Overview

overview

10

Static

static

10

NF-572.msi

windows7-x64

10

NF-572.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20250207-en
  • resource tags

    arch:x64arch:x86image:win7-20250207-enlocale:en-usos:windows7-x64system
  • submitted
    13/02/2025, 15:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NF-572.msi

  • Size

    2.9MB

  • MD5

    e8b1181705de08e000d887191f399a06

  • SHA1

    1b9db77f4cc5d42bcab04cf6af2ca2069b7754e8

  • SHA256

    a6b86df4bdf042ad8fd4b5662d93b0359bb3e2f747081f7ca31408d5d9e4bda7

  • SHA512

    4f9901b316554d92a1f1d3e79ad860207ff36d226f09d780e89e1104f4b74e4fce6d452e963ff4a75f2c52216f0ab08a828caa2e016e7cae221ce0706ebde82c

  • SSDEEP

    49152:t+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:t+lUlz9FKbsodq0YaH7ZPxMb8tT

Score
10/10
ateraagentdiscoverypersistenceprivilege_escalationrat

Malware Config

Signatures

  • AteraAgent

    AteraAgent is a remote monitoring and management tool.

    ratateraagent
  • Ateraagent family
    ateraagent
  • Detects AteraAgent 1 IoCs
  • Blocklisted process makes network request 7 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 20 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 18 IoCs
  • Drops file in Windows directory 37 IoCs
  • Executes dropped EXE 3 IoCs
  • Launches sc.exe 1 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Loads dropped DLL 35 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Kills process with taskkill 1 IoCs
    defense_evasion
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 22 IoCs
  • Modifies system certificate store 2 TTPs 4 IoCs
    defense_evasionspywaretrojan
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 63 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\NF-572.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2484
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2740
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding ADA5A04D86C08681DC49DC4681B039A4
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1248
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI1641.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259462890 1 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
        3⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:1228
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI1A28.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259463811 5 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
        3⤵
        • Blocklisted process makes network request
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:2160
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI64CF.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259482905 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
        3⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:2172
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI72FA.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259486447 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
        3⤵
        • Blocklisted process makes network request
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:1304
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding DBD933D02E18D7B263DB27819556F55F M Global\MSI0000
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2816
      • C:\Windows\syswow64\NET.exe
        "NET" STOP AteraAgent
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1108
        • C:\Windows\SysWOW64\net1.exe
          C:\Windows\system32\net1 STOP AteraAgent
          4⤵
          • System Location Discovery: System Language Discovery
          PID:2744
      • C:\Windows\syswow64\TaskKill.exe
        "TaskKill.exe" /f /im AteraAgent.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Kills process with taskkill
        PID:2884
    • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
      "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="[email protected]" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000QLiNHIA1" /AgentId="8158a8bc-8c46-4c49-982a-b86ffec29f0c"
      2⤵
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      PID:296
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2876
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000002A8" "0000000000000498"
    1⤵
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    PID:1692
  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
    "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Executes dropped EXE
    • Modifies data under HKEY_USERS
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2464
    • C:\Windows\System32\sc.exe
      "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
      2⤵
      • Launches sc.exe
      PID:2308
    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 8158a8bc-8c46-4c49-982a-b86ffec29f0c "78d3650e-c71c-4221-9d40-b3e747c4ad1d" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000QLiNHIA1
      2⤵
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      PID:2236

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Config.Msi\f7715b4.rbs
    Filesize

    8KB

    MD5

    61025655bbd71714ff933bb3ca6d691e

    SHA1

    ad61399063896ae455ef9595092117341e40c079

    SHA256

    cafcdab9a90efcc5eac693c8448146d4a56a13555640f686342ea10b5077b4c5

    SHA512

    1378af93f4d428072ca847932eb7abfaf366967cf48f33b6ad7768c296df94ba325596b2e0cf6a33f2b85974cd816f2fc651abe48beaf0c11ee2ae6ac7ef7b2d

