Overview

overview

10

Static

static

10

Nota-fiscal2.1.msi

windows7-x64

10

Nota-fiscal2.1.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    04/02/2025, 21:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Nota-fiscal2.1.msi

  • Size

    2.9MB

  • MD5

    6032d2452e05a12f1449182deb3ab258

  • SHA1

    03a992f9020a003fe86e477ac28698afc16a73d3

  • SHA256

    394659c01bd981c3a4d5840fbd624c20e3270c9defc432ff3fe6ddb482b5ad46

  • SHA512

    1318d1844efe031d05499e642c9509422a9f92977b8b4c76d38c6c614d81813af4ec927d2dd807e9b7b205ab06ea1800eb4a082f1a89a4e3721a37301165e28d

  • SSDEEP

    49152:9+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:9+lUlz9FKbsodq0YaH7ZPxMb8tT

Score
10/10
ateraagentdiscoverypersistenceprivilege_escalationrat

Malware Config

Signatures

  • AteraAgent

    AteraAgent is a remote monitoring and management tool.

    ratateraagent
  • Ateraagent family
    ateraagent
  • Detects AteraAgent 1 IoCs
  • Blocklisted process makes network request 7 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 20 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 18 IoCs
  • Drops file in Windows directory 37 IoCs
  • Executes dropped EXE 3 IoCs
  • Launches sc.exe 1 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Loads dropped DLL 35 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Kills process with taskkill 1 IoCs
    defense_evasion
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 22 IoCs
  • Modifies system certificate store 2 TTPs 6 IoCs
    defense_evasionspywaretrojan
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 63 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Nota-fiscal2.1.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2680
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2608
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 3124A0E6172ED015D071C457C2FC85C9
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:344
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI8854.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259426558 1 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
        3⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:848
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI8B04.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259427088 5 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
        3⤵
        • Blocklisted process makes network request
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:2108
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI9DE9.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259431909 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
        3⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:1520
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSIAA10.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259435013 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
        3⤵
        • Blocklisted process makes network request
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:2436
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding E9BAA2DBDF3EB64618C027AA91241BD9 M Global\MSI0000
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2612
      • C:\Windows\syswow64\NET.exe
        "NET" STOP AteraAgent
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2760
        • C:\Windows\SysWOW64\net1.exe
          C:\Windows\system32\net1 STOP AteraAgent
          4⤵
          • System Location Discovery: System Language Discovery
          PID:2712
      • C:\Windows\syswow64\TaskKill.exe
        "TaskKill.exe" /f /im AteraAgent.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Kills process with taskkill
        PID:2772
    • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
      "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="[email protected]" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000QFoFLIA1" /AgentId="9836d431-3a1b-4c79-98ff-a5afbf321d27"
      2⤵
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      PID:2172
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3060
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "000000000000048C" "0000000000000494"
    1⤵
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    PID:2156
  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
    "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Executes dropped EXE
    • Modifies data under HKEY_USERS
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:768
    • C:\Windows\System32\sc.exe
      "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
      2⤵
      • Launches sc.exe
      PID:872
    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 9836d431-3a1b-4c79-98ff-a5afbf321d27 "cdb51bb3-10ac-4957-96ea-8a6c62e96d4f" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000QFoFLIA1
      2⤵
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      PID:2220

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Config.Msi\f7687f7.rbs
    Filesize

    8KB

    MD5

    24522e53f1058c1811efdc3e47791a7b

    SHA1

    589d976bf1de172a998a2c695e0a4e892c51d54b

    SHA256

    d209a8dad778f9cd01c2fef3b83f2f2a7401261352b498027def9942a272d6aa

    SHA512

    ac6d2977a8493ab517b6b9cd1186f73c8429c9e2559227338ce3742e43ba9e6a4f341eb150aec6ac6fe65360cb1fe6960724bae9857d8fa3cddf497efdee9757

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
    Filesize

    753B

    MD5

    8298451e4dee214334dd2e22b8996bdc

    SHA1

    bc429029cc6b42c59c417773ea5df8ae54dbb971

    SHA256

    6fbf5845a6738e2dc2aa67dd5f78da2c8f8cb41d866bbba10e5336787c731b25

    SHA512

    cda4ffd7d6c6dff90521c6a67a3dba27bf172cc87cee2986ae46dccd02f771d7e784dcad8aea0ad10decf46a1c8ae1041c184206ec2796e54756e49b9217d7ba

