Overview

overview

10

Static

static

10

SEFAZ-Sync.msi

windows7-x64

10

SEFAZ-Sync.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    11/02/2025, 10:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SEFAZ-Sync.msi

  • Size

    2.9MB

  • MD5

    9a70f71e961db28a61f88b5a401cc6b9

  • SHA1

    afc84d322954f1c543a24f354885a2a9938a9118

  • SHA256

    d86cd0522385c94d127a8a687fcde9bbfe2f025d061b050458b03a75e908a97a

  • SHA512

    b9747e78e6b03631093ac57a3bd6a7c8ab1f2ee724589db1fd9e282ef5f3be81e0499652977567f815bcf26d1f3fa3470e7b59890986ced94043b8c0d37da209

  • SSDEEP

    49152:++1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:++lUlz9FKbsodq0YaH7ZPxMb8tT

Score
10/10
ateraagentdiscoverypersistenceprivilege_escalationrat

Malware Config

Signatures

  • AteraAgent

    AteraAgent is a remote monitoring and management tool.

    ratateraagent
  • Ateraagent family
    ateraagent
  • Detects AteraAgent 1 IoCs
  • Blocklisted process makes network request 7 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 20 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 18 IoCs
  • Drops file in Windows directory 37 IoCs
  • Executes dropped EXE 3 IoCs
  • Launches sc.exe 1 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Loads dropped DLL 35 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Kills process with taskkill 1 IoCs
    defense_evasion
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 22 IoCs
  • Modifies system certificate store 2 TTPs 6 IoCs
    defense_evasionspywaretrojan
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 63 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\SEFAZ-Sync.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2108
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2648
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 2ED0D953A2DE86DF57DBD085F3221C59
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1940
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI5295.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259478397 1 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
        3⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:580
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI55A2.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259479005 5 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
        3⤵
        • Blocklisted process makes network request
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:2424
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI7A52.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259488381 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
        3⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:1936
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI88F9.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259492094 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
        3⤵
        • Blocklisted process makes network request
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:1532
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 992400C4E9CAAD24E10FDC890312F727 M Global\MSI0000
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2808
      • C:\Windows\syswow64\NET.exe
        "NET" STOP AteraAgent
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2788
        • C:\Windows\SysWOW64\net1.exe
          C:\Windows\system32\net1 STOP AteraAgent
          4⤵
          • System Location Discovery: System Language Discovery
          PID:1272
      • C:\Windows\syswow64\TaskKill.exe
        "TaskKill.exe" /f /im AteraAgent.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Kills process with taskkill
        PID:2484
    • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
      "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="[email protected]" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000QGcbqIAD" /AgentId="967dee34-fdb4-4b1d-8306-b689e64bfaa0"
      2⤵
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      PID:1960
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2560
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "0000000000000564" "0000000000000068"
    1⤵
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    PID:1732
  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
    "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Executes dropped EXE
    • Modifies data under HKEY_USERS
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1896
    • C:\Windows\System32\sc.exe
      "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
      2⤵
      • Launches sc.exe
      PID:2404
    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 967dee34-fdb4-4b1d-8306-b689e64bfaa0 "b33b11c0-153c-4782-a4ac-c201efff044d" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000QGcbqIAD
      2⤵
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      PID:592

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Config.Msi\f7751ca.rbs
    Filesize

    8KB

    MD5

    47064c64a24d5837c9476fe6077db250

    SHA1

    599801fae6e8335cb1b73a9dcd3ebca1935ae60d

    SHA256

    2924b050a6ec80b042a15c74be8ef199d9caf50d991da84c5f6daaa5e936435a

    SHA512

    c166e825feb67e79c03f05ed2ade92dd5e6c2e35982dacbd4786d868a4f6503338820e4385aa5f2b78d246cdb81c167de40aff38667de32592976255c0f1299f

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
    Filesize

    142KB

    MD5

    477293f80461713d51a98a24023d45e8

    SHA1

    e9aa4e6c514ee951665a7cd6f0b4a4c49146241d

    SHA256

    a96a0ba7998a6956c8073b6eff9306398cc03fb9866e4cabf0810a69bb2a43b2

    SHA512

    23f3bd44a5fb66be7fea3f7d6440742b657e4050b565c1f8f4684722502d46b68c9e54dcc2486e7de441482fcc6aa4ad54e94b1d73992eb5d070e2a17f35de2f

