Overview

overview

10

Static

static

10

acrobat.msi

windows7-x64

10

acrobat.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    93s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/01/2025, 20:32 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    acrobat.msi

  • Size

    2.9MB

  • MD5

    c23d2701fc5830505ea5396018b22cd7

  • SHA1

    d1a34893e880cc7553a2d46473f713620ea40455

  • SHA256

    95f69504eecf1d05ec672e8fe8c0f83ab276c98f2a6af700be2351c0d32b63f3

  • SHA512

    96c3f53c867b62013539ce2420e88aab48024621c82a2003aa558eb3ab115f0950e6b8efa35d1af291ad1a4054706663bc3b52c037c06407ed2e22199a32a92b

  • SSDEEP

    49152:k+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:k+lUlz9FKbsodq0YaH7ZPxMb8tT

Score
10/10
ateraagentdiscoverypersistenceprivilege_escalationrat

Malware Config

Signatures

  • AteraAgent

    AteraAgent is a remote monitoring and management tool.

    ratateraagent
  • Ateraagent family
    ateraagent
  • Detects AteraAgent 1 IoCs
  • Blocklisted process makes network request 4 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 14 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 17 IoCs
  • Drops file in Windows directory 35 IoCs
  • Executes dropped EXE 4 IoCs
  • Launches sc.exe 1 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Loads dropped DLL 31 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Kills process with taskkill 1 IoCs
    defense_evasion
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 22 IoCs
  • Modifies system certificate store 2 TTPs 8 IoCs
    defense_evasionspywaretrojan
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 37 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\acrobat.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:3468
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3996
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
        PID:1668
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 373239A23E3F9EAC0E971781C98FB62F
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3640
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSIB3EE.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240629000 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
          3⤵
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:548
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSIB74B.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240629593 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
          3⤵
          • Blocklisted process makes network request
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious use of AdjustPrivilegeToken
          PID:4488
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSIBB34.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240630593 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
          3⤵
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:2980
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSIC6D1.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240633562 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
          3⤵
          • Blocklisted process makes network request
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:4288
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 279834BC0522CC6D01711F28A51CD0E0 E Global\MSI0000
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4032
        • C:\Windows\SysWOW64\NET.exe
          "NET" STOP AteraAgent
          3⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:3476
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 STOP AteraAgent
            4⤵
            • System Location Discovery: System Language Discovery
            PID:5004
        • C:\Windows\SysWOW64\TaskKill.exe
          "TaskKill.exe" /f /im AteraAgent.exe
          3⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:5076
      • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
        "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="pauloalbuquerque.consultor@gmail.com" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000PryxLIAR" /AgentId="62631a91-876c-45d3-a825-d4c281093e0b"
        2⤵
        • Drops file in System32 directory
        • Drops file in Program Files directory
        • Executes dropped EXE
        • Modifies data under HKEY_USERS
        PID:3644
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Checks SCSI registry key(s)
      • Suspicious use of AdjustPrivilegeToken
      PID:388
    • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
      "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
      1⤵
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Modifies system certificate store
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:4316
      • C:\Windows\System32\sc.exe
        "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
        2⤵
        • Launches sc.exe
        PID:3624
      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 62631a91-876c-45d3-a825-d4c281093e0b "b3603930-24fe-457d-b930-d5519d14b6b2" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000PryxLIAR
        2⤵
        • Drops file in System32 directory
        • Executes dropped EXE
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        PID:3572
      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 62631a91-876c-45d3-a825-d4c281093e0b "700d3692-c11c-4473-afa2-85f5f9859eef" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000PryxLIAR
        2⤵
        • Executes dropped EXE
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        PID:876

