Overview

overview

10

Static

static

10

z65NF-E.msi

windows7-x64

10

z65NF-E.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    24/01/2025, 15:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    z65NF-E.msi

  • Size

    2.9MB

  • MD5

    7c2346e58afd0cc0337fc935cd41d9c4

  • SHA1

    32189bee035e465d2df8bb15c5d168f8eff6f187

  • SHA256

    9219d0815a0320d65356c84003ea6d80935ebf855d2b7fbda79c4f38057a1e78

  • SHA512

    b7267d28ec63ce3b3a2bd247094bf1a4cc8891549a4d43f8875ba1e37f97f3a1a6bddcbc8f9be009fc12a3836dd9d759394ec5a38ef87c8425990d42ce3cb9e2

  • SSDEEP

    49152:M+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:M+lUlz9FKbsodq0YaH7ZPxMb8tT

Score
10/10
ateraagentdiscoverypersistenceprivilege_escalationrat

Malware Config

Signatures

  • AteraAgent

    AteraAgent is a remote monitoring and management tool.

    ratateraagent
  • Ateraagent family
    ateraagent
  • Detects AteraAgent 1 IoCs
  • Blocklisted process makes network request 7 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 20 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 18 IoCs
  • Drops file in Windows directory 37 IoCs
  • Executes dropped EXE 3 IoCs
  • Launches sc.exe 1 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Loads dropped DLL 35 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Kills process with taskkill 1 IoCs
    defense_evasion
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 22 IoCs
  • Modifies system certificate store 2 TTPs 4 IoCs
    defense_evasionspywaretrojan
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 63 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\z65NF-E.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2128
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2692
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding B603C28512F1E1CF81A35EDB99CE271C
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:760
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI9B57.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259431441 1 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
        3⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:1524
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI9E93.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259432111 5 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
        3⤵
        • Blocklisted process makes network request
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:3016
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSIAE6C.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259436183 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
        3⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:1736
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSIB98A.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259438975 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
        3⤵
        • Blocklisted process makes network request
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:2060
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 56B2D7FC188942AD81A4180330C4DB24 M Global\MSI0000
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2584
      • C:\Windows\syswow64\NET.exe
        "NET" STOP AteraAgent
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2604
        • C:\Windows\SysWOW64\net1.exe
          C:\Windows\system32\net1 STOP AteraAgent
          4⤵
          • System Location Discovery: System Language Discovery
          PID:2680
      • C:\Windows\syswow64\TaskKill.exe
        "TaskKill.exe" /f /im AteraAgent.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Kills process with taskkill
        PID:2600
    • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
      "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="[email protected]" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000Pps1uIAB" /AgentId="e2183963-0318-4533-b66d-2a9bf7eefe09"
      2⤵
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      PID:2964
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2656
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000005DC" "00000000000003CC"
    1⤵
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    PID:332
  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
    "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Executes dropped EXE
    • Modifies data under HKEY_USERS
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1676
    • C:\Windows\System32\sc.exe
      "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
      2⤵
      • Launches sc.exe
      PID:1852
    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" e2183963-0318-4533-b66d-2a9bf7eefe09 "b2b506ef-55c4-422b-8013-3b0228d1acd4" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Pps1uIAB
      2⤵
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      PID:2852

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Config.Msi\f769abb.rbs
    Filesize

    8KB

    MD5

    fa585ebc8bb0588a4ffcf24a62041412

    SHA1

    2f8a51feeb69c32d02f17e66a2695aa775c1e60d

    SHA256

    834a184ee49ae16b8f355cf5dff63649387cf260429b63de4e158a164e142e95

    SHA512

    5d9c184a1455f1daeaf5c1d0fcd4f006cf71601c4b58f93dd125f2e3f3b5df8ace96ec93b3db9e9e185899584ee29960a9c51ec33167088f6e589ba0f74e5971