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
    Filesize

    142KB

    MD5

    477293f80461713d51a98a24023d45e8

    SHA1

    e9aa4e6c514ee951665a7cd6f0b4a4c49146241d

    SHA256

    a96a0ba7998a6956c8073b6eff9306398cc03fb9866e4cabf0810a69bb2a43b2

    SHA512

    23f3bd44a5fb66be7fea3f7d6440742b657e4050b565c1f8f4684722502d46b68c9e54dcc2486e7de441482fcc6aa4ad54e94b1d73992eb5d070e2a17f35de2f

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config
    Filesize

    1KB

    MD5

    b3bb71f9bb4de4236c26578a8fae2dcd

    SHA1

    1ad6a034ccfdce5e3a3ced93068aa216bd0c6e0e

    SHA256

    e505b08308622ad12d98e1c7a07e5dc619a2a00bcd4a5cbe04fe8b078bcf94a2

    SHA512

    fb6a46708d048a8f964839a514315b9c76659c8e1ab2cd8c5c5d8f312aa4fb628ab3ce5d23a793c41c13a2aa6a95106a47964dad72a5ecb8d035106fc5b7ba71

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll
    Filesize

    210KB

    MD5

    c106df1b5b43af3b937ace19d92b42f3

    SHA1

    7670fc4b6369e3fb705200050618acaa5213637f

    SHA256

    2b5b7a2afbc88a4f674e1d7836119b57e65fae6863f4be6832c38e08341f2d68

    SHA512

    616e45e1f15486787418a2b2b8eca50cacac6145d353ff66bf2c13839cd3db6592953bf6feed1469db7ddf2f223416d5651cd013fb32f64dc6c72561ab2449ae

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll
    Filesize

    693KB

    MD5

    2c4d25b7fbd1adfd4471052fa482af72

    SHA1

    fd6cd773d241b581e3c856f9e6cd06cb31a01407

    SHA256

    2a7a84768cc09a15362878b270371daad9872caacbbeebe7f30c4a7ed6c03ca7

    SHA512

    f7f94ec00435466db2fb535a490162b906d60a3cfa531a36c4c552183d62d58ccc9a6bb8bbfe39815844b0c3a861d3e1f1178e29dbcb6c09fa2e6ebbb7ab943a

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.INI
    Filesize

    12B

    MD5

    1e065e191e89cc811ff49c96fa8fa5e6

    SHA1

    bc50ff2a20a8b83683583684fcac640a91689ed4

    SHA256

    d88faf6d47342587ea5fbcaf2ef88fb403f7fcdc08fcab67d4f4f381c237a61e

    SHA512

    5a710e168316c30ca10f7b126e870621f46cca6200e206a9984d144abd11fea045bc475599b18597bbed1e4f00e832d94576837f643b22ffaee56871629290dd

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
    Filesize

    247KB

    MD5

    aa5cf64d575b7544eefd77f256c4dc57

    SHA1

    bd23989db4f9af0aae34d032e817d802c06ca5a9

    SHA256

    79c5afd94d0ffa3519a90e691a6d47f9c2eec93277f7d369aa34e64b171fc920

    SHA512

    774aeb5188c536d556a8c7a0cd3dfd9ab22d7bc0ad13353d11c9153232585da352552a69eb967a741372a99db490df355a5a47696b2ea446582c834c963cfeff

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config
    Filesize

    546B

    MD5

    158fb7d9323c6ce69d4fce11486a40a1

    SHA1

    29ab26f5728f6ba6f0e5636bf47149bd9851f532

    SHA256

    5e38ef232f42f9b0474f8ce937a478200f7a8926b90e45cb375ffda339ec3c21

    SHA512

    7eefcc5e65ab4110655e71bc282587e88242c15292d9c670885f0daae30fa19a4b059390eb8e934607b8b14105e3e25d7c5c1b926b6f93bdd40cbd284aaa3ceb

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\log.txt
    Filesize

    23KB

    MD5

    63ddd745cd7bb1051396b087b2085e15

    SHA1

    9f8009f0709d22d4a7eb4b1bcdda461d72af7271

    SHA256

    8928e23c134af2ac928d6c25e1b9c3e34419111a6d4dd9e82426e6c784017679

    SHA512

    6e5aeec7e1076681e372ca5da7982b9cb048a160eb6cc86d75223712006d828b7476989ca595636e09484aed1a0b9f0f8d083587caf79617484e0ff5bd011fec

