Overview

overview

10

Static

static

10

acrobat.msi

windows7-x64

10

acrobat.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    27-01-2025 20:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    acrobat.msi

  • Size

    2.9MB

  • MD5

    c23d2701fc5830505ea5396018b22cd7

  • SHA1

    d1a34893e880cc7553a2d46473f713620ea40455

  • SHA256

    95f69504eecf1d05ec672e8fe8c0f83ab276c98f2a6af700be2351c0d32b63f3

  • SHA512

    96c3f53c867b62013539ce2420e88aab48024621c82a2003aa558eb3ab115f0950e6b8efa35d1af291ad1a4054706663bc3b52c037c06407ed2e22199a32a92b

  • SSDEEP

    49152:k+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:k+lUlz9FKbsodq0YaH7ZPxMb8tT

Score
10/10
ateraagentdiscoverypersistenceprivilege_escalationrat

Malware Config

Signatures

  • AteraAgent

    AteraAgent is a remote monitoring and management tool.

    ratateraagent
  • Ateraagent family
    ateraagent
  • Detects AteraAgent 1 IoCs
  • Blocklisted process makes network request 8 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 20 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 18 IoCs
  • Drops file in Windows directory 37 IoCs
  • Executes dropped EXE 3 IoCs
  • Launches sc.exe 1 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Loads dropped DLL 35 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Kills process with taskkill 1 IoCs
    defense_evasion
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 22 IoCs
  • Modifies system certificate store 2 TTPs 4 IoCs
    defense_evasionspywaretrojan
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 63 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\acrobat.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2060
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2900
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 33DB525115A41227AD31C01786499100
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2288
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI3600.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259471236 1 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
        3⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:1312
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI3D90.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259472828 5 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
        3⤵
        • Blocklisted process makes network request
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:2588
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI5D7F.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259480971 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
        3⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:2760
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI7C4C.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259488849 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
        3⤵
        • Blocklisted process makes network request
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:2520
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 5CDD0E03A7C03754FC4359A5243C638C M Global\MSI0000
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1880
      • C:\Windows\syswow64\NET.exe
        "NET" STOP AteraAgent
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2364
        • C:\Windows\SysWOW64\net1.exe
          C:\Windows\system32\net1 STOP AteraAgent
          4⤵
          • System Location Discovery: System Language Discovery
          PID:1640
      • C:\Windows\syswow64\TaskKill.exe
        "TaskKill.exe" /f /im AteraAgent.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Kills process with taskkill
        PID:2064
    • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
      "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="[email protected]" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000PryxLIAR" /AgentId="ae71ad19-3e6d-41c6-811a-8c613720fb74"
      2⤵
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      PID:2280
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3056
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000004B4" "0000000000000404"
    1⤵
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    PID:1496
  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
    "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Executes dropped EXE
    • Modifies data under HKEY_USERS
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1556
    • C:\Windows\System32\sc.exe
      "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
      2⤵
      • Launches sc.exe
      PID:3060
    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" ae71ad19-3e6d-41c6-811a-8c613720fb74 "c264d105-cd10-4a14-9aba-ee586b8145fd" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000PryxLIAR
      2⤵
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      PID:2740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Config.Msi\f77349a.rbs
    Filesize

    8KB

    MD5

    e6bee92ca15f679a720b320a333f846b

    SHA1

    9010bc6e03bfccfefcff8806b14ae58bf0ccf7a4

    SHA256

    d9e60e5441e45fce72eae87cc67aa3cf3baf911dd0d6cb6eca36e6ad695acb06

    SHA512

    1d1420d79366eaffce7971fb8a79def50403affaa810befce072ade582e9cba3507c6f3021e821735adcec4067199b63d047ebd86530e3cd48dd37cfb6cd9821