    Network

    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN PTR
      dnsgoogle
    • flag-us
      DNS
      196.249.167.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      196.249.167.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      172.210.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.210.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      5.114.82.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      5.114.82.104.in-addr.arpa
      IN PTR
      Response
      5.114.82.104.in-addr.arpa
      IN PTR
      a104-82-114-5deploystaticakamaitechnologiescom
    • flag-us
      DNS
      23.159.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      23.159.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      228.249.119.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      228.249.119.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      9.18.192.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.18.192.23.in-addr.arpa
      IN PTR
      Response
      9.18.192.23.in-addr.arpa
      IN PTR
      a23-192-18-9deploystaticakamaitechnologiescom
    • flag-us
      DNS
      agent-api.atera.com
      AgentPackageAgentInformation.exe
      Remote address:
      8.8.8.8:53
      Request
      agent-api.atera.com
      IN A
      Response
      agent-api.atera.com
      IN CNAME
      agentsapi.trafficmanager.net
      agentsapi.trafficmanager.net
      IN CNAME
      atera-agent-api-eu.westeurope.cloudapp.azure.com
      atera-agent-api-eu.westeurope.cloudapp.azure.com
      IN A
      40.119.152.241
    • flag-nl
      POST
      https://agent-api.atera.com/Production/Agent/track-event
      rundll32.exe
      Remote address:
      40.119.152.241:443
      Request
      POST /Production/Agent/track-event HTTP/1.1
      X-Atera-AccountId: 001Q300000PryxLIAR
      Content-Type: application/json
      Host: agent-api.atera.com
      Content-Length: 130
      Expect: 100-continue
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Date: Mon, 27 Jan 2025 20:32:40 GMT
      Content-Length: 0
      Connection: keep-alive
      Request-Context: appId=cid-v1:dab78164-68e3-479b-97e3-bbc6914c52dc
    • flag-us
      DNS
      241.152.119.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      241.152.119.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      217.106.137.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      217.106.137.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      agent-api.atera.com
      AgentPackageAgentInformation.exe
      Remote address:
      8.8.8.8:53
      Request
      agent-api.atera.com
      IN A
      Response
      agent-api.atera.com
      IN CNAME
      agentsapi.trafficmanager.net
      agentsapi.trafficmanager.net
      IN CNAME
      atera-agent-api-eu.westeurope.cloudapp.azure.com
      atera-agent-api-eu.westeurope.cloudapp.azure.com
      IN A
      40.119.152.241
    • flag-nl
      POST
      https://agent-api.atera.com/Production/Agent/GetEnvironmentStatus
      AteraAgent.exe
      Remote address:
      40.119.152.241:443
      Request
      POST /Production/Agent/GetEnvironmentStatus HTTP/1.1
      Content-Type: application/json
      Host: agent-api.atera.com
      Content-Length: 38
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Date: Mon, 27 Jan 2025 20:32:44 GMT
      Content-Type: application/json; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Request-Context: appId=cid-v1:dab78164-68e3-479b-97e3-bbc6914c52dc
    • flag-nl
      POST
      https://agent-api.atera.com/Production/Agent/GetRecurringPackages
      AteraAgent.exe
      Remote address:
      40.119.152.241:443
      Request
      POST /Production/Agent/GetRecurringPackages HTTP/1.1
      Content-Type: application/x-www-form-urlencoded
      Host: agent-api.atera.com
      Content-Length: 44
      Response
      HTTP/1.1 200 OK
      Date: Mon, 27 Jan 2025 20:32:45 GMT
      Content-Type: application/json; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Request-Context: appId=cid-v1:dab78164-68e3-479b-97e3-bbc6914c52dc
    • flag-nl
      POST
      https://agent-api.atera.com/Production/Agent/AgentStarting
      AteraAgent.exe
      Remote address:
      40.119.152.241:443
      Request
      POST /Production/Agent/AgentStarting HTTP/1.1
      Content-Type: application/x-www-form-urlencoded
      Host: agent-api.atera.com
      Content-Length: 98
      Connection: Close
      Response
      HTTP/1.1 200 OK
      Date: Mon, 27 Jan 2025 20:32:45 GMT
      Content-Type: application/json; charset=utf-8
      Transfer-Encoding: chunked
      Connection: close
      Request-Context: appId=cid-v1:dab78164-68e3-479b-97e3-bbc6914c52dc
    • flag-nl
      POST
      https://agent-api.atera.com/Production/Agent/track-event
      rundll32.exe
      Remote address:
      40.119.152.241:443
      Request
      POST /Production/Agent/track-event HTTP/1.1
      X-Atera-AccountId: 001Q300000PryxLIAR
      Content-Type: application/json
      Host: agent-api.atera.com
      Content-Length: 142
      Expect: 100-continue
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Date: Mon, 27 Jan 2025 20:32:44 GMT
      Content-Length: 0
      Connection: keep-alive
      Request-Context: appId=cid-v1:dab78164-68e3-479b-97e3-bbc6914c52dc
    • flag-nl
      POST
      https://agent-api.atera.com/Production/Agent/GetCommands
      AteraAgent.exe
      Remote address:
      40.119.152.241:443
      Request
      POST /Production/Agent/GetCommands HTTP/1.1
      Content-Type: application/x-www-form-urlencoded
      Host: agent-api.atera.com
      Content-Length: 98
      Connection: Close
      Response
      HTTP/1.1 204 No Content
      Date: Mon, 27 Jan 2025 20:32:45 GMT
      Connection: close
      Request-Context: appId=cid-v1:dab78164-68e3-479b-97e3-bbc6914c52dc
    • flag-us
      DNS
      ps.pndsn.com
      AteraAgent.exe
      Remote address:
      8.8.8.8:53
      Request
      ps.pndsn.com
      IN A
      Response
      ps.pndsn.com
      IN A
      35.157.63.229
      ps.pndsn.com
      IN A
      35.157.63.228
    • flag-de
      GET
      https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0e9a8d99-f3d7-4daf-8db6-1ebc598ede5f&uuid=62631a91-876c-45d3-a825-d4c281093e0b
      AteraAgent.exe
      Remote address:
      35.157.63.229:443
      Request
      GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0e9a8d99-f3d7-4daf-8db6-1ebc598ede5f&uuid=62631a91-876c-45d3-a825-d4c281093e0b HTTP/1.1
      Host: ps.pndsn.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Date: Mon, 27 Jan 2025 20:32:45 GMT
      Content-Type: text/javascript; charset="UTF-8"
      Connection: keep-alive
      Content-Length: 19
      Cache-Control: no-cache
      Access-Control-Allow-Credentials: true
      Access-Control-Expose-Headers: *
    • flag-de
      GET
      https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d03818c8-f277-44e4-bc0a-d65cd5f29c0c&uuid=62631a91-876c-45d3-a825-d4c281093e0b
      AteraAgent.exe
      Remote address:
      35.157.63.229:443
      Request
      GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d03818c8-f277-44e4-bc0a-d65cd5f29c0c&uuid=62631a91-876c-45d3-a825-d4c281093e0b HTTP/1.1
      Host: ps.pndsn.com
      Response
      HTTP/1.1 200 OK
      Date: Mon, 27 Jan 2025 20:32:45 GMT
      Content-Type: text/javascript; charset="UTF-8"
      Connection: keep-alive
      Content-Length: 19
      Cache-Control: no-cache
      Access-Control-Allow-Credentials: true
      Access-Control-Expose-Headers: *
    • flag-de
      GET
      https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=7cbede2b-254b-4064-8e1b-dcfb0310f7b9&uuid=62631a91-876c-45d3-a825-d4c281093e0b
      AteraAgent.exe
      Remote address:
      35.157.63.229:443
      Request
      GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=7cbede2b-254b-4064-8e1b-dcfb0310f7b9&uuid=62631a91-876c-45d3-a825-d4c281093e0b HTTP/1.1
      Host: ps.pndsn.com
      Response
      HTTP/1.1 200 OK