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
    Filesize

    753B

    MD5

    8298451e4dee214334dd2e22b8996bdc

    SHA1

    bc429029cc6b42c59c417773ea5df8ae54dbb971

    SHA256

    6fbf5845a6738e2dc2aa67dd5f78da2c8f8cb41d866bbba10e5336787c731b25

    SHA512

    cda4ffd7d6c6dff90521c6a67a3dba27bf172cc87cee2986ae46dccd02f771d7e784dcad8aea0ad10decf46a1c8ae1041c184206ec2796e54756e49b9217d7ba

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
    Filesize

    142KB

    MD5

    477293f80461713d51a98a24023d45e8

    SHA1

    e9aa4e6c514ee951665a7cd6f0b4a4c49146241d

    SHA256

    a96a0ba7998a6956c8073b6eff9306398cc03fb9866e4cabf0810a69bb2a43b2

    SHA512

    23f3bd44a5fb66be7fea3f7d6440742b657e4050b565c1f8f4684722502d46b68c9e54dcc2486e7de441482fcc6aa4ad54e94b1d73992eb5d070e2a17f35de2f

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config
    Filesize

    1KB

    MD5

    b3bb71f9bb4de4236c26578a8fae2dcd

    SHA1

    1ad6a034ccfdce5e3a3ced93068aa216bd0c6e0e

    SHA256

    e505b08308622ad12d98e1c7a07e5dc619a2a00bcd4a5cbe04fe8b078bcf94a2

    SHA512

    fb6a46708d048a8f964839a514315b9c76659c8e1ab2cd8c5c5d8f312aa4fb628ab3ce5d23a793c41c13a2aa6a95106a47964dad72a5ecb8d035106fc5b7ba71

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll
    Filesize

    210KB

    MD5

    c106df1b5b43af3b937ace19d92b42f3

    SHA1

    7670fc4b6369e3fb705200050618acaa5213637f

    SHA256

    2b5b7a2afbc88a4f674e1d7836119b57e65fae6863f4be6832c38e08341f2d68

    SHA512

    616e45e1f15486787418a2b2b8eca50cacac6145d353ff66bf2c13839cd3db6592953bf6feed1469db7ddf2f223416d5651cd013fb32f64dc6c72561ab2449ae

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll
    Filesize

    693KB

    MD5

    2c4d25b7fbd1adfd4471052fa482af72

    SHA1

    fd6cd773d241b581e3c856f9e6cd06cb31a01407

    SHA256

    2a7a84768cc09a15362878b270371daad9872caacbbeebe7f30c4a7ed6c03ca7

    SHA512

    f7f94ec00435466db2fb535a490162b906d60a3cfa531a36c4c552183d62d58ccc9a6bb8bbfe39815844b0c3a861d3e1f1178e29dbcb6c09fa2e6ebbb7ab943a

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.INI
    Filesize

    12B

    MD5

    1e065e191e89cc811ff49c96fa8fa5e6

    SHA1

    bc50ff2a20a8b83683583684fcac640a91689ed4

    SHA256

    d88faf6d47342587ea5fbcaf2ef88fb403f7fcdc08fcab67d4f4f381c237a61e

    SHA512

    5a710e168316c30ca10f7b126e870621f46cca6200e206a9984d144abd11fea045bc475599b18597bbed1e4f00e832d94576837f643b22ffaee56871629290dd

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
    Filesize

    247KB

    MD5

    aa5cf64d575b7544eefd77f256c4dc57

    SHA1

    bd23989db4f9af0aae34d032e817d802c06ca5a9

    SHA256

    79c5afd94d0ffa3519a90e691a6d47f9c2eec93277f7d369aa34e64b171fc920

    SHA512

    774aeb5188c536d556a8c7a0cd3dfd9ab22d7bc0ad13353d11c9153232585da352552a69eb967a741372a99db490df355a5a47696b2ea446582c834c963cfeff