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll
    Filesize

    588KB

    MD5

    17d74c03b6bcbcd88b46fcc58fc79a0d

    SHA1

    bc0316e11c119806907c058d62513eb8ce32288c

    SHA256

    13774cc16c1254752ea801538bfb9a9d1328f8b4dd3ff41760ac492a245fbb15

    SHA512

    f1457a8596a4d4f9b98a7dcb79f79885fa28bd7fc09a606ad3cd6f37d732ec7e334a64458e51e65d839ddfcdf20b8b5676267aa8ced0080e8cf81a1b2291f030

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt
    Filesize

    218B

    MD5

    00c6ad78b12156fe8de23ee7343a3662

    SHA1

    49a1e1d61542a2b8bc0079e9a390a7e04faf935b

    SHA256

    3f228dcd0e3b7e66b321e5b77c97f2fefd895ae0d4659da78cb293a53fcd15d4

    SHA512

    a92207ad65149e7d57cb7479fd46aacba88ee5b3d71747ac1f1a636a1c219962f2cc9e52ae74867e3fc35e6e5550725bab4c3aab03c9420f6d99a357171de8b8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
    Filesize

    471B

    MD5

    a92359bcd40ab68df3b2a726b293703e

    SHA1

    03af49fbe93ce7312ceb352c712941d1ac5fd2f0

    SHA256

    e61fca89129e6e9eecaafaa8612f1d82efb267b900a8ca27427fa0b32e065c63

    SHA512

    f2f2ff4c354ce68642ec37357e40c28cfc2449bfa9971ffe59c800a50287f8a39b5729a6fb2aaf8f23b9f45ea3e478a9f12dbba0479d93e4c2c598263aa7ce92

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
    Filesize

    727B

    MD5

    62f50b09757845b91a11afe304f912e7

    SHA1

    ca2093d46e2a9138ef71e5cb6d53d6ced356ec76

    SHA256

    9979dad90650f1a6d82d38cb84e4055e46b88f28bcc099b51cd5e2444cc280e9

    SHA512

    6b54ad0a12455914f3140a1f5341807cbd97470419109470eabab6cfa1083b703dfd19ea276caba534777bcc8265d80659e6d8db06bc03de57fb6fb3d9e68133

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
    Filesize

    727B

    MD5

    7ede1c2319349ee09eef9b918f848ee1

    SHA1

    907bc671d8865713c6c6758ab35d880bc195cd26

    SHA256

    0091300b2b650fad4fdf32c8681ca431aa280403bb7afec50e1e3b2232537c9e

    SHA512

    673710e89af144f22a6a69011341e48681cf2b46ec58fa7ceed13688f3dfa17e5c8ea9f8054cb99c054864ec980fa0acebdb480ce9abf4d1d7a8ec46dcfb5866

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
    Filesize

    400B

    MD5

    3c79315fb11b465f713ac8ad7fef442c

    SHA1

    b39e0d6d208a4828becde7df8b0fff4e7b2cdaaa

    SHA256

    2503bd631242648d1c93b7c1d22c1f1bcf0837b728967fea41760d2daf66d332

    SHA512

    99ce0e5717b8f6d7a134f43db1f50568b4d62f373eb732b038a1aa979e1e6f4a8c3b746f75af463c4cdb1d93a1453e35f72b4943e313318086218582230e55e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
    Filesize

    404B

    MD5

    06bd09969a107b780174c5e4a0932bbb

    SHA1

    04a64f0ecd4bf92a4687f73ab089e95736e1f543

    SHA256

    86bc0f659c2068ff10673b41d26cb9056191f4ba9fc38b599dbfbe84adf425a0

    SHA512

    8b3bce83118a42c509e92974bf44fd92784cfaa4e981bff82a94cb178076dd9c3447e69c10556f8936f5f8d4c1164a5fdb40db340840e636ffa55b440376f1ed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0e71c48f3023a313df68a29792dd9e4a

    SHA1

    c975f6f0f908bc4387a0ef19e63d4d49fe39273b

    SHA256

    80c34a03ef7895d22a64d45c4d9ea8567d7e3833e329211c0029800d69790dc8

    SHA512

    8a210605c1bd6eb3498997be777d10c944bd2dcd768ca32370277216d09a2e08214c63f9ca1096d50af1277b05ff4d3f0d4bb2cb626a56a9b11e04d643bc4700