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
    Filesize

    142KB

    MD5

    477293f80461713d51a98a24023d45e8

    SHA1

    e9aa4e6c514ee951665a7cd6f0b4a4c49146241d

    SHA256

    a96a0ba7998a6956c8073b6eff9306398cc03fb9866e4cabf0810a69bb2a43b2

    SHA512

    23f3bd44a5fb66be7fea3f7d6440742b657e4050b565c1f8f4684722502d46b68c9e54dcc2486e7de441482fcc6aa4ad54e94b1d73992eb5d070e2a17f35de2f

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config
    Filesize

    1KB

    MD5

    b3bb71f9bb4de4236c26578a8fae2dcd

    SHA1

    1ad6a034ccfdce5e3a3ced93068aa216bd0c6e0e

    SHA256

    e505b08308622ad12d98e1c7a07e5dc619a2a00bcd4a5cbe04fe8b078bcf94a2

    SHA512

    fb6a46708d048a8f964839a514315b9c76659c8e1ab2cd8c5c5d8f312aa4fb628ab3ce5d23a793c41c13a2aa6a95106a47964dad72a5ecb8d035106fc5b7ba71

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll
    Filesize

    210KB

    MD5

    c106df1b5b43af3b937ace19d92b42f3

    SHA1

    7670fc4b6369e3fb705200050618acaa5213637f

    SHA256

    2b5b7a2afbc88a4f674e1d7836119b57e65fae6863f4be6832c38e08341f2d68

    SHA512

    616e45e1f15486787418a2b2b8eca50cacac6145d353ff66bf2c13839cd3db6592953bf6feed1469db7ddf2f223416d5651cd013fb32f64dc6c72561ab2449ae

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll
    Filesize

    693KB

    MD5

    2c4d25b7fbd1adfd4471052fa482af72

    SHA1

    fd6cd773d241b581e3c856f9e6cd06cb31a01407

    SHA256

    2a7a84768cc09a15362878b270371daad9872caacbbeebe7f30c4a7ed6c03ca7

    SHA512

    f7f94ec00435466db2fb535a490162b906d60a3cfa531a36c4c552183d62d58ccc9a6bb8bbfe39815844b0c3a861d3e1f1178e29dbcb6c09fa2e6ebbb7ab943a

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.INI
    Filesize

    12B

    MD5

    1e065e191e89cc811ff49c96fa8fa5e6

    SHA1

    bc50ff2a20a8b83683583684fcac640a91689ed4

    SHA256

    d88faf6d47342587ea5fbcaf2ef88fb403f7fcdc08fcab67d4f4f381c237a61e

    SHA512

    5a710e168316c30ca10f7b126e870621f46cca6200e206a9984d144abd11fea045bc475599b18597bbed1e4f00e832d94576837f643b22ffaee56871629290dd

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
    Filesize

    247KB

    MD5

    aa5cf64d575b7544eefd77f256c4dc57

    SHA1

    bd23989db4f9af0aae34d032e817d802c06ca5a9

    SHA256

    79c5afd94d0ffa3519a90e691a6d47f9c2eec93277f7d369aa34e64b171fc920

    SHA512

    774aeb5188c536d556a8c7a0cd3dfd9ab22d7bc0ad13353d11c9153232585da352552a69eb967a741372a99db490df355a5a47696b2ea446582c834c963cfeff

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config
    Filesize

    546B

    MD5

    158fb7d9323c6ce69d4fce11486a40a1

    SHA1

    29ab26f5728f6ba6f0e5636bf47149bd9851f532

    SHA256

    5e38ef232f42f9b0474f8ce937a478200f7a8926b90e45cb375ffda339ec3c21

    SHA512

    7eefcc5e65ab4110655e71bc282587e88242c15292d9c670885f0daae30fa19a4b059390eb8e934607b8b14105e3e25d7c5c1b926b6f93bdd40cbd284aaa3ceb

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll
    Filesize

    588KB

    MD5

    17d74c03b6bcbcd88b46fcc58fc79a0d

    SHA1

    bc0316e11c119806907c058d62513eb8ce32288c

    SHA256

    13774cc16c1254752ea801538bfb9a9d1328f8b4dd3ff41760ac492a245fbb15

    SHA512

    f1457a8596a4d4f9b98a7dcb79f79885fa28bd7fc09a606ad3cd6f37d732ec7e334a64458e51e65d839ddfcdf20b8b5676267aa8ced0080e8cf81a1b2291f030