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
    Filesize

    753B

    MD5

    8298451e4dee214334dd2e22b8996bdc

    SHA1

    bc429029cc6b42c59c417773ea5df8ae54dbb971

    SHA256

    6fbf5845a6738e2dc2aa67dd5f78da2c8f8cb41d866bbba10e5336787c731b25

    SHA512

    cda4ffd7d6c6dff90521c6a67a3dba27bf172cc87cee2986ae46dccd02f771d7e784dcad8aea0ad10decf46a1c8ae1041c184206ec2796e54756e49b9217d7ba

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
    Filesize

    142KB

    MD5

    477293f80461713d51a98a24023d45e8

    SHA1

    e9aa4e6c514ee951665a7cd6f0b4a4c49146241d

    SHA256

    a96a0ba7998a6956c8073b6eff9306398cc03fb9866e4cabf0810a69bb2a43b2

    SHA512

    23f3bd44a5fb66be7fea3f7d6440742b657e4050b565c1f8f4684722502d46b68c9e54dcc2486e7de441482fcc6aa4ad54e94b1d73992eb5d070e2a17f35de2f

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config
    Filesize

    1KB

    MD5

    b3bb71f9bb4de4236c26578a8fae2dcd

    SHA1

    1ad6a034ccfdce5e3a3ced93068aa216bd0c6e0e

    SHA256

    e505b08308622ad12d98e1c7a07e5dc619a2a00bcd4a5cbe04fe8b078bcf94a2

    SHA512

    fb6a46708d048a8f964839a514315b9c76659c8e1ab2cd8c5c5d8f312aa4fb628ab3ce5d23a793c41c13a2aa6a95106a47964dad72a5ecb8d035106fc5b7ba71

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll
    Filesize

    210KB

    MD5

    c106df1b5b43af3b937ace19d92b42f3

    SHA1

    7670fc4b6369e3fb705200050618acaa5213637f

    SHA256

    2b5b7a2afbc88a4f674e1d7836119b57e65fae6863f4be6832c38e08341f2d68

    SHA512

    616e45e1f15486787418a2b2b8eca50cacac6145d353ff66bf2c13839cd3db6592953bf6feed1469db7ddf2f223416d5651cd013fb32f64dc6c72561ab2449ae

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll
    Filesize

    693KB

    MD5

    2c4d25b7fbd1adfd4471052fa482af72

    SHA1

    fd6cd773d241b581e3c856f9e6cd06cb31a01407

    SHA256

    2a7a84768cc09a15362878b270371daad9872caacbbeebe7f30c4a7ed6c03ca7

    SHA512

    f7f94ec00435466db2fb535a490162b906d60a3cfa531a36c4c552183d62d58ccc9a6bb8bbfe39815844b0c3a861d3e1f1178e29dbcb6c09fa2e6ebbb7ab943a

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.INI
    Filesize

    12B

    MD5

    1e065e191e89cc811ff49c96fa8fa5e6

    SHA1

    bc50ff2a20a8b83683583684fcac640a91689ed4

    SHA256

    d88faf6d47342587ea5fbcaf2ef88fb403f7fcdc08fcab67d4f4f381c237a61e

    SHA512

    5a710e168316c30ca10f7b126e870621f46cca6200e206a9984d144abd11fea045bc475599b18597bbed1e4f00e832d94576837f643b22ffaee56871629290dd

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
    Filesize

    247KB

    MD5

    aa5cf64d575b7544eefd77f256c4dc57

    SHA1

    bd23989db4f9af0aae34d032e817d802c06ca5a9

    SHA256

    79c5afd94d0ffa3519a90e691a6d47f9c2eec93277f7d369aa34e64b171fc920

    SHA512

    774aeb5188c536d556a8c7a0cd3dfd9ab22d7bc0ad13353d11c9153232585da352552a69eb967a741372a99db490df355a5a47696b2ea446582c834c963cfeff

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config
    Filesize

    546B

    MD5

    158fb7d9323c6ce69d4fce11486a40a1

    SHA1

    29ab26f5728f6ba6f0e5636bf47149bd9851f532

    SHA256

    5e38ef232f42f9b0474f8ce937a478200f7a8926b90e45cb375ffda339ec3c21

    SHA512

    7eefcc5e65ab4110655e71bc282587e88242c15292d9c670885f0daae30fa19a4b059390eb8e934607b8b14105e3e25d7c5c1b926b6f93bdd40cbd284aaa3ceb