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config
    Filesize

    1KB

    MD5

    b3bb71f9bb4de4236c26578a8fae2dcd

    SHA1

    1ad6a034ccfdce5e3a3ced93068aa216bd0c6e0e

    SHA256

    e505b08308622ad12d98e1c7a07e5dc619a2a00bcd4a5cbe04fe8b078bcf94a2

    SHA512

    fb6a46708d048a8f964839a514315b9c76659c8e1ab2cd8c5c5d8f312aa4fb628ab3ce5d23a793c41c13a2aa6a95106a47964dad72a5ecb8d035106fc5b7ba71

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll
    Filesize

    210KB

    MD5

    c106df1b5b43af3b937ace19d92b42f3

    SHA1

    7670fc4b6369e3fb705200050618acaa5213637f

    SHA256

    2b5b7a2afbc88a4f674e1d7836119b57e65fae6863f4be6832c38e08341f2d68

    SHA512

    616e45e1f15486787418a2b2b8eca50cacac6145d353ff66bf2c13839cd3db6592953bf6feed1469db7ddf2f223416d5651cd013fb32f64dc6c72561ab2449ae

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll
    Filesize

    693KB

    MD5

    2c4d25b7fbd1adfd4471052fa482af72

    SHA1

    fd6cd773d241b581e3c856f9e6cd06cb31a01407

    SHA256

    2a7a84768cc09a15362878b270371daad9872caacbbeebe7f30c4a7ed6c03ca7

    SHA512

    f7f94ec00435466db2fb535a490162b906d60a3cfa531a36c4c552183d62d58ccc9a6bb8bbfe39815844b0c3a861d3e1f1178e29dbcb6c09fa2e6ebbb7ab943a

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.INI
    Filesize

    12B

    MD5

    1e065e191e89cc811ff49c96fa8fa5e6

    SHA1

    bc50ff2a20a8b83683583684fcac640a91689ed4

    SHA256

    d88faf6d47342587ea5fbcaf2ef88fb403f7fcdc08fcab67d4f4f381c237a61e

    SHA512

    5a710e168316c30ca10f7b126e870621f46cca6200e206a9984d144abd11fea045bc475599b18597bbed1e4f00e832d94576837f643b22ffaee56871629290dd

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
    Filesize

    247KB

    MD5

    aa5cf64d575b7544eefd77f256c4dc57

    SHA1

    bd23989db4f9af0aae34d032e817d802c06ca5a9

    SHA256

    79c5afd94d0ffa3519a90e691a6d47f9c2eec93277f7d369aa34e64b171fc920

    SHA512

    774aeb5188c536d556a8c7a0cd3dfd9ab22d7bc0ad13353d11c9153232585da352552a69eb967a741372a99db490df355a5a47696b2ea446582c834c963cfeff

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config
    Filesize

    546B

    MD5

    158fb7d9323c6ce69d4fce11486a40a1

    SHA1

    29ab26f5728f6ba6f0e5636bf47149bd9851f532

    SHA256

    5e38ef232f42f9b0474f8ce937a478200f7a8926b90e45cb375ffda339ec3c21

    SHA512

    7eefcc5e65ab4110655e71bc282587e88242c15292d9c670885f0daae30fa19a4b059390eb8e934607b8b14105e3e25d7c5c1b926b6f93bdd40cbd284aaa3ceb

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll
    Filesize

    94KB

    MD5

    c69c7690482c75a8fc70df2990d7afc6

    SHA1

    79d72d32a03151823bbf0953d5c2ce6bc2bde4b1

    SHA256

    580415595e5936d5f3945e9eeee63f6f4dbacd327aa46e2b7625b638715c27f5

    SHA512

    ed80ade3519345552ca74958efc9c122de840d2844baa08c94400f15168b6fc25377628a55ed12488ea790aaa40bc5bb77b6586de4f1ecd296902bbe36fba4f4

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll
    Filesize

    688KB

    MD5

    111e2e63bccead95bb5ffc53c9282070

    SHA1

    eaae7df21e291aa089bc101b1e265ca202be1225

    SHA256

    9615fe5fe63c48b13ffd8c9bc76170a9ed1cfea6a3d0901e857a1c6c6edaea76

    SHA512

    ffc818615fb30e24633c90b8f5a55c100b5f307414ec54e5a2914bb4ea36d3fb3aa6ed0e5815976a2f6d1b7f056e7da1f108a8eed81b458decebe721ad30b920