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config
    Filesize

    546B

    MD5

    158fb7d9323c6ce69d4fce11486a40a1

    SHA1

    29ab26f5728f6ba6f0e5636bf47149bd9851f532

    SHA256

    5e38ef232f42f9b0474f8ce937a478200f7a8926b90e45cb375ffda339ec3c21

    SHA512

    7eefcc5e65ab4110655e71bc282587e88242c15292d9c670885f0daae30fa19a4b059390eb8e934607b8b14105e3e25d7c5c1b926b6f93bdd40cbd284aaa3ceb

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll
    Filesize

    94KB

    MD5

    c69c7690482c75a8fc70df2990d7afc6

    SHA1

    79d72d32a03151823bbf0953d5c2ce6bc2bde4b1

    SHA256

    580415595e5936d5f3945e9eeee63f6f4dbacd327aa46e2b7625b638715c27f5

    SHA512

    ed80ade3519345552ca74958efc9c122de840d2844baa08c94400f15168b6fc25377628a55ed12488ea790aaa40bc5bb77b6586de4f1ecd296902bbe36fba4f4

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll
    Filesize

    688KB

    MD5

    111e2e63bccead95bb5ffc53c9282070

    SHA1

    eaae7df21e291aa089bc101b1e265ca202be1225

    SHA256

    9615fe5fe63c48b13ffd8c9bc76170a9ed1cfea6a3d0901e857a1c6c6edaea76

    SHA512

    ffc818615fb30e24633c90b8f5a55c100b5f307414ec54e5a2914bb4ea36d3fb3aa6ed0e5815976a2f6d1b7f056e7da1f108a8eed81b458decebe721ad30b920

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\log.txt
    Filesize

    23KB

    MD5

    20f49819d9718053db2c321551c43891

    SHA1

    de2335521b28bf168184c932edcf4dcb1b8adb59

    SHA256

    052a7aa1d2c370fd6bb264f04906dd2b614d3d6e8eada3a116f09b52c525b842

    SHA512

    d506e1ee946332a8b7500db23b4e8fbc7ed83b9fd2e2fd734d7103e135726bd96b6e431e1892aeff5606092769e8725f2fe17797b59fb95b2ea331a1b5aecc12

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll
    Filesize

    588KB

    MD5

    17d74c03b6bcbcd88b46fcc58fc79a0d

    SHA1

    bc0316e11c119806907c058d62513eb8ce32288c

    SHA256

    13774cc16c1254752ea801538bfb9a9d1328f8b4dd3ff41760ac492a245fbb15

    SHA512

    f1457a8596a4d4f9b98a7dcb79f79885fa28bd7fc09a606ad3cd6f37d732ec7e334a64458e51e65d839ddfcdf20b8b5676267aa8ced0080e8cf81a1b2291f030

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt
    Filesize

    225B

    MD5

    f2ce83902d45e4170c37cbbeb75cd07a

    SHA1

    6470859853b47d24f815139ef6fabc9e43b21dd9

    SHA256

    7c183b6a36adf8dad9712399160f379aaae38152c803f9c0e0c962d913ec0095

    SHA512

    8eb267ef23e3292fe6c252a3c6a78c1cc63648fac9cef2529541b94e1dcfe967343beb7c58c26fedc83eea027d1d50d221c8caf0b0363dd7fbe1d1fec8ae6709

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
    Filesize

    471B

    MD5

    b37eee2552522d51b5d8045e6397c56a

    SHA1

    df7cede952d9088326533e0675f9af3a0412cb2e

    SHA256

    2f47246e72e3f6cc3e5172cc555fbf2bf4a018653a8b0f7ef36a437a149c2c88

    SHA512

    189c7961e872c9001c5decf65113076adb7b3b76a43d047d34308b61082e0b59aa90182c3f53e87432233e731259bb590a0ef18f3ab173da7212d9b5ba701a97