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\log.txt
    Filesize

    23KB

    MD5

    c1cec37e1694cefea8f3513281fa9deb

    SHA1

    0f45738e40c8fe7c28965eb35c214db7af65e2dd

    SHA256

    fd10cedc6fe263707e68387ba6539764c022ca413ac3d11957eb6fad928769c8

    SHA512

    f98b0b5e15e671d25e8bc24dcb1c10a101ca4cd16819f47a0128f14ca3d44816aec1465adbf240ada78855b397aa4cf79cbed41cfd2fb6810e5658ea774264e3

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll
    Filesize

    588KB

    MD5

    17d74c03b6bcbcd88b46fcc58fc79a0d

    SHA1

    bc0316e11c119806907c058d62513eb8ce32288c

    SHA256

    13774cc16c1254752ea801538bfb9a9d1328f8b4dd3ff41760ac492a245fbb15

    SHA512

    f1457a8596a4d4f9b98a7dcb79f79885fa28bd7fc09a606ad3cd6f37d732ec7e334a64458e51e65d839ddfcdf20b8b5676267aa8ced0080e8cf81a1b2291f030

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt
    Filesize

    228B

    MD5

    2ca2721ae6a4eea5332a5f95e69247a3

    SHA1

    086b5c97f03b3a36b371bd66342cbb01cb4e87fa

    SHA256

    7cfbd74d46f30bc37a3690c3fe549bcc75e269f0e5228050e1cb7e6e559d43ca

    SHA512

    e4ba3bfbbffe40731a784e04b1df073b177f3e32dc023a97ca903fa9fbcb9ffb4067e5694b318cd3b74b284de1c5f8a8abebd072154e1d493e80129f96689654

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
    Filesize

    471B

    MD5

    4baa10270f5eda4deb77ac3d8b18ca9a

    SHA1

    91d2402461106264ff2cb5ac878fc51b60f4bf64

    SHA256

    68f34dc20586badb0bdaac09507657905d1bf58e4f43c9a04cbea8e5c3f7f4e5

    SHA512

    95e3a98da670be2cdaa6df9545457e3b21b4e1c58168b7f982f9b476eb44b04ec9fc527c2611b3ec519816053c18468bda26330a7eca96f42478d03173253d3a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
    Filesize

    727B

    MD5

    bd1debba88d033375f8d7585cddd2792

    SHA1

    bfd496b8d60a98d2359cbc901ad9734bcd11fd3f

    SHA256

    cd988405416924e82347dfd8b0fb4ec293ac591fcefd5059054f673442623963

    SHA512

    9ef20e15b183d3ba30a20a7bdae65a2f3a425b83f1579ef0edb2e45e8cccc3159a1ee517f45bff1abc622ef9edfae045562daca8e27c00d7634ea7c1db67c0d4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
    Filesize

    727B

    MD5

    89daee5ebc3c014d0f256a3f30c582b9

    SHA1

    d4d6e0c11f56f6ffe44969d64083ebd76615e6e5

    SHA256

    ebc7f30c2c3ae32be08ec25566dd989a1d6f346b0562b2ad14ddc7eacbf69b18

    SHA512

    ac0e04ffeed3182e0b30cac0f271751373ad26dbc41a8bdfbcd630de30466736d8a6234014e0af181c91e0d71c67be5ac2522cb623b763b0624183d80035efce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
    Filesize

    400B

    MD5

    1c50c3cbe0da414ceec5050db1623cc3

    SHA1

    3cfbc8677b69c6a0a6218a600ef21248d029ebe4

    SHA256

    8338fa70deb77eee588a59482d92437303553ec90bcd938ebf27f474c2c92886

    SHA512

    194cc4e925d5c88fc2ca06df8172f2f690dda5d43cd4f2d2408aac0e6d11cf06da38a83f904158440e8bb4729ee5a220298354008342aec35a4b4942e05b49ff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
    Filesize