    Download Submit

  • C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt
    Filesize

    216B

    MD5

    3304c2b1c014bb5e8950f106c656ca5e

    SHA1

    c1f41b2db93556283515183b14c6e023192b3a4c

    SHA256

    36969ea055ea9d2c8f2fd95501351e53e39f08b59e65f223c2a8ac8879afa92e

    SHA512

    c7496e76036c4502fe68a73916c6e42939009f41b5b986c108b21c2c0b7b701f53356629dc01548ca4f5a5ce637d4c6e67d105273b4b5691193c3196ce6d46a2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
    Filesize

    471B

    MD5

    8720bce124017994e24f8e54df11d750

    SHA1

    0a5a8e69947ab9958db88492527da622646358c2

    SHA256

    ce82485bd75497deaffa9bc0522c30ceff79dae0fb8d1e5cdae08103495ce885

    SHA512

    f36b68a78fa072cdf9e712a63baa152cb9fcfdaef36d2dce7c65d9d5d3fb748c957439357156f72ce885ae0cd4cb2ca60c71c6d1f85f2c69043336e17ae48933

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_93E8F0A6DF0B1F1414474691911362FC
    Filesize

    727B

    MD5

    ff4bea733300a11e3e608f049fe3d1be

    SHA1

    f30f2cb00f0c4f42ce560aba80fe896bfb410e31

    SHA256

    4aa049e2d89cd8ba71f721f30482b808cf1045c40eae743df2c3bc56ecc252db

    SHA512

    aaa1d2c698e26fa077952d4ce6899dd80cab612bfd41947e2e778742c5dc0e63f197f8be5f5834072e8f675922f9e642a8126e89b59b5cb566f13b39322845aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
    Filesize

    727B

    MD5

    cce892547d8f789a6499edb004830647

    SHA1

    0a9922ae4a61e969add17ed20020047781c34d71

    SHA256

    51b4d2f5fb0e185f3aee601c4d0d47073803d188856885d6ade3ad70595278ed

    SHA512

    f63cb605c9054198f7b267826dcb393b2c9f18b3d35113c1c3d844f42db1e1d5e1d121b728d0e48548207e3dc232c2a8f669a10f42bda2961477247db69859ac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
    Filesize

    400B

    MD5

    f10b2ec01ff1f8fc1dcdb56da5918e97

    SHA1

    39de4ffd1ddd4fadfc106ef8ef670dab6a325d8b

    SHA256

    4211d7fe4f70aa19519c744be68715cfbec18c3323f97a7b7b92cdb47ea6d1be

    SHA512

    3007ee49ac4e28dd37f8ebf849e4a338ca1867af1bb9c2ec5a4f1de0ecdd746bee00414d613d1773f250afe1efc8a7ea1a490db6d8960bd2b88791458071b9f4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_93E8F0A6DF0B1F1414474691911362FC
    Filesize

    412B

    MD5

    906a6fcb5e25b2310488b1a2fb9f3505

    SHA1

    17b68206891aef0efdcc7d1e09326fd8c63b41a1

    SHA256

    215d8aaa0bd053144f17e8a9c96eae8986d5e10152e47b701ada94b3cdd8a304

    SHA512

    ad8410c1182ee405491cd9ee1e9e0a809fefb0bc30b47f01543db9f7eae2210ffd77a0d27e3dbda3758dece8a61662ea3ad055e178102ea3fc681e9971723c25

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    41a96135bfe5e76c6614048589775e1f

    SHA1

    541b82e555dfb6a22a55fb99d2438c2877865d3c

    SHA256

    f62c8482b19ac7e7b0cb5385edbede15c4c833e52a17f9789c7daed26f095858

    SHA512

    d0e43e8effc17bf702ac09fcaf30a1ef5100a58d1d6f7e6a8549786b616a6adb8acef038073440ff0ef512d377baf286a9d321347aa8321d51cabb28b7d6cb3e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
    Filesize