      Date: Mon, 27 Jan 2025 20:32:45 GMT
      Content-Type: text/javascript; charset="UTF-8"
      Connection: keep-alive
      Content-Length: 19
      Cache-Control: no-cache
      Access-Control-Allow-Credentials: true
      Access-Control-Expose-Headers: *
    • flag-de
      GET
      https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=617079dd-e3b7-4379-9463-c2a0250090cb&uuid=62631a91-876c-45d3-a825-d4c281093e0b
      AteraAgent.exe
      Remote address:
      35.157.63.229:443
      Request
      GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=617079dd-e3b7-4379-9463-c2a0250090cb&uuid=62631a91-876c-45d3-a825-d4c281093e0b HTTP/1.1
      Host: ps.pndsn.com
      Response
      HTTP/1.1 200 OK
      Date: Mon, 27 Jan 2025 20:32:47 GMT
      Content-Type: text/javascript; charset="UTF-8"
      Connection: keep-alive
      Content-Length: 19
      Cache-Control: no-cache
      Access-Control-Allow-Credentials: true
      Access-Control-Expose-Headers: *
    • flag-de
      GET
      https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=1432b6f0-e903-476d-bf74-3b635fd4bc22&uuid=62631a91-876c-45d3-a825-d4c281093e0b
      AteraAgent.exe
      Remote address:
      35.157.63.229:443
      Request
      GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=1432b6f0-e903-476d-bf74-3b635fd4bc22&uuid=62631a91-876c-45d3-a825-d4c281093e0b HTTP/1.1
      Host: ps.pndsn.com
      Response
      HTTP/1.1 200 OK
      Date: Mon, 27 Jan 2025 20:33:32 GMT
      Content-Type: text/javascript; charset="UTF-8"
      Connection: keep-alive
      Content-Length: 19
      Cache-Control: no-cache
      Access-Control-Allow-Credentials: true
      Access-Control-Expose-Headers: *
    • flag-de
      GET
      https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/62631a91-876c-45d3-a825-d4c281093e0b/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=0fc6e1be-ad78-4b44-9d58-721df6ba69ca&uuid=62631a91-876c-45d3-a825-d4c281093e0b
      AteraAgent.exe
      Remote address:
      35.157.63.229:443
      Request
      GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/62631a91-876c-45d3-a825-d4c281093e0b/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=0fc6e1be-ad78-4b44-9d58-721df6ba69ca&uuid=62631a91-876c-45d3-a825-d4c281093e0b HTTP/1.1
      Cache-Control: no-cache
      Pragma: no-cache
      Content-Type: application/json
      Host: ps.pndsn.com
      Response
      HTTP/1.1 200 OK
      Date: Mon, 27 Jan 2025 20:33:32 GMT
      Content-Type: text/javascript; charset="UTF-8"
      Content-Length: 55
      Connection: keep-alive
      Access-Control-Allow-Methods: OPTIONS, GET, POST
      Age: 0
      Cache-Control: no-cache
      Accept-Ranges: bytes
      Access-Control-Allow-Credentials: true
      Access-Control-Expose-Headers: *
    • flag-de
      GET
      https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d2041223-b3d5-4e35-bcbc-1ec5fc59b960&uuid=62631a91-876c-45d3-a825-d4c281093e0b
      AteraAgent.exe
      Remote address:
      35.157.63.229:443
      Request
      GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d2041223-b3d5-4e35-bcbc-1ec5fc59b960&uuid=62631a91-876c-45d3-a825-d4c281093e0b HTTP/1.1
      Host: ps.pndsn.com
      Response
      HTTP/1.1 200 OK
      Date: Mon, 27 Jan 2025 20:34:05 GMT
      Content-Type: text/javascript; charset="UTF-8"
      Connection: keep-alive
      Content-Length: 19
      Cache-Control: no-cache
      Access-Control-Allow-Credentials: true
      Access-Control-Expose-Headers: *
    • flag-de
      GET
      https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=93a0c13d-72e9-42fc-bb2a-7f5b23e2c10c&uuid=62631a91-876c-45d3-a825-d4c281093e0b
      AteraAgent.exe
      Remote address:
      35.157.63.229:443
      Request
      GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=93a0c13d-72e9-42fc-bb2a-7f5b23e2c10c&uuid=62631a91-876c-45d3-a825-d4c281093e0b HTTP/1.1
      Host: ps.pndsn.com
      Response
      HTTP/1.1 200 OK
      Date: Mon, 27 Jan 2025 20:34:50 GMT
      Content-Type: text/javascript; charset="UTF-8"
      Connection: keep-alive
      Content-Length: 19
      Cache-Control: no-cache
      Access-Control-Allow-Credentials: true
      Access-Control-Expose-Headers: *
    • flag-de
      GET
      https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/62631a91-876c-45d3-a825-d4c281093e0b/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=7c9c75ba-3365-4fb7-af02-32d4a689a4f7&uuid=62631a91-876c-45d3-a825-d4c281093e0b
      AteraAgent.exe
      Remote address:
      35.157.63.229:443
      Request
      GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/62631a91-876c-45d3-a825-d4c281093e0b/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=7c9c75ba-3365-4fb7-af02-32d4a689a4f7&uuid=62631a91-876c-45d3-a825-d4c281093e0b HTTP/1.1
      Cache-Control: no-cache
      Pragma: no-cache
      Content-Type: application/json
      Host: ps.pndsn.com
      Response
      HTTP/1.1 200 OK
      Date: Mon, 27 Jan 2025 20:34:51 GMT
      Content-Type: text/javascript; charset="UTF-8"
      Content-Length: 55
      Connection: keep-alive
      Access-Control-Allow-Methods: OPTIONS, GET, POST
      Age: 0
      Cache-Control: no-cache
      Accept-Ranges: bytes
      Access-Control-Allow-Credentials: true
      Access-Control-Expose-Headers: *
    • flag-de
      GET
      https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/62631a91-876c-45d3-a825-d4c281093e0b/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=b6c75980-4c47-4700-a929-7eec781dbbb9&tt=0&uuid=62631a91-876c-45d3-a825-d4c281093e0b
      AteraAgent.exe
      Remote address:
      35.157.63.229:443
      Request
      GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/62631a91-876c-45d3-a825-d4c281093e0b/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=b6c75980-4c47-4700-a929-7eec781dbbb9&tt=0&uuid=62631a91-876c-45d3-a825-d4c281093e0b HTTP/1.1
      Cache-Control: no-cache
      Pragma: no-cache
      Content-Type: application/json
      Host: ps.pndsn.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Date: Mon, 27 Jan 2025 20:32:45 GMT
      Content-Type: text/javascript; charset="UTF-8"
      Content-Length: 45
      Connection: keep-alive
      Cache-Control: no-cache
      Access-Control-Allow-Methods: GET
      Access-Control-Allow-Credentials: true
      Access-Control-Expose-Headers: *
    • flag-de
      GET
      https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/62631a91-876c-45d3-a825-d4c281093e0b/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=a15d0e97-e330-4d99-8cdd-9da5b3535b40&tr=43&tt=17380099654812594&uuid=62631a91-876c-45d3-a825-d4c281093e0b
      AteraAgent.exe
      Remote address:
      35.157.63.229:443
      Request
      GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/62631a91-876c-45d3-a825-d4c281093e0b/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=a15d0e97-e330-4d99-8cdd-9da5b3535b40&tr=43&tt=17380099654812594&uuid=62631a91-876c-45d3-a825-d4c281093e0b HTTP/1.1
      Cache-Control: no-cache
      Pragma: no-cache
      Content-Type: application/json
      Host: ps.pndsn.com
      Response
      HTTP/1.1 200 OK
      Date: Mon, 27 Jan 2025 20:32:45 GMT
      Content-Type: text/javascript; charset="UTF-8"
      Content-Length: 1879
      Connection: keep-alive
      Cache-Control: no-cache
      Access-Control-Allow-Methods: GET
      Access-Control-Allow-Credentials: true
      Access-Control-Expose-Headers: *
    • flag-de
      GET
      https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/62631a91-876c-45d3-a825-d4c281093e0b/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=e1db34d4-15cc-444a-8846-612eb905b142&tr=43&tt=17380099658714477&uuid=62631a91-876c-45d3-a825-d4c281093e0b
      AteraAgent.exe
      Remote address:
      35.157.63.229:443
      Request
      GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/62631a91-876c-45d3-a825-d4c281093e0b/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=e1db34d4-15cc-444a-8846-612eb905b142&tr=43&tt=17380099658714477&uuid=62631a91-876c-45d3-a825-d4c281093e0b HTTP/1.1
