256

    2a7a84768cc09a15362878b270371daad9872caacbbeebe7f30c4a7ed6c03ca7

    SHA512

    f7f94ec00435466db2fb535a490162b906d60a3cfa531a36c4c552183d62d58ccc9a6bb8bbfe39815844b0c3a861d3e1f1178e29dbcb6c09fa2e6ebbb7ab943a

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.INI
    Filesize

    12B

    MD5

    e7d76972b7bcee4b8e7ff558c4b5332f

    SHA1

    6925ef528563be830aa054df66fb5359aa5e1442

    SHA256

    39d7fb8d9cdf74d5b1fec800b082936486ce182fffc619f1bb7176611b1a1336

    SHA512

    f3eff8f7e02374f100db3148952c4d145b56686057af20aa989311958ed03db2c12da038db12be02aca6430812eb4474c704cb65a39b5566c972c33d0a6b6251

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
    Filesize

    248KB

    MD5

    02c5e1d68418152679c58cd3c8130aeb

    SHA1

    ba1e87324cd9ce568584ded884be8967311495d6

    SHA256

    8d21a793b93af34f0de79094be326e543e7a2a18aed77e4e12f0fe5969b9868d

    SHA512

    0aee6baf3a77341b0c111137f81215b481bd7a0e9f6ba871941bf3cf547e9f66adf61cf781d46c04a773eee5762f73221d3094f64d3470d49e7eabf1f774ce08

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config
    Filesize

    546B

    MD5

    158fb7d9323c6ce69d4fce11486a40a1

    SHA1

    29ab26f5728f6ba6f0e5636bf47149bd9851f532

    SHA256

    5e38ef232f42f9b0474f8ce937a478200f7a8926b90e45cb375ffda339ec3c21

    SHA512

    7eefcc5e65ab4110655e71bc282587e88242c15292d9c670885f0daae30fa19a4b059390eb8e934607b8b14105e3e25d7c5c1b926b6f93bdd40cbd284aaa3ceb

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll
    Filesize

    688KB

    MD5

    c63e1d81d747a07f62c914fe92e7e62b

    SHA1

    793dce4607d78d95df754f57c6857e80adb4d1fe

    SHA256

    a7b3fc2f4aac37f80052515b92e514210920adf05c096a7bd85af51b0c3ebe66

    SHA512

    d3cb63dc5699e8c775fcd82de6d19cdeabf7aae39f040ad477995945a3e4cee5c34a07d5f1b0b884de6180e84a576366b1a9af7deb6aaec929ea5ee2e810f1a0

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\log.txt
    Filesize

    23KB

    MD5

    bdff30ac6e5907d171ef1410bf6334ad

    SHA1

    4761a3f675294aa2e76805b9f1ef0ac52bcac39e

    SHA256

    61559e17d38b1bd2f55de543728d33ef3df9169c3a075099aece26ae3222149e

    SHA512

    72fd2587adf42dc6cb7b019adb5e1cd7a7deac9e09d6a39fb3343c1edc6191c7d9b90d063bd3b81046fbdc63ad9d11027739a4519850df7265a84988d7213288

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll
    Filesize

    588KB

    MD5

    17d74c03b6bcbcd88b46fcc58fc79a0d

    SHA1

    bc0316e11c119806907c058d62513eb8ce32288c

    SHA256

    13774cc16c1254752ea801538bfb9a9d1328f8b4dd3ff41760ac492a245fbb15

    SHA512

    f1457a8596a4d4f9b98a7dcb79f79885fa28bd7fc09a606ad3cd6f37d732ec7e334a64458e51e65d839ddfcdf20b8b5676267aa8ced0080e8cf81a1b2291f030

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt
    Filesize

    229B

    MD5

    c44382fef15ba560c956f38ac83a255c

    SHA1

    aaeda782a738807ee4177620d02233dd31951cb1

    SHA256

    82fbc9b52892acb1eedbd8198020e0df6ed102aa0aabb8f1f6274894c89be036

    SHA512

    c889dec3d7ded8832029405449ecde30be800c17c0a35da9cacc373914ee05b09751ac1045420031d1e5bc099270e39e6679af24a53659bdcb9781a02028d773