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ed778244736159e42eeae5cd7e47c7c0

    SHA1

    08786dd2a8d36d1e8595d117952aa757e42e8bef

    SHA256

    520f4e44182cbc2262779e52446e0d7aa83e0a44eabe50f56a92d5115f540f2f

    SHA512

    2a7b2cda638f17bb47328e6f30d18f14a718081f20aa350b7d1c89b41fb58d3d2d09c04a9941b32f114416e6df6ac6c81ffe4dae03eefe0dc2f32d2f04184f9b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
    Filesize

    412B

    MD5

    16d0e34f24a7835be8121d0e49dc2a0e

    SHA1

    bfd6bede424eed507047955e0d70179d5a588dee

    SHA256

    d9137be7eccde370d066717fb24c2feedeab1787fd19a6d1b86da5da427787b0

    SHA512

    6b75925521420d9c0ae14f8fbe0f1fce92eb0c54623a39e8b8bcbb670a03cec3604a39e7577eac39fdd4f7cc574eac0609c9c2300e0801f9c3577a5f16d8f9a3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab654A.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6750.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\Installer\MSI8854.tmp
    Filesize

    509KB

    MD5

    88d29734f37bdcffd202eafcdd082f9d

    SHA1

    823b40d05a1cab06b857ed87451bf683fdd56a5e

    SHA256

    87c97269e2b68898be87b884cd6a21880e6f15336b1194713e12a2db45f1dccf

    SHA512

    1343ed80dccf0fa4e7ae837b68926619d734bc52785b586a4f4102d205497d2715f951d9acacc8c3e5434a94837820493173040dc90fb7339a34b6f3ef0288d0

    Download Submit

  • C:\Windows\Installer\MSI8B04.tmp-\CustomAction.config
    Filesize

    1KB

    MD5

    bc17e956cde8dd5425f2b2a68ed919f8

    SHA1

    5e3736331e9e2f6bf851e3355f31006ccd8caa99

    SHA256

    e4ff538599c2d8e898d7f90ccf74081192d5afa8040e6b6c180f3aa0f46ad2c5

    SHA512

    02090daf1d5226b33edaae80263431a7a5b35a2ece97f74f494cc138002211e71498d42c260395ed40aee8e4a40474b395690b8b24e4aee19f0231da7377a940

    Download Submit

  • C:\Windows\Installer\MSI8B04.tmp-\Newtonsoft.Json.dll
    Filesize

    695KB

    MD5

    715a1fbee4665e99e859eda667fe8034

    SHA1

    e13c6e4210043c4976dcdc447ea2b32854f70cc6

    SHA256

    c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

    SHA512

    bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

    Download Submit

  • C:\Windows\Installer\MSI9F90.tmp
    Filesize

    211KB

    MD5

    a3ae5d86ecf38db9427359ea37a5f646

    SHA1

    eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

    SHA256

    c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

    SHA512

    96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

    Download Submit

  • C:\Windows\Installer\f7687f5.msi
    Filesize

    2.9MB

    MD5

    6032d2452e05a12f1449182deb3ab258

    SHA1

    03a992f9020a003fe86e477ac28698afc16a73d3

    SHA256

    394659c01bd981c3a4d5840fbd624c20e3270c9defc432ff3fe6ddb482b5ad46

    SHA512

    1318d1844efe031d05499e642c9509422a9f92977b8b4c76d38c6c614d81813af4ec927d2dd807e9b7b205ab06ea1800eb4a082f1a89a4e3721a37301165e28d

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
    Filesize

    1KB

    MD5

    55540a230bdab55187a841cfe1aa1545

    SHA1

    363e4734f757bdeb89868efe94907774a327695e

    SHA256

    d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

    SHA512

    c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    63aeb35628345fb1eca8491b5619ed50

    SHA1

    c7bd0217fc76ebb43b40cf16ef4903b5dc142a91

    SHA256

    d9ec02b98cfea6d09c8b54fa75c17b7e273d3bce96fca8886683c61815e6b593

    SHA512

    34c4e362f8912588f57425568f89ec3de505c1d2bc1ebf7e67f44427b4833ebb8d8e1278a6ab498d53cf37719be847125902f9b62d4c2167b491fa4d51a0a0e8

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    88d4a01042011450a471e09f46fb2092