      Cache-Control: no-cache
      Pragma: no-cache
      Content-Type: application/json
      Host: ps.pndsn.com
      Response
      HTTP/1.1 200 OK
      Date: Mon, 27 Jan 2025 20:32:47 GMT
      Content-Type: text/javascript; charset="UTF-8"
      Content-Length: 1869
      Connection: keep-alive
      Cache-Control: no-cache
      Access-Control-Allow-Methods: GET
      Access-Control-Allow-Credentials: true
      Access-Control-Expose-Headers: *
    • flag-de
      GET
      https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/62631a91-876c-45d3-a825-d4c281093e0b/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=23c58ea0-2037-4455-ac3b-872be50cd308&tr=43&tt=17380099673984591&uuid=62631a91-876c-45d3-a825-d4c281093e0b
      AteraAgent.exe
      Remote address:
      35.157.63.229:443
      Request
      GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/62631a91-876c-45d3-a825-d4c281093e0b/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=23c58ea0-2037-4455-ac3b-872be50cd308&tr=43&tt=17380099673984591&uuid=62631a91-876c-45d3-a825-d4c281093e0b HTTP/1.1
      Cache-Control: no-cache
      Pragma: no-cache
      Content-Type: application/json
      Host: ps.pndsn.com
      Response
      HTTP/1.1 200 OK
      Date: Mon, 27 Jan 2025 20:34:05 GMT
      Content-Type: text/javascript; charset="UTF-8"
      Content-Length: 45
      Connection: keep-alive
      Cache-Control: no-cache
      Access-Control-Allow-Methods: GET
      Access-Control-Allow-Credentials: true
      Access-Control-Expose-Headers: *
    • flag-de
      GET
      https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/62631a91-876c-45d3-a825-d4c281093e0b/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f6b41a49-4eb6-4c35-a3b1-195a03c96d5e&tr=43&tt=17380099673984591&uuid=62631a91-876c-45d3-a825-d4c281093e0b
      AteraAgent.exe
      Remote address:
      35.157.63.229:443
      Request
      GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/62631a91-876c-45d3-a825-d4c281093e0b/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f6b41a49-4eb6-4c35-a3b1-195a03c96d5e&tr=43&tt=17380099673984591&uuid=62631a91-876c-45d3-a825-d4c281093e0b HTTP/1.1
      Cache-Control: no-cache
      Pragma: no-cache
      Content-Type: application/json
      Host: ps.pndsn.com
    • flag-nl
      POST
      https://agent-api.atera.com/Production/Agent/AcknowledgeCommands
      AteraAgent.exe
      Remote address:
      40.119.152.241:443
      Request
      POST /Production/Agent/AcknowledgeCommands HTTP/1.1
      Content-Type: application/json
      Host: agent-api.atera.com
      Content-Length: 104
      Connection: Close
      Response
      HTTP/1.1 200 OK
      Date: Mon, 27 Jan 2025 20:32:46 GMT
      Content-Type: application/json; charset=utf-8
      Transfer-Encoding: chunked
      Connection: close
      Request-Context: appId=cid-v1:dab78164-68e3-479b-97e3-bbc6914c52dc
    • flag-us
      DNS
      ps.atera.com
      AteraAgent.exe
      Remote address:
      8.8.8.8:53
      Request
      ps.atera.com
      IN A
      Response
      ps.atera.com
      IN CNAME
      d25btwd9wax8gu.cloudfront.net
      d25btwd9wax8gu.cloudfront.net
      IN A
      99.84.9.56
      d25btwd9wax8gu.cloudfront.net
      IN A
      99.84.9.89
      d25btwd9wax8gu.cloudfront.net
      IN A
      99.84.9.5
      d25btwd9wax8gu.cloudfront.net
      IN A
      99.84.9.72
    • flag-gb
      GET
      https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/39.1/AgentPackageAgentInformation.zip?NC0B8fVIiyUM3YX9Y8oFebsnHpzxslPWmSDw5MukCabp0bRqtoREZe9h8cRaTPg6
      AteraAgent.exe
      Remote address:
      99.84.9.56:443
      Request
      GET /agentpackagesnet45/AgentPackageAgentInformation/39.1/AgentPackageAgentInformation.zip?NC0B8fVIiyUM3YX9Y8oFebsnHpzxslPWmSDw5MukCabp0bRqtoREZe9h8cRaTPg6 HTTP/1.1
      Host: ps.atera.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Content-Type: application/x-zip-compressed
      Content-Length: 392569
      Connection: keep-alive
      Content-MD5: 9vKXxwT09ME9UPlx2uo7Vg==
      Last-Modified: Sun, 26 Jan 2025 15:00:25 GMT
      ETag: 0x8DD3E1A2A3316C5
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 7c2ce6e3-c01e-0000-3d4f-707dca000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 27 Jan 2025 00:08:26 GMT
      X-Cache: Hit from cloudfront
      Via: 1.1 af0ad6fe38e7d108cc69818822aae89c.cloudfront.net (CloudFront)
      X-Amz-Cf-Pop: LHR62-C2
      X-Amz-Cf-Id: GXHe_Y9nZhTwHToi3xKEQIwWRVPn677Aclely-9pU3aElp_fESAG8A==
      Age: 73459
    • flag-us
      DNS
      229.63.157.35.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      229.63.157.35.in-addr.arpa
      IN PTR
      Response
      229.63.157.35.in-addr.arpa
      IN PTR
      ec2-35-157-63-229 eu-central-1compute amazonawscom
    • flag-us
      DNS
      56.9.84.99.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      56.9.84.99.in-addr.arpa
      IN PTR
      Response
      56.9.84.99.in-addr.arpa
      IN PTR
      server-99-84-9-56lhr62r cloudfrontnet
    • flag-nl
      POST
      https://agent-api.atera.com/Production/Agent/CommandResult
      AgentPackageAgentInformation.exe
      Remote address:
      40.119.152.241:443
      Request
      POST /Production/Agent/CommandResult HTTP/1.1
      X-PackageName: AgentPackageAgentInformation
      X-PackageVersion: 39.1.0.0
      X-AccountId: 001Q300000PryxLIAR
      Content-Type: application/json
      Host: agent-api.atera.com
      Content-Length: 468
      Expect: 100-continue
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Date: Mon, 27 Jan 2025 20:32:47 GMT
      Content-Length: 0
      Connection: keep-alive
      Request-Context: appId=cid-v1:dab78164-68e3-479b-97e3-bbc6914c52dc
    • flag-nl
      POST
      https://agent-api.atera.com/Production/Agent/AcknowledgeCommands
      AteraAgent.exe
      Remote address:
      40.119.152.241:443
      Request
      POST /Production/Agent/AcknowledgeCommands HTTP/1.1
      Content-Type: application/json
      Host: agent-api.atera.com
      Content-Length: 104
      Connection: Close
      Response
      HTTP/1.1 200 OK
      Date: Mon, 27 Jan 2025 20:32:47 GMT
      Content-Type: application/json; charset=utf-8
      Transfer-Encoding: chunked
      Connection: close
      Request-Context: appId=cid-v1:dab78164-68e3-479b-97e3-bbc6914c52dc
    • flag-nl
      POST
      https://agent-api.atera.com/Production/Agent/CommandResult
      AgentPackageAgentInformation.exe
      Remote address:
      40.119.152.241:443
      Request
      POST /Production/Agent/CommandResult HTTP/1.1
      X-PackageName: AgentPackageAgentInformation
      X-PackageVersion: 39.1.0.0
      X-AccountId: 001Q300000PryxLIAR
      Content-Type: application/json
      Host: agent-api.atera.com
      Content-Length: 468
      Expect: 100-continue
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Date: Mon, 27 Jan 2025 20:32:47 GMT
      Content-Length: 0
      Connection: keep-alive
      Request-Context: appId=cid-v1:dab78164-68e3-479b-97e3-bbc6914c52dc
    • flag-us
      DNS
      56.163.245.4.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      56.163.245.4.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      171.39.242.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      171.39.242.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      172.214.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.214.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      133.130.81.91.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      133.130.81.91.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      48.229.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      48.229.111.52.in-addr.arpa
      IN PTR
      Response
    • 40.119.152.241:443
      https://agent-api.atera.com/Production/Agent/track-event
      tls, http
      rundll32.exe
      1.1kB
       5.5kB
       9
      9