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
    Filesize

    727B

    MD5

    e10202b6ab0b7420d6e690fb0b5f855d

    SHA1

    3a9f90af05c5e932c67aef0beb35464e99713991

    SHA256

    1063967df0b5d68609eb4da57043fce6fcde597f420e401ac009ee5378db88f6

    SHA512

    23bb38b05986566e73d59db162a4d8b1f9aa0396aa996f0f675f9dd29ec0835e930b1346d1315119a82903aa8db7318c5da164cd5cb26c847991c1c1ea05eee7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
    Filesize

    727B

    MD5

    b56ef82c98008d1730d873e5b1216f0d

    SHA1

    7932ff198c39e5ca5d46d513e22c7907e8282fd4

    SHA256

    b7a65caf0de8c757ba1d28eae861fcbd0e5bdf53fea7af1d25260edcd523eaf5

    SHA512

    aebf1a3c7d6b4a5b18aca73b073a15d00b0a3ae1de756e827e85833a6d96ca78e13778577869be4cb0f6d10cfb6a1409205920030fb4ed0fe45c14446d4e9a60

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
    Filesize

    400B

    MD5

    2543d39ec7ac9b8b4b0da67b794bdcea

    SHA1

    b6832704e6d865610834436a338a82ebd8878322

    SHA256

    1eb4bc0ab047adf29d0306a03d79e4ae4599f1bded4f60e4d62789ea3371bc2e

    SHA512

    0ba773af7d29768e14a993c3d63a5c56fc590c9da2628537a2af67a4a476376fa016686bb6429b01271facb4f6cb0686569aebdcccd3591a364f8808d9598f0c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
    Filesize

    404B

    MD5

    8d54d22ca524d822a585553618c7f371

    SHA1

    d3f4c7a02ba7bbc20be1ce8efe098aa063d466b4

    SHA256

    a07a64b58daa7965c7779c0800ad682df12f35898b3679b1e7f2e9700ad2b87c

    SHA512

    3348fa27581a375cfcf0937fc57eb51a6a32ee999364775aba999d8dddc030c65a6d041bbe5d9bf8c95dd5d5f3a4eaf75d6678273af28cb2845bcc77a06da93b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    54642dbcee12d9a0be80aeb043abe593

    SHA1

    0af1267534f797e755e55edf6ae19dd88a030634

    SHA256

    88ceb59131f14b3d6cdddb335715da2553cc2ed026fae273b0e462cf8d8d7a82

    SHA512

    3d8748f1a8a1e2dbebb78e944d70ab970beed291a11feb34e0c9dcdd8c773bde97f732f7bb830f803360c481befc80c45b820890f111cd472c90f1d8c970b243

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    323121780ade95ee6b53960df0823df2

    SHA1

    4d825414aa0c9c409a0e087c9983726f8ebf47ed

    SHA256

    20dfa5233935252ad1576b213cdc540ee9317fdd8fa9dae48bb413dd8bc9d21e

    SHA512

    2678936dc0940efe1a4f1f8b0a42e1d748ddd7f9b8cd8aabff6ae20e14f36481628c40150d81fe5b04d05af2e3d8c83146453c39d8d15c654662ac30734bd18a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
    Filesize

    412B

    MD5

    3001642017ee89e5099d01253f99f047

    SHA1

    95eac03153773e30518c8bf3651f32fd1c78b8db

    SHA256

    54295dc554cc7d1abfe5291c01fcd37955a5b116f9fc566c034809600f4078ff

    SHA512

    776a11e1ad2bdd4204d1ee57a6d5dfc096f1ca4292c698c1d424cec629003fb0688ec1a7197c5bc8e7804911f258130139d4655798b625d32e6ae36611be9c55

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab788C.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar7969.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\Installer\MSI9B57.tmp
    Filesize

    509KB

    MD5

    88d29734f37bdcffd202eafcdd082f9d

    SHA1

    823b40d05a1cab06b857ed87451bf683fdd56a5e

    SHA256

    87c97269e2b68898be87b884cd6a21880e6f15336b1194713e12a2db45f1dccf

    SHA512

    1343ed80dccf0fa4e7ae837b68926619d734bc52785b586a4f4102d205497d2715f951d9acacc8c3e5434a94837820493173040dc90fb7339a34b6f3ef0288d0