    404B

    MD5

    460a63d947dfe157bf82f04ae13bbe8f

    SHA1

    83b3fad5ca85e8430139faca4f464d7b58cc456b

    SHA256

    5122d24e78ad4a430aea5ed4ec58dbaa688e0064a483343cfd89efe2a55e6fe0

    SHA512

    52c2fed5118ed3c6753e0613d849eb834f9f729aea2cf1a1551093965264a387f61aa7ca323d28d4052e17d11c6b6674cf0a17718ca9482536d8f9376acf1566

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    11de50044cc9146335752d7730f5475d

    SHA1

    b88b1af43b86b17c3be91355ed6c12e160033d25

    SHA256

    a31472746b556386de433e8ce0aeb9f8ea08e97a9fa86af7c4861c91e22fc368

    SHA512

    c3aec3d67cf969f3d6933420c4a3fb7abe530bfe96f2a2bcfd476f471242a8c5afb7353c3fb0ae65e316c17deff0567b08f4f79a6c88d8930a29953eb869727a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ca9b3451e45d1e5f6fd4edcf28157425

    SHA1

    55b48013077e6b93d3a1590246a9ed6f2ef66f6b

    SHA256

    f3241c6c320da9af4fb1d695501e3cb334802bc9424ec499e904e7b10b3093ee

    SHA512

    005a2256a1fa43f5f2ca0462802c715c52e1b0527e793216fe3899e06ea248b18bed95f2948f7038741182e4ae1f282664fa7e4ca03bd6abd51bfc897155925e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
    Filesize

    412B

    MD5

    2a15835b892a2aa1f97c7d8b2dc7c067

    SHA1

    fb0dc68affe336852b246ca3b3a1891ea7928ba9

    SHA256

    76ee6060cca2c8ea07a3dd561666d055ca7f678599b8ff79624e91daf78a01bf

    SHA512

    6b9ab13d9893cec6fbf588c4a2f6fdaf10c08dce2764736a151f15874efb55b131bcff2c63f3589e360e897513890a4bcd81ed16b54e4f71b7b3d8ab217a0b3d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    534bb6136e84057b81937cac9993c8e3

    SHA1

    2a7b277e094d5ceaabd8808459e2c7bf88782821

    SHA256

    aa3aec3f2b57c332d82a56affecbc31401dae796b745cef36a910579e6bb0359

    SHA512

    213373887f1d42af918c79070170da6838b7ea7e75012a39e796c3ece1ab81ed70cb8751d734ce41683cfe9a60362a971a0c169751b07a7c3286b24126444d24

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD155.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD3E7.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\Installer\MSI3600.tmp
    Filesize

    509KB

    MD5

    88d29734f37bdcffd202eafcdd082f9d

    SHA1

    823b40d05a1cab06b857ed87451bf683fdd56a5e

    SHA256

    87c97269e2b68898be87b884cd6a21880e6f15336b1194713e12a2db45f1dccf

    SHA512

    1343ed80dccf0fa4e7ae837b68926619d734bc52785b586a4f4102d205497d2715f951d9acacc8c3e5434a94837820493173040dc90fb7339a34b6f3ef0288d0

    Download Submit

  • C:\Windows\Installer\MSI3D90.tmp-\CustomAction.config
    Filesize

    1KB

    MD5

    bc17e956cde8dd5425f2b2a68ed919f8

    SHA1

    5e3736331e9e2f6bf851e3355f31006ccd8caa99

    SHA256

    e4ff538599c2d8e898d7f90ccf74081192d5afa8040e6b6c180f3aa0f46ad2c5

    SHA512

    02090daf1d5226b33edaae80263431a7a5b35a2ece97f74f494cc138002211e71498d42c260395ed40aee8e4a40474b395690b8b24e4aee19f0231da7377a940