      HTTP Request

      POST https://agent-api.atera.com/Production/Agent/track-event

      HTTP Response

      200
    • 40.119.152.241:443
      https://agent-api.atera.com/Production/Agent/AgentStarting
      tls, http
      AteraAgent.exe
      2.2kB
       28.4kB
       23
      33

      HTTP Request

      POST https://agent-api.atera.com/Production/Agent/GetEnvironmentStatus

      HTTP Response

      200

      HTTP Request

      POST https://agent-api.atera.com/Production/Agent/GetRecurringPackages

      HTTP Response

      200

      HTTP Request

      POST https://agent-api.atera.com/Production/Agent/AgentStarting

      HTTP Response

      200
    • 40.119.152.241:443
      https://agent-api.atera.com/Production/Agent/track-event
      tls, http
      rundll32.exe
      1.1kB
       5.5kB
       9
      9

      HTTP Request

      POST https://agent-api.atera.com/Production/Agent/track-event

      HTTP Response

      200
    • 40.119.152.241:443
      https://agent-api.atera.com/Production/Agent/GetCommands
      tls, http
      AteraAgent.exe
      1.1kB
       5.5kB
       10
      12

      HTTP Request

      POST https://agent-api.atera.com/Production/Agent/GetCommands

      HTTP Response

      204
    • 35.157.63.229:443
      https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/62631a91-876c-45d3-a825-d4c281093e0b/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=7c9c75ba-3365-4fb7-af02-32d4a689a4f7&uuid=62631a91-876c-45d3-a825-d4c281093e0b
      tls, http
      AteraAgent.exe
      3.7kB
       9.5kB
       29
      29

      HTTP Request

      GET https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0e9a8d99-f3d7-4daf-8db6-1ebc598ede5f&uuid=62631a91-876c-45d3-a825-d4c281093e0b

      HTTP Response

      200

      HTTP Request

      GET https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d03818c8-f277-44e4-bc0a-d65cd5f29c0c&uuid=62631a91-876c-45d3-a825-d4c281093e0b

      HTTP Response

      200

      HTTP Request

      GET https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=7cbede2b-254b-4064-8e1b-dcfb0310f7b9&uuid=62631a91-876c-45d3-a825-d4c281093e0b

      HTTP Response

      200

      HTTP Request

      GET https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=617079dd-e3b7-4379-9463-c2a0250090cb&uuid=62631a91-876c-45d3-a825-d4c281093e0b

      HTTP Response

      200

      HTTP Request

      GET https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=1432b6f0-e903-476d-bf74-3b635fd4bc22&uuid=62631a91-876c-45d3-a825-d4c281093e0b

      HTTP Response

      200

      HTTP Request

      GET https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/62631a91-876c-45d3-a825-d4c281093e0b/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=0fc6e1be-ad78-4b44-9d58-721df6ba69ca&uuid=62631a91-876c-45d3-a825-d4c281093e0b

      HTTP Response

      200

      HTTP Request

      GET https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d2041223-b3d5-4e35-bcbc-1ec5fc59b960&uuid=62631a91-876c-45d3-a825-d4c281093e0b

      HTTP Response

      200

      HTTP Request

      GET https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=93a0c13d-72e9-42fc-bb2a-7f5b23e2c10c&uuid=62631a91-876c-45d3-a825-d4c281093e0b

      HTTP Response

      200

      HTTP Request

      GET https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/62631a91-876c-45d3-a825-d4c281093e0b/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=7c9c75ba-3365-4fb7-af02-32d4a689a4f7&uuid=62631a91-876c-45d3-a825-d4c281093e0b

      HTTP Response

      200
    • 35.157.63.229:443
      https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/62631a91-876c-45d3-a825-d4c281093e0b/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f6b41a49-4eb6-4c35-a3b1-195a03c96d5e&tr=43&tt=17380099673984591&uuid=62631a91-876c-45d3-a825-d4c281093e0b
      tls, http
      AteraAgent.exe
      3.3kB
       11.7kB
       23
      29

      HTTP Request

      GET https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/62631a91-876c-45d3-a825-d4c281093e0b/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=b6c75980-4c47-4700-a929-7eec781dbbb9&tt=0&uuid=62631a91-876c-45d3-a825-d4c281093e0b

      HTTP Response

      200

      HTTP Request

      GET https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/62631a91-876c-45d3-a825-d4c281093e0b/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=a15d0e97-e330-4d99-8cdd-9da5b3535b40&tr=43&tt=17380099654812594&uuid=62631a91-876c-45d3-a825-d4c281093e0b

      HTTP Response

      200

      HTTP Request

      GET https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/62631a91-876c-45d3-a825-d4c281093e0b/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=e1db34d4-15cc-444a-8846-612eb905b142&tr=43&tt=17380099658714477&uuid=62631a91-876c-45d3-a825-d4c281093e0b

      HTTP Response

      200

      HTTP Request

      GET https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/62631a91-876c-45d3-a825-d4c281093e0b/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=23c58ea0-2037-4455-ac3b-872be50cd308&tr=43&tt=17380099673984591&uuid=62631a91-876c-45d3-a825-d4c281093e0b

      HTTP Response

      200

      HTTP Request

      GET https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/62631a91-876c-45d3-a825-d4c281093e0b/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f6b41a49-4eb6-4c35-a3b1-195a03c96d5e&tr=43&tt=17380099673984591&uuid=62631a91-876c-45d3-a825-d4c281093e0b
    • 40.119.152.241:443
      https://agent-api.atera.com/Production/Agent/AcknowledgeCommands
      tls, http
      AteraAgent.exe
      1.1kB
       5.6kB
       10
      12

      HTTP Request

      POST https://agent-api.atera.com/Production/Agent/AcknowledgeCommands

      HTTP Response

      200
    • 99.84.9.56:443
      https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/39.1/AgentPackageAgentInformation.zip?NC0B8fVIiyUM3YX9Y8oFebsnHpzxslPWmSDw5MukCabp0bRqtoREZe9h8cRaTPg6
      tls, http
      AteraAgent.exe
      7.6kB
       410.4kB
       155
      300

      HTTP Request

      GET https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/39.1/AgentPackageAgentInformation.zip?NC0B8fVIiyUM3YX9Y8oFebsnHpzxslPWmSDw5MukCabp0bRqtoREZe9h8cRaTPg6

      HTTP Response

      200
    • 40.119.152.241:443
      https://agent-api.atera.com/Production/Agent/CommandResult
      tls, http
      AgentPackageAgentInformation.exe
      1.5kB
       5.5kB
       9
      9

      HTTP Request

      POST https://agent-api.atera.com/Production/Agent/CommandResult

      HTTP Response

      200
    • 40.119.152.241:443
      https://agent-api.atera.com/Production/Agent/AcknowledgeCommands
      tls, http
      AteraAgent.exe
      1.1kB
       5.6kB
       10
      12