    Download Submit

  • C:\Windows\Installer\MSI9E93.tmp-\CustomAction.config
    Filesize

    1KB

    MD5

    bc17e956cde8dd5425f2b2a68ed919f8

    SHA1

    5e3736331e9e2f6bf851e3355f31006ccd8caa99

    SHA256

    e4ff538599c2d8e898d7f90ccf74081192d5afa8040e6b6c180f3aa0f46ad2c5

    SHA512

    02090daf1d5226b33edaae80263431a7a5b35a2ece97f74f494cc138002211e71498d42c260395ed40aee8e4a40474b395690b8b24e4aee19f0231da7377a940

    Download Submit

  • C:\Windows\Installer\MSI9E93.tmp-\Newtonsoft.Json.dll
    Filesize

    695KB

    MD5

    715a1fbee4665e99e859eda667fe8034

    SHA1

    e13c6e4210043c4976dcdc447ea2b32854f70cc6

    SHA256

    c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

    SHA512

    bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

    Download Submit

  • C:\Windows\Installer\MSIB013.tmp
    Filesize

    211KB

    MD5

    a3ae5d86ecf38db9427359ea37a5f646

    SHA1

    eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

    SHA256

    c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

    SHA512

    96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

    Download Submit

  • C:\Windows\Installer\f769ab9.msi
    Filesize

    2.9MB

    MD5

    7c2346e58afd0cc0337fc935cd41d9c4

    SHA1

    32189bee035e465d2df8bb15c5d168f8eff6f187

    SHA256

    9219d0815a0320d65356c84003ea6d80935ebf855d2b7fbda79c4f38057a1e78

    SHA512

    b7267d28ec63ce3b3a2bd247094bf1a4cc8891549a4d43f8875ba1e37f97f3a1a6bddcbc8f9be009fc12a3836dd9d759394ec5a38ef87c8425990d42ce3cb9e2

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
    Filesize

    1KB

    MD5

    55540a230bdab55187a841cfe1aa1545

    SHA1

    363e4734f757bdeb89868efe94907774a327695e

    SHA256

    d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

    SHA512

    c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    082930b0aedc521654b288ca08e9e748

    SHA1

    e6e4c67965e856c074fb3cf644ad06f0b225d491

    SHA256

    8d9993c2162c71de1a7f0b612abe6c51319d8e1d174e731b633bc22f7dce3456

    SHA512

    749bf225c0505c29dbcc0ba7a22db098168c18f9bbc6cfd349f5c688ff940d1c843e6a72bafd6f47a01b62fde32a8290ce23dfd864f129796d72355d1f7ac629

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    303f5f4861f030671fd79b2946ed84f1

    SHA1

    5ff4005e3ffc70b4af799cde676b5a4bad6b366b

    SHA256

    87fe0bf4eaa69a8aa13985f57c8741b4013460228e651a443658d5f613d2c7a7

    SHA512

    20b9ea0e4b136f3987524df00747378fa852b9b7acdb070e67259f472e96f05f3ed7b76811904b069667af3fe53777f07f76628b9eb8b29d6bd2842550a171e2

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e88f62ddf6ef7a334b481be2b586e6d8

    SHA1

    6c9afb451abf11f450561672c707e14f027a51a7

    SHA256

    adf26c9231953795d4f3ed91b766e49dfd76d14080f78b20ffecc2ea7123eb72

    SHA512

    fe399e0ab168c3f9191dbb83a159fca1c130048dd511817be8cd67a2962ef635e90c66a52d3811ac4415727885ac79e890b89608fd517db54032e8a6440d15de

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0fcacc1a95f970515e8e9ebe86d4ea01