    Download Submit

  • C:\Windows\Installer\MSI637A.tmp
    Filesize

    211KB

    MD5

    a3ae5d86ecf38db9427359ea37a5f646

    SHA1

    eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

    SHA256

    c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

    SHA512

    96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

    Download Submit

  • C:\Windows\Installer\f773498.msi
    Filesize

    2.9MB

    MD5

    c23d2701fc5830505ea5396018b22cd7

    SHA1

    d1a34893e880cc7553a2d46473f713620ea40455

    SHA256

    95f69504eecf1d05ec672e8fe8c0f83ab276c98f2a6af700be2351c0d32b63f3

    SHA512

    96c3f53c867b62013539ce2420e88aab48024621c82a2003aa558eb3ab115f0950e6b8efa35d1af291ad1a4054706663bc3b52c037c06407ed2e22199a32a92b

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
    Filesize

    1KB

    MD5

    55540a230bdab55187a841cfe1aa1545

    SHA1

    363e4734f757bdeb89868efe94907774a327695e

    SHA256

    d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

    SHA512

    c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    262ab78f10b62dbd7763f77b7c964335

    SHA1

    ce6d9acf8e30ea9225fa16fa1fd971cbcd549ad3

    SHA256

    f084dc642c491731e4f7f837778078b3e3197a4f8adee44da2e7c324f0715fb7

    SHA512

    5c37e2a05e8be0fa3a7e8f664be89165ab5485d6103184cfd9360de2b7e2dc2099dfd4c1bf99fcec4dfad28c6d6add9dfc75884fecad20a0ace7f812f9a4d3f7

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c625c16430fea7ea6e746180a438ca35

    SHA1

    da80f8f6459dc108bcd24c4b2837235d9317af2e

    SHA256

    83e3245f9eeca9ea0abbd2242a4bafe29f319a21c0f5a92df697d9133bf76338

    SHA512

    780685a6d6b67497299532e9cf5d91dad5c5821c6ddaf476eb247a5f2e0f6c1e3ccd45ad0633d1274549f6eaf95d0e1e5fa98165f50f6c141b74efeb05c05942

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    83c95866c5a9085f525def8dcc43893b

    SHA1

    f16e9c63faa1c63df214ac730da8300113f2ea7b

    SHA256

    0abcec39936b94435a002a51c78ad34a34470b7031e618be552524b87b973318

    SHA512

    13ba8519e0da460d4f42d8ff011102067faf6334eb3aa86adc67599cd49fa45f810522000cc03cba20aae172662cb92c5878e0ffdaa6e17eeb524d6c5305950a

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e3eaa1e3986b130a9ae472fdcc89ad34

    SHA1

    7042b989629d7b03cf50ccffebadab4ae8bc627c

    SHA256

    87a86987557a4499906dc6ac56a3af02aaf7a9bfc8347a0dfc23de67f0b93f9f

    SHA512

    21a3d9cec3aa51771c964098ef9cefa541e2cb59ec28c1b1df722ed97d516121978a5bd6486cbcc45e2b0bd9c961ec499221de98114c078a62e0eb1339d8c877

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    751c83e2b10633eeb3d495ac5416abbf

    SHA1

    4de9a9a063d9d553a1218219089ecc9d205e844e

    SHA256

    5847067eab490ac55536c38a20fdfec8869817845a0a0bad9813c1e7370c91a9

    SHA512

    eeaf263497d32e57c81f7c4677682b4609f5b671b4a2d169ea73cd8ad06aa2431111b9d22488c8332489a9977a1e44f3ec9d3aad8fb9a265bd59eaa644889ceb

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d3d2ef5317a69818dcdeb21e0ba15ede

    SHA1

    a58e0d851fa8c1820f705de57191e8c9dbd2f5ba

    SHA256

    59b81232f86c8ce044a3dc6236866e437a5dd62c4f4edb66a6a303521b5729a3

    SHA512

    73a6505272f660c46b8a69ca52787790883510e5ccb0b52f4a6e049d7598e32290a0729541942ea36ecaf2746fa961255e6e6316f30b01318b84b8f8c0fd1005