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\log.txt
    Filesize

    23KB

    MD5

    a92029b6d8844658221a90d07534cfbb

    SHA1

    8fe314f4e20b52ec2f04148a1fb371b7f8f2e11a

    SHA256

    2f5481efe4335e319a4af0b410ecef323fec78d3eb6fe7f58ba162265ef2655f

    SHA512

    837fca66f014605fcc9a117e9d688e06551ab804db8e042144e0a1a01aad6f09ad71ed6a1fa7ee2828cf8773e8dfd693566b3131de38ee13ef09c839e7444288

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll
    Filesize

    588KB

    MD5

    17d74c03b6bcbcd88b46fcc58fc79a0d

    SHA1

    bc0316e11c119806907c058d62513eb8ce32288c

    SHA256

    13774cc16c1254752ea801538bfb9a9d1328f8b4dd3ff41760ac492a245fbb15

    SHA512

    f1457a8596a4d4f9b98a7dcb79f79885fa28bd7fc09a606ad3cd6f37d732ec7e334a64458e51e65d839ddfcdf20b8b5676267aa8ced0080e8cf81a1b2291f030

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt
    Filesize

    214B

    MD5

    550a7c80562c891fcd4e45625ede4003

    SHA1

    cfaf3f30232a3e66e051864e0a1794eb87695e4c

    SHA256

    0b07ea832e9aa07c68b35eea192ef3693b4dda6eb3fbac35844dd7e04c888c2c

    SHA512

    e514cccc80d1c428702c189f1e64e75613b751c40d34ce158c8f806c4b8a69be81dd941852a5396a9ad892f7ff67f51ab8f421f18626cbecbc719f8af498d65b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
    Filesize

    471B

    MD5

    e242e879ac7e69a50d90b031da6dd7be

    SHA1

    664aedee6aed13e5ffb04b2e55027b62a1dca424

    SHA256

    117ea178466c2511e2a5f8aa6ba60aa395e33d47ca8a7778d7126b172b4bc7ed

    SHA512

    252515fab4dbefe9a820ce3c972a5596a017ffc94bdaec9bf1cba97debe9d516949f19936ac50a604d4f6822b0254e740dd52f53482101ae39be9a20875387b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
    Filesize

    727B

    MD5

    17c3144b951201b5c7ba287c302e30db

    SHA1

    aae8469d67066d1def775b7e2a24de2ff312c642

    SHA256

    347c70bbd5ac08ce5107a28597033c075b518d1404703dfdc2043cc36ab56c00

    SHA512

    088550c13e80ebf16b4bb542a0a3ba1df2c9d3a98008b293accd1a1aa4019c0917bb970d8b349afd9fb365c892107251d5aea5f16d27bb18c582545ebd64a6c6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
    Filesize

    727B

    MD5

    d7909c7cd997af5e26a89920cd8b320a

    SHA1

    058e556bd3abd9b117a6a159f1f9baef60ba9bc5

    SHA256

    45c8301f0b9cd3c3a363ce79b38d3b1488eab1ab81782ec375a16101ed7e740b

    SHA512

    03c41ce3220fd87e22911ee5a4571bc374eb4f93871c39fd4419b91b4ed110cdcedb6138e652ba7d5937573bee5fa7d18346692c4be779210d31d0d50d3f0256

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
    Filesize

    400B

    MD5

    0369e02e6fdf2762d0bee737dcffa231

    SHA1

    2a283c4e4d3515798970f1c8e98ee2ee4afd07c4

    SHA256

    23b44e6a55992c2c6074cb7f6e58893ed3d10c0d9c22e222e60a37a38d3d68f1

    SHA512

    fccab5d7dad216aec825408d65e02a77d4b6735986d65c04d037a99c41e97a9f015e3874bc3900faa7a95734a0d12221e0f55bb70b7fd8bdc123cb4f130c9723

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
    Filesize

    404B

    MD5

    792f397ebea2f4b15d920d476a5bc257

    SHA1

    20a51defd7b83fd32a92eebd5aa3d86ffa058ed8

    SHA256

    fec4cc9ea5bdca7abce3c62b14b52e37b9aaae300e8563cf1fadd28df2be3b45

    SHA512

    b6c7f05ef733bb0e6971cd27c85ced85345f2faa359df20b7b2ee7756858bd44c564d0872afeb5f7c686436cfc6e9689fdbc3a1f70d26b28b4bd51a08e61c5fb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b327d17a08bff752c91f2f0740322d35