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
    Filesize

    471B

    MD5

    71bd195d7c58500ba8a871cf9308a385

    SHA1

    4ccbbd6d61a80f21a86adb44adbe9018fcc0d09a

    SHA256

    adea38b7c56668aaf6e0536f8aa40de32e398d248a975b573becfdbf880499ae

    SHA512

    9b230b2a5073903847e17c5835f7ffba35647925e742a4e82dbac36e22fe6d74ebe3c686e38c1c8762db82c034480be83202f58424515603c572551e3b93ef02

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
    Filesize

    727B

    MD5

    d67fdd580bd145b76a8f83dd774ab70d

    SHA1

    12915b1143c9e9dac224c2ea04c9f72fa5740604

    SHA256

    f67e7df704b8bef35c0a8a2262748acf50d6535fdcfeb5491df175f17887b4aa

    SHA512

    d772faf89a1399692c7d38cb70f2c56b3574f93fcad82f33259523ea8f3789c5433d2d3130bc643757f5fb1afc9f986bba33971bcb189f7e7da3eba148ddf8e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
    Filesize

    727B

    MD5

    16c24216150e1a905e10b2e8d548347c

    SHA1

    5c4368666496e27bd6d6bd0d8f272cb4ffb49782

    SHA256

    d2a211d804241dbd3bb351b41b439f024aa630aab63ccba213147264d5da8a64

    SHA512

    f06d505c516c76a3d4a16d908d7603cebb6c78ea58b75d1d5b44a252a0866a80968786b00b85ac23045921e8f561b64ea4be00793ea27c770da4e4c3ede65af8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
    Filesize

    400B

    MD5

    a117f158b183b650f24115519e3bc2b7

    SHA1

    9c386700ccd9142274cfd8feab544783b4617948

    SHA256

    3b10865877e37bbd070cf5c76b80cd1144818f2226b5186bdc11898bb4265273

    SHA512

    4e0b8ea42c241c02d6d8aec489b2a0ec3fdfc575f8aed64090109d94ef27660de8f5dca54a4367dc03b19f35f4d1622e9faefbcd71709466fb24b33d37b2de23

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
    Filesize

    404B

    MD5

    889635e70a211dc26363a828be9ee146

    SHA1

    6db155b35640bf76328e6e6ef3a956d20fb1fc5b

    SHA256

    7e595adb76b233f131efaa48ceeb40a637d4910ffa9ffa9d4fcb32451e086666

    SHA512

    3be1d8252d65fa865dd48acaad920de1dc09333b016b479d8d1ab65ec6124acef85389e8cafccac91f8cb9f81bdc17a2c4150786cd4a3879811e51509018fc72

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e5d3418b13eb10b43f1b8c36aa68d3c6

    SHA1

    db0fbcf545c0845e496f4ada10d5a2d7352b94c0

    SHA256

    a04972deef670e5443431a4b57319ec787720fb4558aa05f29d0b5c1ac37cde3

    SHA512

    af552b6e1642fa4853ddc96f54fef35058a2a154724e79183cea746d174621009e1eded13d75eec881953fbc6c666fdcf4666890874876e6012dd35ecd7a40c3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3b3d103c0271f3a8348d748bd75cd66b

    SHA1

    242d27a24a8f11a4b6c717515ce7dc4715407409

    SHA256

    e97768a9fbbfd40f834d9a21a9e0289e5911f7e543c85000edd9d508333bb8d2

    SHA512

    f08ef68a0ce9c9818135ec416cfa9ee8968fa646f7bab9f2df3a8e3d8ca30908d74fb11e6941b1672666752df3a23237845a153dbd9291e541d5f7d127b21a99

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
    Filesize

    412B

    MD5

    64d703ba5016f9200c2a62381e592748

    SHA1

    a7c5d0a83cbb7dba7de8453eeb38bfe0c5f36105

    SHA256

    6c5516ef1f1de71775885542a16e1f44f416a1e60a7b5c527a21923c16fbc12e

    SHA512

    dc0ef6a4f695956a05222b39409be74d42ff90c26027b6e48a5a838a8a9d1151d1dbb3266a331c8149d70aa042b22975497f0089a009191c9c6145a8cbe6a3b0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab8A57.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar8B54.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\Installer\MSIA9C9.tmp
    Filesize