      HTTP Request

      POST https://agent-api.atera.com/Production/Agent/AcknowledgeCommands

      HTTP Response

      200
    • 40.119.152.241:443
      https://agent-api.atera.com/Production/Agent/CommandResult
      tls, http
      AgentPackageAgentInformation.exe
      1.5kB
       5.5kB
       9
      9

      HTTP Request

      POST https://agent-api.atera.com/Production/Agent/CommandResult

      HTTP Response

      200
    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      66 B
       90 B
       1
      1

      DNS Request

      8.8.8.8.in-addr.arpa

    • 8.8.8.8:53
      196.249.167.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      196.249.167.52.in-addr.arpa

    • 8.8.8.8:53
      172.210.232.199.in-addr.arpa
      dns
      74 B
       128 B
       1
      1

      DNS Request

      172.210.232.199.in-addr.arpa

    • 8.8.8.8:53
      5.114.82.104.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      5.114.82.104.in-addr.arpa

    • 8.8.8.8:53
      23.159.190.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      23.159.190.20.in-addr.arpa

    • 8.8.8.8:53
      228.249.119.40.in-addr.arpa
      dns
      73 B
       159 B
       1
      1

      DNS Request

      228.249.119.40.in-addr.arpa

    • 8.8.8.8:53
      9.18.192.23.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      9.18.192.23.in-addr.arpa

    • 8.8.8.8:53
      agent-api.atera.com
      dns
      AgentPackageAgentInformation.exe
      65 B
       182 B
       1
      1

      DNS Request

      agent-api.atera.com

      DNS Response

      40.119.152.241

    • 8.8.8.8:53
      241.152.119.40.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      241.152.119.40.in-addr.arpa

    • 8.8.8.8:53
      217.106.137.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      217.106.137.52.in-addr.arpa

    • 8.8.8.8:53
      agent-api.atera.com
      dns
      AgentPackageAgentInformation.exe
      65 B
       182 B
       1
      1

      DNS Request

      agent-api.atera.com

      DNS Response

      40.119.152.241

    • 8.8.8.8:53
      ps.pndsn.com
      dns
      AteraAgent.exe
      58 B
       90 B
       1
      1

      DNS Request

      ps.pndsn.com

      DNS Response

      35.157.63.229
      35.157.63.228

    • 8.8.8.8:53
      ps.atera.com
      dns
      AteraAgent.exe
      58 B
       165 B
       1
      1

      DNS Request

      ps.atera.com

      DNS Response

      99.84.9.56
      99.84.9.89
      99.84.9.5
      99.84.9.72

    • 8.8.8.8:53
      229.63.157.35.in-addr.arpa
      dns
      72 B
       138 B
       1
      1

      DNS Request

      229.63.157.35.in-addr.arpa

    • 8.8.8.8:53
      56.9.84.99.in-addr.arpa
      dns
      69 B
       123 B
       1
      1

      DNS Request

      56.9.84.99.in-addr.arpa

    • 8.8.8.8:53
      56.163.245.4.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      56.163.245.4.in-addr.arpa

    • 8.8.8.8:53
      171.39.242.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      171.39.242.20.in-addr.arpa

    • 8.8.8.8:53
      172.214.232.199.in-addr.arpa
      dns
      74 B
       128 B
       1
      1

      DNS Request

      172.214.232.199.in-addr.arpa

    • 8.8.8.8:53
      133.130.81.91.in-addr.arpa
      dns
      72 B
       147 B
       1
      1

      DNS Request

      133.130.81.91.in-addr.arpa

    • 8.8.8.8:53
      48.229.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      48.229.111.52.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Config.Msi\e57b363.rbs
      Filesize

      8KB

      MD5

      aaa6dd09f078d19d127e86e1172d1610

      SHA1

      cae6a706dea30055e686d6afaa9f56d9df103839

      SHA256

      09dd303ff0f3a14876fbf4dbbe9b9b2da65cc66bd510f4bd5aacc59eae273d7d

      SHA512

      61b9cd068f5a699ba8cec7973c32a7a1b24e8d4f18e79887bea508dd4435612407388cb662aa9b6a6d0e6534f55f614f19d06ed5866f1c2e0e4f9287a6d02830

      Download Submit

    • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
      Filesize

      753B

      MD5

      8298451e4dee214334dd2e22b8996bdc

      SHA1

      bc429029cc6b42c59c417773ea5df8ae54dbb971

      SHA256

      6fbf5845a6738e2dc2aa67dd5f78da2c8f8cb41d866bbba10e5336787c731b25

      SHA512

      cda4ffd7d6c6dff90521c6a67a3dba27bf172cc87cee2986ae46dccd02f771d7e784dcad8aea0ad10decf46a1c8ae1041c184206ec2796e54756e49b9217d7ba

      Download Submit

    • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
      Filesize

      142KB

      MD5

      477293f80461713d51a98a24023d45e8

      SHA1

      e9aa4e6c514ee951665a7cd6f0b4a4c49146241d

      SHA256

      a96a0ba7998a6956c8073b6eff9306398cc03fb9866e4cabf0810a69bb2a43b2

      SHA512

      23f3bd44a5fb66be7fea3f7d6440742b657e4050b565c1f8f4684722502d46b68c9e54dcc2486e7de441482fcc6aa4ad54e94b1d73992eb5d070e2a17f35de2f

      Download Submit

    • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config
      Filesize

      1KB

      MD5

      b3bb71f9bb4de4236c26578a8fae2dcd

      SHA1

      1ad6a034ccfdce5e3a3ced93068aa216bd0c6e0e

      SHA256

      e505b08308622ad12d98e1c7a07e5dc619a2a00bcd4a5cbe04fe8b078bcf94a2

      SHA512

      fb6a46708d048a8f964839a514315b9c76659c8e1ab2cd8c5c5d8f312aa4fb628ab3ce5d23a793c41c13a2aa6a95106a47964dad72a5ecb8d035106fc5b7ba71

      Download Submit

    • C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll
      Filesize

      210KB

      MD5

      c106df1b5b43af3b937ace19d92b42f3

      SHA1

      7670fc4b6369e3fb705200050618acaa5213637f

      SHA256

      2b5b7a2afbc88a4f674e1d7836119b57e65fae6863f4be6832c38e08341f2d68

      SHA512

      616e45e1f15486787418a2b2b8eca50cacac6145d353ff66bf2c13839cd3db6592953bf6feed1469db7ddf2f223416d5651cd013fb32f64dc6c72561ab2449ae

      Download Submit

    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll
      Filesize

      693KB

      MD5

      2c4d25b7fbd1adfd4471052fa482af72

      SHA1

      fd6cd773d241b581e3c856f9e6cd06cb31a01407

      SHA256

      2a7a84768cc09a15362878b270371daad9872caacbbeebe7f30c4a7ed6c03ca7

      SHA512

      f7f94ec00435466db2fb535a490162b906d60a3cfa531a36c4c552183d62d58ccc9a6bb8bbfe39815844b0c3a861d3e1f1178e29dbcb6c09fa2e6ebbb7ab943a