    SHA1

    1c4d607cd8d88e83d70085379db31e8c63b20dbc

    SHA256

    963d99017ddc3dbb90d01244d89803606757003877b6e0134231b9d869bfd854

    SHA512

    452be744532f01248d7b04b2d0809f868bc713af7d72bfbfe73e617f956a989ab94c8c103f3a2c7087723cb063ff2aea4a774817dca8e108c0499cb933e221c7

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    46838ece45149ddacf597f27d753d3d3

    SHA1

    0b2269bac46b9ef5c9ead471e59fe1127ab16388

    SHA256

    e3c8949e6b85655e146e6691615741ce5020869b78f1f8a13a95c518e0614284

    SHA512

    89110986150f87f2f90d0b22e1a5641a962da12ef82283b9e392c286cd697ec3679a46253a2d7f709b774d2a6f27226049027b09c8097667b5368974fe7a2791

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f37cebb5125f54733d5d4329332c39aa

    SHA1

    6093173fa62123b16fa71fd14ebe74c661ddcb4c

    SHA256

    6dedf83262384adcefd6523b70a30a9574d5d8324d82ee9ce5e4a4070828a9c1

    SHA512

    50b025853e4bcc8f5a57c533b6ae4c0a9f41974814d4af151cd64d939c1c0f8e397017fba2ecc5a0104dc6c99f78ea4db1caf0a0043b55fe05444e442bcd449c

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8774f9aeba7ae6bf5829793c79cbe800

    SHA1

    2b3f440667987b0341429cca481f79bacfaec02f

    SHA256

    6dcf55dd4ad7962d39b1b16f08dd4d09b04e74c69f27f3bdc9771224b20d48de

    SHA512

    b1095301e604e6ae89b2c649dd64e122ad590964170c7a253bc07d173a5d38bd4f98a48d3f12c055ef898058a69d8c4585b9f1ea916302feaa56d264d82ada71

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4f403f0176f3f66716d9821b7c1f132d

    SHA1

    80be09e0d0cf044411ee63ecd6510fb35f295350

    SHA256

    a63437dc04a15408ee7060a67304e6b08abca3c089793dc8fa8b9edc1813dbfc

    SHA512

    985c50adddd7171b9b002614ab8563069c35a888b83518a2ba78699ab76d2fd0f3222227a37b00e3e7084f1b147dbdd01a4981cad31efc5be78054283ae9763d

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    96e5557818f462e4f3c33330567b0c87

    SHA1

    f6bf1ed50e754cfbdf30b1ad8fcee77874371ec8

    SHA256

    01be863a22a40df390c9e68b53810a78caa8c5e23c4909b93aa765b10d60bebe

    SHA512

    e0fa673ad66d0cad18ee15dd9ccff49f12781f9ffd4879c2e87a4393ac527a6d4d8b5e0d6c5e04230fedf35b4710f133b328016a31e523367c172f576bbf1233

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5cfb1d8c93931370f9f98c31c8642582

    SHA1

    57b28636d25508f2b4553e47495434920b0683dc

    SHA256

    58eee337e2f4d28eb82be86e1afa5e62cd4c54a2fcc61b729e9088ff9492c596

    SHA512

    931fea5bc57bf02dd417fce8357e6ce50c3b53af8802d58de03e7f2ba535a7b0f74c9a6658cd7c0374a5f66866740676851b5746e1c7c5c866fe951db4cf0842

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    514d3c11a3ad826628aa57fd42219cf4

    SHA1

    dff02dce750dc872440b53b82f9e2493a622f4a0

    SHA256

    f619b14a69923180fee8a4c31b6d3e07643ff9a579dc7997f64e8336b5f5bc6c

    SHA512

    c786f21e71636aac15679925111df9b664ac36f8a1e5cda82ccc9e6edf7366ab89b696b88ae51e8ac8da7e3bfd6a79b626598f1f68649b86257c2a445c1edb50

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    416f4159dde72848daced5e1e34ec927

    SHA1

    5f0fbaf691e0bdfa7c6e0122bd629de97098222b

    SHA256

    c59e872e84c74be7b7873c828408180963d6c59a12e254c11922281bb5f940d4

    SHA512

    bdb1b8b922e66aba568309c9b9e29a16eee806b8f83be11f772d44f131c996cdbfa88b3916019a4190c6db2e7960cf9360966406f3262d258074f660d86417b0

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    78bdf7e6b610650f8830c25aac162687