    509KB

    MD5

    88d29734f37bdcffd202eafcdd082f9d

    SHA1

    823b40d05a1cab06b857ed87451bf683fdd56a5e

    SHA256

    87c97269e2b68898be87b884cd6a21880e6f15336b1194713e12a2db45f1dccf

    SHA512

    1343ed80dccf0fa4e7ae837b68926619d734bc52785b586a4f4102d205497d2715f951d9acacc8c3e5434a94837820493173040dc90fb7339a34b6f3ef0288d0

    Download Submit

  • C:\Windows\Installer\MSIACB6.tmp-\CustomAction.config
    Filesize

    1KB

    MD5

    bc17e956cde8dd5425f2b2a68ed919f8

    SHA1

    5e3736331e9e2f6bf851e3355f31006ccd8caa99

    SHA256

    e4ff538599c2d8e898d7f90ccf74081192d5afa8040e6b6c180f3aa0f46ad2c5

    SHA512

    02090daf1d5226b33edaae80263431a7a5b35a2ece97f74f494cc138002211e71498d42c260395ed40aee8e4a40474b395690b8b24e4aee19f0231da7377a940

    Download Submit

  • C:\Windows\Installer\MSIBF40.tmp
    Filesize

    211KB

    MD5

    a3ae5d86ecf38db9427359ea37a5f646

    SHA1

    eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

    SHA256

    c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

    SHA512

    96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

    Download Submit

  • C:\Windows\Installer\f76a969.msi
    Filesize

    2.9MB

    MD5

    666994c1545b1e6b686ccd8668df24a4

    SHA1

    5f38a286fcd1c675a23ec0d67bab426d48065911

    SHA256

    f681328a883ca5f414f92c49dbe20d06d6f65d5f45dac594de9af983908174e1

    SHA512

    2a4355f962ceb82827c044fddc581e02a15ec10f8f78a322ea19ab4a131f948a91716f1294979b50a0934b64173a37e1329e69612d43aa29d1d2823e5c393497

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
    Filesize

    1KB

    MD5

    55540a230bdab55187a841cfe1aa1545

    SHA1

    363e4734f757bdeb89868efe94907774a327695e

    SHA256

    d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

    SHA512

    c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9ed4d0c08d8ce5c954ca4dd703507652

    SHA1

    3a16f96de2f129fff0b38f03bdee939bf71d2c3e

    SHA256

    e01cfb202cd01cfd0faa034430bc485cd94076c93aaca459aff0f47ba52ea13b

    SHA512

    d8483b422a79650e86bda1afe6dc3375188c7455b905d4987a3fe1b25cfedc2890461260d01826e575b7e117457578704c869f479f88d1e8de7cb1482cd86035

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f4877d62d9d870f6691c48917d9e9aac

    SHA1

    1b09e9aaf5fb9c73b0aeb3f5785ae59c4810022d

    SHA256

    035a9aae9553f1cfe4b5329f63df74c3d61408a506d896254cbc07dc29b60724

    SHA512

    d9c1c84ca3fd4a6e180d66f1ec9bd9671a8657fb6d523d2f19c951a2e89e2def0a851827848b607dc8c7778b019eccb0945c01619e2c333887a6b65f7ca4f678

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    15e967bf18186d75c5fc946da7394348

    SHA1

    138b9236951ee08fab852b56d002377ab9408e5b

    SHA256

    fa01bfb93e9d67416f6868243a964e40e037926abd66c80021a079e69cebd4b8

    SHA512

    d1e81be6f5c14f497b8d8758b108a40bbe93fe688ef11cacc954405c54ee1c60422ab776eba167fda7005065b2ac5ebf142201f0500731d1ee0a2a5c7cdb3d31

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8adac977362481d94f5c0150c34240f5