      Download Submit

    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.INI
      Filesize

      12B

      MD5

      1e065e191e89cc811ff49c96fa8fa5e6

      SHA1

      bc50ff2a20a8b83683583684fcac640a91689ed4

      SHA256

      d88faf6d47342587ea5fbcaf2ef88fb403f7fcdc08fcab67d4f4f381c237a61e

      SHA512

      5a710e168316c30ca10f7b126e870621f46cca6200e206a9984d144abd11fea045bc475599b18597bbed1e4f00e832d94576837f643b22ffaee56871629290dd

      Download Submit

    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
      Filesize

      247KB

      MD5

      aa5cf64d575b7544eefd77f256c4dc57

      SHA1

      bd23989db4f9af0aae34d032e817d802c06ca5a9

      SHA256

      79c5afd94d0ffa3519a90e691a6d47f9c2eec93277f7d369aa34e64b171fc920

      SHA512

      774aeb5188c536d556a8c7a0cd3dfd9ab22d7bc0ad13353d11c9153232585da352552a69eb967a741372a99db490df355a5a47696b2ea446582c834c963cfeff

      Download Submit

    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config
      Filesize

      546B

      MD5

      158fb7d9323c6ce69d4fce11486a40a1

      SHA1

      29ab26f5728f6ba6f0e5636bf47149bd9851f532

      SHA256

      5e38ef232f42f9b0474f8ce937a478200f7a8926b90e45cb375ffda339ec3c21

      SHA512

      7eefcc5e65ab4110655e71bc282587e88242c15292d9c670885f0daae30fa19a4b059390eb8e934607b8b14105e3e25d7c5c1b926b6f93bdd40cbd284aaa3ceb

      Download Submit

    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll
      Filesize

      94KB

      MD5

      c69c7690482c75a8fc70df2990d7afc6

      SHA1

      79d72d32a03151823bbf0953d5c2ce6bc2bde4b1

      SHA256

      580415595e5936d5f3945e9eeee63f6f4dbacd327aa46e2b7625b638715c27f5

      SHA512

      ed80ade3519345552ca74958efc9c122de840d2844baa08c94400f15168b6fc25377628a55ed12488ea790aaa40bc5bb77b6586de4f1ecd296902bbe36fba4f4

      Download Submit

    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll
      Filesize

      688KB

      MD5

      111e2e63bccead95bb5ffc53c9282070

      SHA1

      eaae7df21e291aa089bc101b1e265ca202be1225

      SHA256

      9615fe5fe63c48b13ffd8c9bc76170a9ed1cfea6a3d0901e857a1c6c6edaea76

      SHA512

      ffc818615fb30e24633c90b8f5a55c100b5f307414ec54e5a2914bb4ea36d3fb3aa6ed0e5815976a2f6d1b7f056e7da1f108a8eed81b458decebe721ad30b920

      Download Submit

    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll
      Filesize

      588KB

      MD5

      17d74c03b6bcbcd88b46fcc58fc79a0d

      SHA1

      bc0316e11c119806907c058d62513eb8ce32288c

      SHA256

      13774cc16c1254752ea801538bfb9a9d1328f8b4dd3ff41760ac492a245fbb15

      SHA512

      f1457a8596a4d4f9b98a7dcb79f79885fa28bd7fc09a606ad3cd6f37d732ec7e334a64458e51e65d839ddfcdf20b8b5676267aa8ced0080e8cf81a1b2291f030

      Download Submit

    • C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt
      Filesize

      228B

      MD5

      3132a826ef66b1df6b12e6c4fc719cd5

      SHA1

      54864a51fc361be85fb21dc99fba3fb16b6f2a98

      SHA256

      3303a64c9f78d072e5ef6255f87806df82f2086f7a1140eedea254f015d54a1b

      SHA512

      e9c074299dd18751f28efd83ad6bb04e8f141bc4462e4c9bce79d0306a1007a94266ccd00b68145b93e4e388732d14935161420666a55bdeb8901eae4c7950dd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
      Filesize

      471B

      MD5

      4baa10270f5eda4deb77ac3d8b18ca9a

      SHA1

      91d2402461106264ff2cb5ac878fc51b60f4bf64

      SHA256

      68f34dc20586badb0bdaac09507657905d1bf58e4f43c9a04cbea8e5c3f7f4e5

      SHA512

      95e3a98da670be2cdaa6df9545457e3b21b4e1c58168b7f982f9b476eb44b04ec9fc527c2611b3ec519816053c18468bda26330a7eca96f42478d03173253d3a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
      Filesize

      727B

      MD5

      bd1debba88d033375f8d7585cddd2792

      SHA1

      bfd496b8d60a98d2359cbc901ad9734bcd11fd3f

      SHA256

      cd988405416924e82347dfd8b0fb4ec293ac591fcefd5059054f673442623963

      SHA512

      9ef20e15b183d3ba30a20a7bdae65a2f3a425b83f1579ef0edb2e45e8cccc3159a1ee517f45bff1abc622ef9edfae045562daca8e27c00d7634ea7c1db67c0d4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
      Filesize

      727B

      MD5

      89daee5ebc3c014d0f256a3f30c582b9

      SHA1

      d4d6e0c11f56f6ffe44969d64083ebd76615e6e5

      SHA256

      ebc7f30c2c3ae32be08ec25566dd989a1d6f346b0562b2ad14ddc7eacbf69b18

      SHA512

      ac0e04ffeed3182e0b30cac0f271751373ad26dbc41a8bdfbcd630de30466736d8a6234014e0af181c91e0d71c67be5ac2522cb623b763b0624183d80035efce

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
      Filesize

      400B

      MD5

      6e0db46018ea0d5c8d2b6a3cc115de61

      SHA1

      db1342e70eadd5fdd5e12d471db7c4eddcd53489

      SHA256

      f1147de21602af401f5247f832ae4d32b1fe1108d03d5c34d52bd049a53f43a7

      SHA512

      9dff0a13ddaf2e2f890f5aae9246d907d8533ab9d9d16ec9c79801ff307d386602d4831eeb9ac597863fc9206b47621e3216d27f071cb375dae06bb4334fd1c7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
      Filesize

      404B

      MD5

      08d496bdabf0c81f05bdcc2c312a9b1e

      SHA1

      36f46f7e6d39353e54987f001570805c8e3e4fc9

      SHA256

      c522bbccf0bf3cd3ec31a268e7fcc36211489a1f34537842cf54cb88c0b1c748

      SHA512

      a8208466e04b363ef7944c8c3127f48eefd4a81397455a8c44920b548718cba2adbafd65cb667cf444225f2426dab552886a3da17ab6a854fed33d2355cc334e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
      Filesize

      412B

      MD5

      bffa8f6f89b95e09b82db3d789d92c15

      SHA1

      f38607c356056201b6fa9513df57592c389586ac

      SHA256

      88547bd2f18bdbb1c0d93cd398057d95b6e9bbd1ddf0b5f52ef0f6acd4d0c168

      SHA512

      b2dceb8e4adab5c8601dd2c2aa1a15f84e35debddf11121e04fb60e9af1ea390cd80373ca89e3688820bd079f95f8c15897980afbc406f32f5984befca3fa1fc