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f023566bc4aa11f796354e461d8231ec

    SHA1

    fdf919ce8ac481d9ec9d4cc0cf80d4eb75c2f96b

    SHA256

    f30fe98ac1782d94845fe5d7b4f2451b3b27f180c65ffcb26edbb310d9c3d3fe

    SHA512

    38dec202dc9b777c2b930bc4eef5a5d691d9bd169e71f13b850ae949cddb01f29d64cc3bad027f96aa4eac42d5b1c1d7ef6f0cf4fc2009094b2889adad4b3dfc

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    425d93f131e3748f60a9f0211f04c671

    SHA1

    263f0e221920fca7cbe717d382ec48ef4d275d5c

    SHA256

    1d73a2d6830e7f12e9dc6594746bf8111f83c9058f762e105915f03a3d7efe30

    SHA512

    0ce505f766d85db8c2cd77904ed75ecbbde550676823ad53a20a5e7c02274184f80188c4017bd98672112d58de2b5462bc5ececc5ae9f60f569069cc253ea252

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    51ed424662ae7ae652dce52b6c41768e

    SHA1

    8889d8304969e3d9da20539f7372b762ac32e174

    SHA256

    4d2ee362992a615708bca1c83ef9f4ddcb137084f02b68d0a8fc23b8f81ef59d

    SHA512

    ce3e0058676fa6ddb7f4edbd17298a416e1ba27bb50bcd5873a8ed158421a49a2772d1464013f0a91899b9a2a989ed5b0ab1ea67f64440f7fbcb2360f75ffa6b

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3dbdf367d1c9c7c40c93060248c087b5

    SHA1

    a8e1588be67da2d7c02f8946a1ec303dc279eff7

    SHA256

    13001e2e115cd04747bf0861b84e1b630d8d99904c6ed002ab4e587edc8d5120

    SHA512

    4251b7db52ef26c359426c65ef6bccc93431b68c8bc4696ced793c49b2e9a875f2c6baa34b43724b44cc55fa3e3b90c37e7803a08c7458cfd6cf5a59f0ac495e

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    38768495486402a6687256f4d1c90e08

    SHA1

    8cc1365ea99d94c2c32fa6a36a76c1717bf7aaea

    SHA256

    7f7bef3e5cf3b0a53cc59ad349049361980a291e54a4e4dce578a4803b82ffc8

    SHA512

    4e411bc670cc9d1864f96a855c27a2f6351df2b87def53a373dbb9dcf01c5eacf4664d506f52882a85703601a4b3100dd8873860283db8e9fd05b1293a738ebb

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9cea87ea7745c3ad1f80b13f78acac6e

    SHA1

    2bbf148850ff98f357178de3a35fa577fd4f782b

    SHA256

    5ae3db0c6dc0a29779d294229d3273b07eea106286b777dd223cc6bb29cae543

    SHA512

    e1205c816c9d6840a76102788deebc23708c9e6195e7a31370e4f8be80bd95cc4d3699fe99d4a2d7adface21eba03fd25114b91955e0fc4f0dcee925e7c522b0

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f3e710b1398c0002661a9ba5ed0de0cd

    SHA1

    d057bb3d430e8b71ebcae4f278d27bfd35ce2083

    SHA256

    634c7573fbf0a8f77a8afe952d3a3433c49999580406b498dd3de022de097a92

    SHA512

    c8a8805bd7b977d08c636bbee3810ced6a7269821ca71b6629c0c0ea83d7b61c5b6bc3848a649ce0b16aba3f48f494bbc6b835f02d76c94a1f90a1114b4f643c

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    b0d8cb8c4d8ecc2ef41ff01e0f79a8d2

    SHA1

    ee50910f0c0b1b99c595c4a5eaac14c405e0e5c3

    SHA256

    9bb7bda7bd4d303d0851e99540e3b704b2b7d0bcac940383fafca117129d2092

    SHA512

    de0b59a309eed5a27a569b228852069cbc0b1fd2dd3e7ce4d3c1670b5907190a18079f3e16e30883cc9d924c4bda945b17bbea0997a75c114d369ba79640052a