    SHA1

    7a0a044b653def3525e516ea80bf457f15f9656e

    SHA256

    37851abbcb3a7afae2f9c39006909c8bd27595a445cf865312a0277b98aea661

    SHA512

    39dcdb5e6314666218654538e3eca4016567426d0e7a7495c2a1ef3070649ce373b94884982725789acf623a4b7e8d79c00419cd527c58d52d7bad789d8d0d42

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c93c8c36b4945fe62518d4d1097d5004

    SHA1

    2aa5b842a1b1534e10be769818b70177d0c1db21

    SHA256

    da6d8646d497b94daa2c097dee009e5f6f763b70fd70e6cc94294bb72d488d26

    SHA512

    be4668b669022e2c95625553857f8747380a8f847b186da97f8d1785d62dbd9cd1b5e7b6d6df54858b5150ca7487e8f9dfc9927b967bb077782e0d97e690e356

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    463dd1baffd0aaa64bcae1f76f4246f0

    SHA1

    c42d6c22993ec92bde50cacebad4c896b2003d5f

    SHA256

    fdaab5b3c2af0aaabbf0ff51155ad4eb5683f942d2bbf29870064b976a41f3d5

    SHA512

    b455ba3a562ab58fb7197d473137f37d66f712f62b61673ff9905ac48162d81936b51ad0a1e8608cf164e967d546101dcdb8d8a5fc35e633121a69a9d08de3e8

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a578f35ead3c549b126dfd0f64e77f3b

    SHA1

    539d90136e23b80ed9f7987cb5b9b13ff1938336

    SHA256

    cfa04bd26609c6b5253d7a844a9e48050988b713b35e6f105c5c1e306bea40d4

    SHA512

    b72585d565919f791f1e59dd40f46688162dc4b85e7ceafd08e47cd2a728ba1b898e52350061ccc662923a083b1a4d2a2bc2673f47697ad9ac2f22583ae37844

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    27f418b9d25cc96c9c39e520c69363c9

    SHA1

    4dc27e375134b48bc7ff9b9f087a446c538ac653

    SHA256

    8a95a6427b7fb729bdc1f3217a6b0033b92f38a7cb05f2bfc751b0550fe286d1

    SHA512

    7b15828e671698269e74b9b1b0efb38e6f1d6cab1d48a7475796e22fe0d3684b264ed3b2178f4e4ab2306362c55e96fa3b845746f9453170454b6d3390b4b5f8

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c770bb30b72af601c0b86cdff29b5fee

    SHA1

    41d45f306412f0264c5b4919cd3b278ca2f3ad92

    SHA256

    294d0dc9d46cf302091210cd435b192066fc49aef62be6a4556bf0910a645d23

    SHA512

    7ef86a38a5b363edb3ec9057ee0dab6fe0ed83dc8fa016cb8bcec5add124106df93b5410f5ca2d78267c54075822b81d1c1753d4bb0d7b0194ad9b6c5aa95843

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2e00772fb9080c5d6fd7bd2e1722f696

    SHA1

    d91a1cba921635db26e04d92e9a79614b23492c9

    SHA256

    098ccd915cdbdf9fa11f38f7e01dbe26d51b0b9ff271d26cfb9bca1dbf9837f9

    SHA512

    66a3422829cb45bb720b64c6de64981d24c1bd67ef86aeb36ea8fea50ab0d0fb12d109d7e18c46eaae095973e94486c454cb7c7e5b1b3cc08656243be5222531

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    30ba5cf9318327ef7e417130f1547ceb

    SHA1

    6fe167a8a0e58379646ecd656b580ce34c969405

    SHA256

    d04c596f17d10ff272241834051b962812fa6d36ce5281a9aca71aef211f10de

    SHA512

    0d5684eefbec62d831b41bec5ad5237110af6c360ee571223156ba9fb18c34d9850aa8ca4c4f6cd2620c3a6d41a1f13d597edf8abc8b451fec6da08ee4cab8f8

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    dffd5131f18b1357e2cfcd836acecb8a