    SHA1

    c02fb62e606d9278f77b9a95ffbda1c8d997d5ee

    SHA256

    595d8b01e132e6e39b8522c8c07d11bf37008c19f23c21e320a16807c4879248

    SHA512

    8523d047d10162e6696ae4829bd49846b26a37fcb3063831c86915d8f1df236d816e58f10f62617927f9dee109504542d0f0e3e08dd1aa36def528be9c881936

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e1e8c6d9480eca88fc37db21191849e7

    SHA1

    2c0eb4d36dd72986e525442921681a8b77213200

    SHA256

    ffd38cf8474b5485aee8b97d0139d80bb3c6218d6c52d58394e3cebee1149275

    SHA512

    2080f43b63b6c0513f70638bb4e5512f198fdd2c8b5ac44286f1df61ecf61aa00ecdb139974fa4e7b4d8b3dec29e50ca6e400e2b55ec616f076bce56b59d2199

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
    Filesize

    412B

    MD5

    4609df6403e65066063aabe3875ed8b2

    SHA1

    626837794f0fb108f1655afd3e1c258ed9230086

    SHA256

    8a43d50ae251a8a50352cd6174d87d1449c8c766fa464c5325939007811595c5

    SHA512

    efe6e2e182bf28ad83d9ee842270417aad4d47fd2bfb3b779279f6eed4bf33c7f94e2a26fe4c8fde0756f6727272acaef7303af048074163065ca46f3281e7d6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab1F65.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar2C43.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\Installer\MSI5295.tmp
    Filesize

    509KB

    MD5

    88d29734f37bdcffd202eafcdd082f9d

    SHA1

    823b40d05a1cab06b857ed87451bf683fdd56a5e

    SHA256

    87c97269e2b68898be87b884cd6a21880e6f15336b1194713e12a2db45f1dccf

    SHA512

    1343ed80dccf0fa4e7ae837b68926619d734bc52785b586a4f4102d205497d2715f951d9acacc8c3e5434a94837820493173040dc90fb7339a34b6f3ef0288d0

    Download Submit

  • C:\Windows\Installer\MSI55A2.tmp-\CustomAction.config
    Filesize

    1KB

    MD5

    bc17e956cde8dd5425f2b2a68ed919f8

    SHA1

    5e3736331e9e2f6bf851e3355f31006ccd8caa99

    SHA256

    e4ff538599c2d8e898d7f90ccf74081192d5afa8040e6b6c180f3aa0f46ad2c5

    SHA512

    02090daf1d5226b33edaae80263431a7a5b35a2ece97f74f494cc138002211e71498d42c260395ed40aee8e4a40474b395690b8b24e4aee19f0231da7377a940

    Download Submit

  • C:\Windows\Installer\MSI7BAB.tmp
    Filesize

    211KB

    MD5

    a3ae5d86ecf38db9427359ea37a5f646

    SHA1

    eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

    SHA256

    c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

    SHA512

    96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

    Download Submit

  • C:\Windows\Installer\f7751c8.msi
    Filesize

    2.9MB

    MD5

    9a70f71e961db28a61f88b5a401cc6b9

    SHA1

    afc84d322954f1c543a24f354885a2a9938a9118

    SHA256

    d86cd0522385c94d127a8a687fcde9bbfe2f025d061b050458b03a75e908a97a

    SHA512

    b9747e78e6b03631093ac57a3bd6a7c8ab1f2ee724589db1fd9e282ef5f3be81e0499652977567f815bcf26d1f3fa3470e7b59890986ced94043b8c0d37da209

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
    Filesize

    1KB

    MD5

    55540a230bdab55187a841cfe1aa1545

    SHA1

    363e4734f757bdeb89868efe94907774a327695e

    SHA256

    d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

    SHA512

    c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
    Filesize

    230B

    MD5

    66e55619d2e9a04e4a61e2dbfa324b22

    SHA1

    88a9a6ef4f036ae7758548435f37d7d41c8ec9ad

    SHA256

    d879e95c43f9c4ed0bb349fd38e9e4bc184004f73849b819e0103987b8bb20b1

    SHA512

    9585ce7af201b0864a80683336450bdf79751ea76f5c5801c826fc08f8cf76105dd4a816982f96a58ae226ff277cedebdb4ce826f66e5178e4f0487113bed250