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log
      Filesize

      651B

      MD5

      9bbfe11735bac43a2ed1be18d0655fe2

      SHA1

      61141928bb248fd6e9cd5084a9db05a9b980fb3a

      SHA256

      549953bd4fc8acc868a9374ec684ebd9e7b23939adf551016f3433b642697b74

      SHA512

      a78c52b2ddc057dabf260eeb744b9f55eab3374ad96e1938a291d2b17f204a0d6e1aa02802de75f0b2cd6d156540d2ddee15e889b89d5e619207054df4c1d483

      Download Submit

    • C:\Windows\Installer\MSIB3EE.tmp
      Filesize

      509KB

      MD5

      88d29734f37bdcffd202eafcdd082f9d

      SHA1

      823b40d05a1cab06b857ed87451bf683fdd56a5e

      SHA256

      87c97269e2b68898be87b884cd6a21880e6f15336b1194713e12a2db45f1dccf

      SHA512

      1343ed80dccf0fa4e7ae837b68926619d734bc52785b586a4f4102d205497d2715f951d9acacc8c3e5434a94837820493173040dc90fb7339a34b6f3ef0288d0

      Download Submit

    • C:\Windows\Installer\MSIB3EE.tmp-\AlphaControlAgentInstallation.dll
      Filesize

      25KB

      MD5

      aa1b9c5c685173fad2dabebeb3171f01

      SHA1

      ed756b1760e563ce888276ff248c734b7dd851fb

      SHA256

      e44a6582cd3f84f4255d3c230e0a2c284e0cffa0ca5e62e4d749e089555494c7

      SHA512

      d3bfb4bd7e7fdb7159fbfc14056067c813ce52cdd91e885bdaac36820b5385fb70077bf58ec434d31a5a48245eb62b6794794618c73fe7953f79a4fc26592334

      Download Submit

    • C:\Windows\Installer\MSIB3EE.tmp-\Microsoft.Deployment.WindowsInstaller.dll
      Filesize

      179KB

      MD5

      1a5caea6734fdd07caa514c3f3fb75da

      SHA1

      f070ac0d91bd337d7952abd1ddf19a737b94510c

      SHA256

      cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

      SHA512

      a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

      Download Submit

    • C:\Windows\Installer\MSIB74B.tmp-\CustomAction.config
      Filesize

      1KB

      MD5

      bc17e956cde8dd5425f2b2a68ed919f8

      SHA1

      5e3736331e9e2f6bf851e3355f31006ccd8caa99

      SHA256

      e4ff538599c2d8e898d7f90ccf74081192d5afa8040e6b6c180f3aa0f46ad2c5

      SHA512

      02090daf1d5226b33edaae80263431a7a5b35a2ece97f74f494cc138002211e71498d42c260395ed40aee8e4a40474b395690b8b24e4aee19f0231da7377a940

      Download Submit

    • C:\Windows\Installer\MSIB74B.tmp-\Newtonsoft.Json.dll
      Filesize

      695KB

      MD5

      715a1fbee4665e99e859eda667fe8034

      SHA1

      e13c6e4210043c4976dcdc447ea2b32854f70cc6

      SHA256

      c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

      SHA512

      bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

      Download Submit

    • C:\Windows\Installer\MSIBCFB.tmp
      Filesize

      211KB

      MD5

      a3ae5d86ecf38db9427359ea37a5f646

      SHA1

      eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

      SHA256

      c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

      SHA512

      96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

      Download Submit

    • C:\Windows\Installer\e57b362.msi
      Filesize

      2.9MB

      MD5

      c23d2701fc5830505ea5396018b22cd7

      SHA1

      d1a34893e880cc7553a2d46473f713620ea40455

      SHA256

      95f69504eecf1d05ec672e8fe8c0f83ab276c98f2a6af700be2351c0d32b63f3

      SHA512

      96c3f53c867b62013539ce2420e88aab48024621c82a2003aa558eb3ab115f0950e6b8efa35d1af291ad1a4054706663bc3b52c037c06407ed2e22199a32a92b

      Download Submit

    • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
      Filesize

      404B

      MD5

      655201700efffb74d31e4449bca849c0

      SHA1

      db7dc45702156b8a9891dd940277e91197ffc38e

      SHA256

      6847ae1409fa2ab104116e05757585ed417f8855ed6ef98a3bbf64c3faf5d8a8

      SHA512

      fc45145539e2d84b5be9e35b6c289e63a6f65d7702766da6c33d876beeedfd3ad183b560e501bfe979d6910a7a404f4a43562755483de3d0e277b9e9ce483b1c

      Download Submit

    • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
      Filesize

      412B

      MD5

      0a96b451e9fad253bd3458486acd2fa4

      SHA1

      9b69bf0b641c868ee861773cc59d1bbb264682f3

      SHA256

      4b636eb08f56f8f574458c03c68eb588e4e61603d82a3351e5b971335e0d5a53

      SHA512

      7e6485279308fbca7f098b491def5bb6362cae71ded5d96d38d13f91e6073a78154a8cd0f112d44ade4206d3eada354860a0ce6de9382cb127ad2ceb5b64385e

      Download Submit

    • memory/548-39-0x0000000002780000-0x00000000027AE000-memory.dmp

      Filesize

      184KB

      Download

    • memory/548-43-0x00000000027C0000-0x00000000027CC000-memory.dmp

      Filesize

      48KB

      Download

    • memory/2980-110-0x0000000005150000-0x00000000051B6000-memory.dmp

      Filesize

      408KB

      Download

    • memory/3572-275-0x0000020266EA0000-0x0000020266F50000-memory.dmp

      Filesize

      704KB

      Download

    • memory/3572-277-0x000002024E1D0000-0x000002024E1EC000-memory.dmp

      Filesize

      112KB

      Download

    • memory/3572-272-0x000002024DCD0000-0x000002024DD12000-memory.dmp

      Filesize

      264KB

      Download

    • memory/3644-148-0x000001F569D10000-0x000001F569D38000-memory.dmp

      Filesize

      160KB

      Download

    • memory/3644-160-0x000001F56A350000-0x000001F56A3E8000-memory.dmp

      Filesize

      608KB

      Download

    • memory/3644-164-0x000001F56A2A0000-0x000001F56A2B2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/3644-165-0x000001F56A300000-0x000001F56A33C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/4316-241-0x000001CFED860000-0x000001CFED898000-memory.dmp

      Filesize

      224KB

      Download

    • memory/4316-205-0x000001CFECF50000-0x000001CFECF72000-memory.dmp

      Filesize

      136KB

      Download

    • memory/4316-200-0x000001CFED010000-0x000001CFED0C2000-memory.dmp

      Filesize

      712KB

      Download

    • memory/4488-80-0x0000000004AD0000-0x0000000004E24000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/4488-76-0x0000000004A10000-0x0000000004AC2000-memory.dmp

      Filesize

      712KB

      Download

    • memory/4488-79-0x00000000049A0000-0x00000000049C2000-memory.dmp

      Filesize

      136KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.