    SHA1

    373e304260c747d02c922f315b78f367230bcc7a

    SHA256

    457eddbb2ce0aad2e18d3f98979de66ab5e39f80f691ee75cb9faac3ee7b1572

    SHA512

    133ae18f6547a3370f4ff6dd74959837f6c08d376b824007aebdeaecc12fc50ce762f3759fb505c802e8af3eb115f2cbc843624f624518c513a348fc170b3af7

    Download Submit

  • C:\Windows\Temp\CabC63C.tmp
    Filesize

    29KB

    MD5

    d59a6b36c5a94916241a3ead50222b6f

    SHA1

    e274e9486d318c383bc4b9812844ba56f0cff3c6

    SHA256

    a38d01d3f024e626d579cf052ac3bd4260bb00c34bc6085977a5f4135ab09b53

    SHA512

    17012307955fef045e7c13bf0613bd40df27c29778ba6572640b76c18d379e02dc478e855c9276737363d0ad09b9a94f2adaa85da9c77ebb3c2d427aa68e2489

    Download Submit

  • C:\Windows\Temp\TarC64E.tmp
    Filesize

    81KB

    MD5

    b13f51572f55a2d31ed9f266d581e9ea

    SHA1

    7eef3111b878e159e520f34410ad87adecf0ca92

    SHA256

    725980edc240c928bec5a5f743fdabeee1692144da7091cf836dc7d0997cef15

    SHA512

    f437202723b2817f2fef64b53d4eb67f782bdc61884c0c1890b46deca7ca63313ee2ad093428481f94edfcecd9c77da6e72b604998f7d551af959dbd6915809c

    Download Submit

  • \Windows\Installer\MSI9B57.tmp-\AlphaControlAgentInstallation.dll
    Filesize

    25KB

    MD5

    aa1b9c5c685173fad2dabebeb3171f01

    SHA1

    ed756b1760e563ce888276ff248c734b7dd851fb

    SHA256

    e44a6582cd3f84f4255d3c230e0a2c284e0cffa0ca5e62e4d749e089555494c7

    SHA512

    d3bfb4bd7e7fdb7159fbfc14056067c813ce52cdd91e885bdaac36820b5385fb70077bf58ec434d31a5a48245eb62b6794794618c73fe7953f79a4fc26592334

    Download Submit

  • \Windows\Installer\MSI9B57.tmp-\Microsoft.Deployment.WindowsInstaller.dll
    Filesize

    179KB

    MD5

    1a5caea6734fdd07caa514c3f3fb75da

    SHA1

    f070ac0d91bd337d7952abd1ddf19a737b94510c

    SHA256

    cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

    SHA512

    a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

    Download Submit

  • memory/1524-72-0x00000000004A0000-0x00000000004CE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1524-76-0x00000000004D0000-0x00000000004DC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1676-295-0x000000001A790000-0x000000001A842000-memory.dmp

    Filesize

    712KB

    Download

  • memory/1676-1254-0x0000000019C10000-0x0000000019C48000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2060-305-0x0000000000390000-0x00000000003BE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2060-313-0x00000000047D0000-0x0000000004882000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2060-309-0x00000000003F0000-0x00000000003FC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2852-1363-0x0000000000350000-0x0000000000392000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2852-1366-0x0000000000B50000-0x0000000000C00000-memory.dmp

    Filesize

    704KB

    Download

  • memory/2852-1368-0x00000000003C0000-0x00000000003DC000-memory.dmp

    Filesize

    112KB

    Download

  • memory/2964-245-0x000000001A660000-0x000000001A6F8000-memory.dmp

    Filesize

    608KB

    Download

  • memory/2964-233-0x0000000000A80000-0x0000000000AA8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/3016-109-0x0000000004B50000-0x0000000004C02000-memory.dmp

    Filesize

    712KB

    Download

  • memory/3016-105-0x0000000000BB0000-0x0000000000BBC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/3016-101-0x0000000000B20000-0x0000000000B4E000-memory.dmp

    Filesize

    184KB

    Download