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7f0851a39e27079a715759b0665e330c

    SHA1

    7903125ef5f6b6cbda57a9ce4a85595f4972565f

    SHA256

    1b02a29ff605fe813fa4ad1ed9cf38f901e72a3b795bd7a5d6f27ea09e6e0d2b

    SHA512

    5967c7bf4eebe8e5cf11ce75c4b000822cb998940b6b4a37432d749928a9fd70c9452079efc2db8a04fcddacdd2cc9861d7b596fcf169a75e427d3dfeb00698b

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c7f4ccbbb72d1f222e6c61732fcf04fa

    SHA1

    eb7aec2225e3b07099fdb06e40e8ebf0a7f181ff

    SHA256

    3d7325405e50993b24cab30b2d18ceddd6054d1b3c590aaaac7b3b970f2562cf

    SHA512

    4dc17e484143a35ce7ed5117d9d2e192b080264c7c3c75f2041f60528606321b16c29b91520af81f1efb60f26343ccf549220c4b337cb611f3bf78401c5ac52d

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0182e7158fb10fd636d11e0016a378ae

    SHA1

    df745edb4e64c3e0ce97bc96f63cad4fa745fd4b

    SHA256

    0bb5f9e2d5274038492a27d62ccda7f91dbb1400dca4fa97de4932c69a96fa50

    SHA512

    11c05fa094ef995fdfe35b1a479144ba2d6972bc1e22cfc74cca65a410aacb0a51fc1c4b798468aef37acace5d2ded29e4569de0926f12f95f3ce17f5dc44e89

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4287aa2e50350bf9769a0edbfffda7fe

    SHA1

    8629ec5497c4eb61c1978a0b367cc985efb2e839

    SHA256

    718bc95ddc4ce78fdde25072faac13297f77dcbb887f46be5b9a7928efbeffcb

    SHA512

    6ca67155d18815e8316a6416440f5ad5ee4543617092a87fbfc05172732c167b87c8f3c530a6b2489fb1c38fc53f73a7c057556dde71e3644425eebb213a4653

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d1d45c9d5e970d2edeb3ab87f740dcd1

    SHA1

    e71ef92ad1e4d988a54f35c76a1194ad10e77060

    SHA256

    f67992e27bf78e8ca1aade9701c2c3e3cfb12cdc92217e31f3e0b778095e3403

    SHA512

    837ef74fe625b1669520d85282e8f0b2019d72423e043ee7f5e29adc450c8bd9ed93685b63c7c52ba5a6269dd32cdf255f8488e1c04ebe392eae3aac3577d133

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c70102da93daf2ce7b55daf9d151f28a

    SHA1

    e004002c1b01d484b13cfa63ec789afec57400d4

    SHA256

    8c758b134b444d0a877828ced65d001c2d6551b6ab4362a58c2c61af58923015

    SHA512

    5e45451986975d9c4f4664da69032e0b9843a3166db742d76a6cdd667358833bea91b1a40ad7d81f5097d0f66f2acbd3a8f7a43a81b0b743fe0878510524dca9

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    16503200857556db2c2a83386819c51b

    SHA1

    ef92dd6b3c5ab61c473bab62ddd1278c3d13c756

    SHA256

    ff345be039e636fcded7ec1eed3c5d1ec49182c8ab0553f05ed9a5f2cc13a9e4

    SHA512

    d66f2b13327a27a2443d4efad1c3855536f5db1872eb669942963d3137c3b23c167c75172b47603bc7be5f0c91b24da53f256e32127e4364122870cdd0f0922d

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    06a63a7c5570976557de4380e36a4204

    SHA1

    bfb4525c126c2ad30c4bdc0a102ff84bcddf6912

    SHA256

    03130d9b2a197358c429a70e200af3ac0e9a3cb11efa3bd651bd965c92f331cd

    SHA512

    3653d4d2dd002d22dac320855cdbdb82d6ada754c1569598b09142ea0da97a125d96edcb1d27e5b159059d5a30bd241353dffaf3be4fd43f3d71918c4ffb256c

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    949d7b0c2700b6dd593f5e8c6c7f7bb5