    SHA1

    2a8e103eb68002e293bb43c1a900bb1ab6a8f21f

    SHA256

    764083ae1420de697224933fcbf763a86267b198f8cf57e6d76bfd9a0ec35e36

    SHA512

    eec8ad2b74df92e8ac72cac1d82610ea13f2b02ba2b96f5d010826cd38adea3a326be16db2d8ca306d90dc7c6f215dfd7a336a8563b5ec0d6f455505b26288ef

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    df833e170a0ab0abfc194a6d2d1b2c88

    SHA1

    f5911a4512388c9879a09591226f66e51dffcb0c

    SHA256

    6f93b92925bbdb8ab93d589f58940ffb7567cde7dddee0e1305e7986210e794f

    SHA512

    62b63362199a6c00fee4c0d8506cf1f619de45b947b33a635003a4b67a115a4414139406510feaffd9a16ed4be82891b16d659006a4c5369572eb304605cf6b2

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cbec724745bd4d0bdeaa1828a556becd

    SHA1

    76721cb436258ea0ee2319d6dcf3c7fd41ff2802

    SHA256

    7da1f2e21fb17941e0f53b45c8370464a9ad56be1e40720f7f696ae28d1cd10b

    SHA512

    3fff7b5d367f5ee1bdff935be5ae9dba22d46322dab53db71ebbd46eab3725db1b46e6c497676686a4f80e649d5ce9524df036b408ea1bf85933c9c87c44f2c7

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fc22490cae5c060609410cec93391fcf

    SHA1

    7c8a0c7d8f3e7e760cb63cef407a8503d0309870

    SHA256

    bf855ebdd2872010433c2ebff29e6de3cc62a0baaa73c69f4e4abe8dd667efd5

    SHA512

    c922079a4f2b3dc313de38ee0eba6b02b263b0d28035d27812c455132558da56d3100c3b4493fc9deee990348fcec6d7b3564ecf53b1eafe82052b79da5adf40

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6441ea177ae3fea8283fad3136efe63a

    SHA1

    b55924daab33604cc94d47bc9c1d6b27aa5ceb87

    SHA256

    466098eef87cd121e6c0395bfb1c43fef2ad4674c0ac0a27cb1e162b67944f5d

    SHA512

    3144f96e148399aa3d1c0830029d8913c3bd1716047681b247d7cac12731bd808e9557fc5af583e4cfebe935271dec8ac317f3427da78eb34f6f52947f612690

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bcb71e01c1253edf1ee271232f76c1a0

    SHA1

    782415cc2244da70508b36b14c877b504f9c6794

    SHA256

    485a48f383aa5e5e6ed8bebbdb1a7386b050012d6a29e172be4ea76347e0b7f8

    SHA512

    61a1c6d1cdc7be7d46f3626f2fedad24b3b092140aa6a902e5dd55838c116ce8f3195786310762e7323ec4c753c03f587190af356714b7f9ff14241c0fc83f26

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fbb4cabd85a39a62ae4d835540d9f442

    SHA1

    fd230e1756916a0987a7857b4ba7ac2e54d2d18c

    SHA256

    7557c59041e7eebe88e201b565f8f8aee3470862ab35433640d89feb170f2deb

    SHA512

    5f56c9766cd7be3867c4bd3c63d68524598fc8b48c025e8b68e05bea16779bf9b1a24518c88c3d7ed3277c94452c2fc0dc02345852236afa084b741bc5b64559

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b27854cee600df32fa0c6c55659ec718

    SHA1

    8ab258661bfa663324fa17eb00ba445c03a41d6c

    SHA256

    1e50bd4debcc1d552e21bdefaff865317042edf72f2dbaf9145be8f099947785

    SHA512

    2da44e3dd0c939b239dbc996f2e21f62f0c6ee4a98675ea6bc5d3bcef52a46e55f6ea9b12d34ad0a800a20fa691a761c965f3d0abfdacd05957464a1124cf67b

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    0f150605146ee3e56e41f571f74fd78e

    SHA1

    274555d967fbc5979bc47a01480613fd038c35be

    SHA256

    24202478eca1b72067dff2a87ff90280e29cbf6787d58a737fff8a0077420500

    SHA512

    7e97135c6a380f1261067a4b8a1ff69f42239cf16b5476da8d835a27ba2aea21262e77afd3666d211ca8d7b226a55ef4bc6b9c94f9db35d0e603b94c2254aba8