    SHA1

    483e91f8a816515a3cd9539739383b513bf7850d

    SHA256

    eae1d13cf4608bb6c77b487ebc9c0e56373bc2f7e044bb431695c1550305fcb0

    SHA512

    9840a9f50ac4d4fe5262478b5422448d6cdbcbd9921429e8cfdfa6e6b5abc1caa740bc7f8179b65cdeb2a7553e7c730c0774cad71388805652b718cc759a8a82

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    a2b6e4fd2f5ef0e069c07aa27d5554ef

    SHA1

    c6275ee70386dba96885ece983ade0b651e1ef0a

    SHA256

    63a011f397a15921ced6336ad32fe128f78c94e2975544f3e78f344d58d61eb2

    SHA512

    306b502d585ed64e2a0a522ffef2aed82b4320eb078cec92ebbc3bd7452b0bd17df9ad58f11f7c559a8229974bc993b79e2a60ed3fe7f75c4cf5ee9c9ae589b1

    Download Submit

  • C:\Windows\Temp\CabB75D.tmp
    Filesize

    29KB

    MD5

    d59a6b36c5a94916241a3ead50222b6f

    SHA1

    e274e9486d318c383bc4b9812844ba56f0cff3c6

    SHA256

    a38d01d3f024e626d579cf052ac3bd4260bb00c34bc6085977a5f4135ab09b53

    SHA512

    17012307955fef045e7c13bf0613bd40df27c29778ba6572640b76c18d379e02dc478e855c9276737363d0ad09b9a94f2adaa85da9c77ebb3c2d427aa68e2489

    Download Submit

  • C:\Windows\Temp\TarB770.tmp
    Filesize

    81KB

    MD5

    b13f51572f55a2d31ed9f266d581e9ea

    SHA1

    7eef3111b878e159e520f34410ad87adecf0ca92

    SHA256

    725980edc240c928bec5a5f743fdabeee1692144da7091cf836dc7d0997cef15

    SHA512

    f437202723b2817f2fef64b53d4eb67f782bdc61884c0c1890b46deca7ca63313ee2ad093428481f94edfcecd9c77da6e72b604998f7d551af959dbd6915809c

    Download Submit

  • \Windows\Installer\MSI8854.tmp-\AlphaControlAgentInstallation.dll
    Filesize

    25KB

    MD5

    aa1b9c5c685173fad2dabebeb3171f01

    SHA1

    ed756b1760e563ce888276ff248c734b7dd851fb

    SHA256

    e44a6582cd3f84f4255d3c230e0a2c284e0cffa0ca5e62e4d749e089555494c7

    SHA512

    d3bfb4bd7e7fdb7159fbfc14056067c813ce52cdd91e885bdaac36820b5385fb70077bf58ec434d31a5a48245eb62b6794794618c73fe7953f79a4fc26592334

    Download Submit

  • \Windows\Installer\MSI8854.tmp-\Microsoft.Deployment.WindowsInstaller.dll
    Filesize

    179KB

    MD5

    1a5caea6734fdd07caa514c3f3fb75da

    SHA1

    f070ac0d91bd337d7952abd1ddf19a737b94510c

    SHA256

    cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

    SHA512

    a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

    Download Submit

  • memory/768-1133-0x0000000000D70000-0x0000000000DA8000-memory.dmp

    Filesize

    224KB

    Download

  • memory/768-296-0x000000001AA70000-0x000000001AB22000-memory.dmp

    Filesize

    712KB

    Download

  • memory/848-72-0x0000000000B60000-0x0000000000B8E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/848-76-0x0000000000BA0000-0x0000000000BAC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2108-101-0x0000000000450000-0x000000000047E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2108-109-0x0000000004A10000-0x0000000004AC2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2108-105-0x00000000004A0000-0x00000000004AC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2172-245-0x000000001AAE0000-0x000000001AB78000-memory.dmp

    Filesize

    608KB

    Download

  • memory/2172-233-0x00000000002B0000-0x00000000002D8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2220-1242-0x0000000000E80000-0x0000000000EC2000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2220-1244-0x0000000000C40000-0x0000000000CF0000-memory.dmp

    Filesize

    704KB

    Download

  • memory/2220-1245-0x0000000000470000-0x000000000048C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/2436-313-0x00000000048D0000-0x0000000004982000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2436-309-0x0000000000390000-0x000000000039C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2436-305-0x0000000000850000-0x000000000087E000-memory.dmp

    Filesize

    184KB

    Download