    412B

    MD5

    59c8f6dd141f05531a5bc9b750c78fcd

    SHA1

    aa05bf875b4920ef4fa2132a5967b940904134b3

    SHA256

    704d60419afd9d1ed433e748c9e34493782af3a948512cf4bcdfbd07d0379ff9

    SHA512

    f5c8015e90b637602fd434b088f359b72b61275c98cb09849fa652b0f635cfc9672b2f3bf750a0e153381e9172cfb11987b2245f3c5966719e5986072aab3a31

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE208.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarEB4E.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\Installer\MSI1641.tmp
    Filesize

    509KB

    MD5

    88d29734f37bdcffd202eafcdd082f9d

    SHA1

    823b40d05a1cab06b857ed87451bf683fdd56a5e

    SHA256

    87c97269e2b68898be87b884cd6a21880e6f15336b1194713e12a2db45f1dccf

    SHA512

    1343ed80dccf0fa4e7ae837b68926619d734bc52785b586a4f4102d205497d2715f951d9acacc8c3e5434a94837820493173040dc90fb7339a34b6f3ef0288d0

    Download Submit

  • C:\Windows\Installer\MSI1A28.tmp-\CustomAction.config
    Filesize

    1KB

    MD5

    bc17e956cde8dd5425f2b2a68ed919f8

    SHA1

    5e3736331e9e2f6bf851e3355f31006ccd8caa99

    SHA256

    e4ff538599c2d8e898d7f90ccf74081192d5afa8040e6b6c180f3aa0f46ad2c5

    SHA512

    02090daf1d5226b33edaae80263431a7a5b35a2ece97f74f494cc138002211e71498d42c260395ed40aee8e4a40474b395690b8b24e4aee19f0231da7377a940

    Download Submit

  • C:\Windows\Installer\MSI66C5.tmp
    Filesize

    211KB

    MD5

    a3ae5d86ecf38db9427359ea37a5f646

    SHA1

    eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

    SHA256

    c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

    SHA512

    96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

    Download Submit

  • C:\Windows\Installer\f7715b2.msi
    Filesize

    2.9MB

    MD5

    e8b1181705de08e000d887191f399a06

    SHA1

    1b9db77f4cc5d42bcab04cf6af2ca2069b7754e8

    SHA256

    a6b86df4bdf042ad8fd4b5662d93b0359bb3e2f747081f7ca31408d5d9e4bda7

    SHA512

    4f9901b316554d92a1f1d3e79ad860207ff36d226f09d780e89e1104f4b74e4fce6d452e963ff4a75f2c52216f0ab08a828caa2e016e7cae221ce0706ebde82c

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f59ba4dc742cbff2882a4354f4c66a9e

    SHA1

    1aca9c968a4a9069bdd29bb1d5af534adcef1430

    SHA256

    885a32a5bafc6b8e5cac93d85e34bb334ecee5d02aa15d048c8cb49f9e01b13f

    SHA512

    bdd370d01ccd7db1928af1aa92eb7047c26b87e15730c6837a873d58ffec805f5d132ae2acfb478b760da818690846b64413d4a85e9d4139f644a6630310a33b

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7e8e182588348cd20e241f848da06d4f

    SHA1

    35ab0bbf54987202f7402d949f62b9d1a7886fdd

    SHA256

    c6b40a743e3f706467fd574ff10bf8feaf97772ac8b426223b01be28234c92a2

    SHA512

    c114e90067fe3405a7d250ded3b9f457da89a7d76569f81f5a3921e4168edd3799be00ea48649548ae4839264506f6c61a7e72592b009eaf46d8d297b6aa8e33

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2ad33640df629e3e6a8f5465658642b7

    SHA1

    443375dc513247b88fff473ea687c23cbf63de1f

    SHA256

    8d16358e3b4cc91b57ad3861b628e55882e6afcd418e9a805e9f979f0ba059b4

    SHA512

    4613df4e8b9a4ee77af3764ee1446f877dff600df1dbfd5b993277b77af9ff468c0f19dd97e73f2606c8a0b93765613a3d9029b23f95aa44bd34a92a15a5b6fe

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a1e059b29c2cb065344db001bebf962d