    Download Submit

  • C:\Windows\Temp\CabD4EB.tmp
    Filesize

    29KB

    MD5

    d59a6b36c5a94916241a3ead50222b6f

    SHA1

    e274e9486d318c383bc4b9812844ba56f0cff3c6

    SHA256

    a38d01d3f024e626d579cf052ac3bd4260bb00c34bc6085977a5f4135ab09b53

    SHA512

    17012307955fef045e7c13bf0613bd40df27c29778ba6572640b76c18d379e02dc478e855c9276737363d0ad09b9a94f2adaa85da9c77ebb3c2d427aa68e2489

    Download Submit

  • C:\Windows\Temp\TarD4FE.tmp
    Filesize

    81KB

    MD5

    b13f51572f55a2d31ed9f266d581e9ea

    SHA1

    7eef3111b878e159e520f34410ad87adecf0ca92

    SHA256

    725980edc240c928bec5a5f743fdabeee1692144da7091cf836dc7d0997cef15

    SHA512

    f437202723b2817f2fef64b53d4eb67f782bdc61884c0c1890b46deca7ca63313ee2ad093428481f94edfcecd9c77da6e72b604998f7d551af959dbd6915809c

    Download Submit

  • \Windows\Installer\MSIA9C9.tmp-\AlphaControlAgentInstallation.dll
    Filesize

    25KB

    MD5

    aa1b9c5c685173fad2dabebeb3171f01

    SHA1

    ed756b1760e563ce888276ff248c734b7dd851fb

    SHA256

    e44a6582cd3f84f4255d3c230e0a2c284e0cffa0ca5e62e4d749e089555494c7

    SHA512

    d3bfb4bd7e7fdb7159fbfc14056067c813ce52cdd91e885bdaac36820b5385fb70077bf58ec434d31a5a48245eb62b6794794618c73fe7953f79a4fc26592334

    Download Submit

  • \Windows\Installer\MSIA9C9.tmp-\Microsoft.Deployment.WindowsInstaller.dll
    Filesize

    179KB

    MD5

    1a5caea6734fdd07caa514c3f3fb75da

    SHA1

    f070ac0d91bd337d7952abd1ddf19a737b94510c

    SHA256

    cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

    SHA512

    a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

    Download Submit

  • \Windows\Installer\MSIACB6.tmp-\Newtonsoft.Json.dll
    Filesize

    695KB

    MD5

    715a1fbee4665e99e859eda667fe8034

    SHA1

    e13c6e4210043c4976dcdc447ea2b32854f70cc6

    SHA256

    c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

    SHA512

    bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

    Download Submit

  • memory/1720-1057-0x0000000000E80000-0x0000000000EB8000-memory.dmp

    Filesize

    224KB

    Download

  • memory/1720-294-0x000000001A980000-0x000000001AA32000-memory.dmp

    Filesize

    712KB

    Download

  • memory/1720-76-0x0000000000580000-0x000000000058C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1720-72-0x0000000000550000-0x000000000057E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1924-101-0x00000000008D0000-0x00000000008FE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1924-109-0x0000000002590000-0x0000000002642000-memory.dmp

    Filesize

    712KB

    Download

  • memory/1924-105-0x0000000000930000-0x000000000093C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2400-1190-0x0000000001390000-0x00000000013D2000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2400-1193-0x0000000000C00000-0x0000000000CB0000-memory.dmp

    Filesize

    704KB

    Download

  • memory/2400-1194-0x00000000003E0000-0x00000000003FC000-memory.dmp

    Filesize

    112KB

    Download

  • memory/2728-245-0x000000001B010000-0x000000001B0A8000-memory.dmp

    Filesize

    608KB

    Download

  • memory/2728-233-0x0000000000AA0000-0x0000000000AC8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2932-313-0x0000000004C00000-0x0000000004CB2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2932-309-0x0000000000900000-0x000000000090C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2932-305-0x0000000000850000-0x000000000087E000-memory.dmp

    Filesize

    184KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.