    SHA1

    1e2ead6c4bb883800c907f9591e8a21771067686

    SHA256

    134f2e4998e4a8ddfb5e1330e0f7e13ba3b0fbdeaf83b8bdff9acca78e830ae6

    SHA512

    3b4647d7672fc2972e0bac34375ed8f9dc2f911e836b5d84af6f747282ddebf2ae38a62f37cb450648d4dfd6dc30e8524394d25cf9259551a898ccac513317cf

    Download Submit

  • C:\Windows\Temp\Cab9695.tmp
    Filesize

    29KB

    MD5

    d59a6b36c5a94916241a3ead50222b6f

    SHA1

    e274e9486d318c383bc4b9812844ba56f0cff3c6

    SHA256

    a38d01d3f024e626d579cf052ac3bd4260bb00c34bc6085977a5f4135ab09b53

    SHA512

    17012307955fef045e7c13bf0613bd40df27c29778ba6572640b76c18d379e02dc478e855c9276737363d0ad09b9a94f2adaa85da9c77ebb3c2d427aa68e2489

    Download Submit

  • C:\Windows\Temp\Tar96A7.tmp
    Filesize

    81KB

    MD5

    b13f51572f55a2d31ed9f266d581e9ea

    SHA1

    7eef3111b878e159e520f34410ad87adecf0ca92

    SHA256

    725980edc240c928bec5a5f743fdabeee1692144da7091cf836dc7d0997cef15

    SHA512

    f437202723b2817f2fef64b53d4eb67f782bdc61884c0c1890b46deca7ca63313ee2ad093428481f94edfcecd9c77da6e72b604998f7d551af959dbd6915809c

    Download Submit

  • \Windows\Installer\MSI5295.tmp-\AlphaControlAgentInstallation.dll
    Filesize

    25KB

    MD5

    aa1b9c5c685173fad2dabebeb3171f01

    SHA1

    ed756b1760e563ce888276ff248c734b7dd851fb

    SHA256

    e44a6582cd3f84f4255d3c230e0a2c284e0cffa0ca5e62e4d749e089555494c7

    SHA512

    d3bfb4bd7e7fdb7159fbfc14056067c813ce52cdd91e885bdaac36820b5385fb70077bf58ec434d31a5a48245eb62b6794794618c73fe7953f79a4fc26592334

    Download Submit

  • \Windows\Installer\MSI5295.tmp-\Microsoft.Deployment.WindowsInstaller.dll
    Filesize

    179KB

    MD5

    1a5caea6734fdd07caa514c3f3fb75da

    SHA1

    f070ac0d91bd337d7952abd1ddf19a737b94510c

    SHA256

    cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

    SHA512

    a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

    Download Submit

  • \Windows\Installer\MSI55A2.tmp-\Newtonsoft.Json.dll
    Filesize

    695KB

    MD5

    715a1fbee4665e99e859eda667fe8034

    SHA1

    e13c6e4210043c4976dcdc447ea2b32854f70cc6

    SHA256

    c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

    SHA512

    bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

    Download Submit

  • memory/580-72-0x0000000000440000-0x000000000046E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/580-76-0x0000000000480000-0x000000000048C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/592-1060-0x0000000000DF0000-0x0000000000EA0000-memory.dmp

    Filesize

    704KB

    Download

  • memory/592-1057-0x0000000000170000-0x00000000001B2000-memory.dmp

    Filesize

    264KB

    Download

  • memory/592-1062-0x0000000000440000-0x000000000045C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/1532-313-0x00000000049C0000-0x0000000004A72000-memory.dmp

    Filesize

    712KB

    Download

  • memory/1532-305-0x0000000000A40000-0x0000000000A6E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1532-309-0x00000000008A0000-0x00000000008AC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1896-962-0x0000000000D00000-0x0000000000D38000-memory.dmp

    Filesize

    224KB

    Download

  • memory/1896-300-0x0000000000DD0000-0x0000000000E82000-memory.dmp

    Filesize

    712KB

    Download

  • memory/1960-233-0x0000000000330000-0x0000000000358000-memory.dmp

    Filesize

    160KB

    Download

  • memory/1960-245-0x00000000022A0000-0x0000000002338000-memory.dmp

    Filesize

    608KB

    Download

  • memory/2424-109-0x0000000004C80000-0x0000000004D32000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2424-105-0x0000000002150000-0x000000000215C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2424-101-0x00000000023C0000-0x00000000023EE000-memory.dmp

    Filesize

    184KB

    Download