    Download Submit

  • C:\Windows\Temp\Cab8E4B.tmp
    Filesize

    29KB

    MD5

    d59a6b36c5a94916241a3ead50222b6f

    SHA1

    e274e9486d318c383bc4b9812844ba56f0cff3c6

    SHA256

    a38d01d3f024e626d579cf052ac3bd4260bb00c34bc6085977a5f4135ab09b53

    SHA512

    17012307955fef045e7c13bf0613bd40df27c29778ba6572640b76c18d379e02dc478e855c9276737363d0ad09b9a94f2adaa85da9c77ebb3c2d427aa68e2489

    Download Submit

  • C:\Windows\Temp\Tar8E6D.tmp
    Filesize

    81KB

    MD5

    b13f51572f55a2d31ed9f266d581e9ea

    SHA1

    7eef3111b878e159e520f34410ad87adecf0ca92

    SHA256

    725980edc240c928bec5a5f743fdabeee1692144da7091cf836dc7d0997cef15

    SHA512

    f437202723b2817f2fef64b53d4eb67f782bdc61884c0c1890b46deca7ca63313ee2ad093428481f94edfcecd9c77da6e72b604998f7d551af959dbd6915809c

    Download Submit

  • \Windows\Installer\MSI3600.tmp-\AlphaControlAgentInstallation.dll
    Filesize

    25KB

    MD5

    aa1b9c5c685173fad2dabebeb3171f01

    SHA1

    ed756b1760e563ce888276ff248c734b7dd851fb

    SHA256

    e44a6582cd3f84f4255d3c230e0a2c284e0cffa0ca5e62e4d749e089555494c7

    SHA512

    d3bfb4bd7e7fdb7159fbfc14056067c813ce52cdd91e885bdaac36820b5385fb70077bf58ec434d31a5a48245eb62b6794794618c73fe7953f79a4fc26592334

    Download Submit

  • \Windows\Installer\MSI3600.tmp-\Microsoft.Deployment.WindowsInstaller.dll
    Filesize

    179KB

    MD5

    1a5caea6734fdd07caa514c3f3fb75da

    SHA1

    f070ac0d91bd337d7952abd1ddf19a737b94510c

    SHA256

    cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

    SHA512

    a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

    Download Submit

  • \Windows\Installer\MSI3D90.tmp-\Newtonsoft.Json.dll
    Filesize

    695KB

    MD5

    715a1fbee4665e99e859eda667fe8034

    SHA1

    e13c6e4210043c4976dcdc447ea2b32854f70cc6

    SHA256

    c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

    SHA512

    bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

    Download Submit

  • memory/1312-76-0x0000000000870000-0x000000000087C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1312-72-0x00000000006B0000-0x00000000006DE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1556-309-0x000000001A4A0000-0x000000001A552000-memory.dmp

    Filesize

    712KB

    Download

  • memory/1556-1095-0x0000000019DE0000-0x0000000019E18000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2280-246-0x00000000012A0000-0x00000000012C8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2280-258-0x000000001B280000-0x000000001B318000-memory.dmp

    Filesize

    608KB

    Download

  • memory/2520-322-0x0000000001D20000-0x0000000001D2C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2520-326-0x00000000040A0000-0x0000000004152000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2520-318-0x0000000001FE0000-0x000000000200E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2588-101-0x0000000000370000-0x000000000039E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2588-105-0x0000000000410000-0x000000000041C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2588-109-0x0000000002220000-0x00000000022D2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2740-1312-0x0000000001270000-0x00000000012B2000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2740-1314-0x0000000000FB0000-0x0000000001060000-memory.dmp

    Filesize

    704KB

    Download

  • memory/2740-1315-0x0000000000170000-0x000000000018C000-memory.dmp

    Filesize

    112KB

    Download