    SHA1

    dbb036169b544d50adc818b680f1db0010aeda26

    SHA256

    d546cd7fd0a24b2cae23763cdb9dc391238da9772729f9baf439d68c716c5e1f

    SHA512

    f0aaee7c1b4635a86f79395bddc19e955a76226e1047536e05df1b3dc98be20b6c777b721dc46d612329ce124b1ff7b35dfdf57aead208cc15f8a51b5079fdda

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4725024479334916c2c9423b988d9eca

    SHA1

    c71676bab71656ccb63d815ef7d0ab7c3b79327f

    SHA256

    507519c41d2548d0332d8605078f84cc5ec879fe0a3c05bcff0a5816f8e079a3

    SHA512

    c1322ce5acabc880173e85a2498775e6190a7aee50e6aa31b97db63cd466dfa9c7aceb4f27c53d80977259785dacb7667ca7c0ac36b9b1be1f977882c531342c

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dc8e083686b81dd307d80af63ec21c68

    SHA1

    29bce2155e27a337a3a94a0baff3b73446c4379a

    SHA256

    42b75d49962b16af936d7d2998f257112b8641b02a399f26fbff24b6f5c18fcc

    SHA512

    66434cf5385f227dc178d8874cebd8ceab75f26247c7e84ed4ef2ef2298391815a58a00fc2177cad1e82c9d3059e457c7e07c31a6318d812ae63152c2d365076

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ba52835a784117974105daf61c90fc8d

    SHA1

    75be3477acd097d0e9a795cf94e0fcd26706962b

    SHA256

    8eb2846d165141d63426548149c09bd375cec3e5c9aadf858247b7707f8482ac

    SHA512

    20e0d38b2dd4449aedd5487a464d1722c3bdcebaa81d1558804499e9289c6d5eee664ac339322e8117c9d7d8117465fa81c27116376e89614805daad13de7d60

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9a6fa8b747b2515b8bee11291ed07a76

    SHA1

    1ff2cdea5f41f22790a33415f5e567a503ee71fa

    SHA256

    dbbcbe555aa43c06410ef2cd306a609958355fea20347cb46a6e168cc89c4e38

    SHA512

    5c8d3d8d37d3831cef8877303d6be1c65dd3e1c015a4a400bee59d25c6682a83ce1a1171c8006b5205f35afbb309a4a725b2d3b76b50aaad6ce28abcc261033d

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    409b220ae9ca06479f9d8fd82ea6aa69

    SHA1

    d88065e86778d1418ff883418cf56cbebb57ed6b

    SHA256

    5233b17f12d0f838809212d047b5e6b28a865291503e7ee2e3e75f6f458365b9

    SHA512

    49f81e7f43c45acc29d6afad8aa4bc49e52fb2c0f410e0fdedacb342f795c2ae3879e217b3aafe3d3c4f789385d93aed31168488b551eb61206d52f7d0d9c212

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    95ca44c9c7df74f0838f0586716c971a

    SHA1

    39258cab09176e79eb58e743350c735ffd0dce83

    SHA256

    22ff42ba23e739b9ba4a2447e0bbd80095daab24a3d72cd4cc8e172d2b403c26

    SHA512

    2f9b431bdd08766096fc1b5fe346c473690f5d6b2276a5e6dcf53867ce894f1e4d9744762c3698efe4470d5e43dd712eb9752b4f6f8d9b27f7c49a0290fa467c

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2ad23e37a0cbcd227a8d949704ca4da4

    SHA1

    9b2c721b1d59f83dec136ffdfc8f2113d442a806

    SHA256

    98794f50312f817dc0852a2832b1a303887072242112175a0b734dba0d42a591

    SHA512

    d2e55a6616230020d827ff4a8c23668cc83bcbc366544ad8764ae723a7e9653e42d80c04e150c56b679bf9205f535f6a469b0fc2f82f27d8bf45eac39eb1d4fe

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4288ca80b5084e39480d3920ae42009b

    SHA1

    9d7f251dd6d041479888c0641bbb2c94cfc32010

    SHA256

    c6f84b3d61a56c8807c9ab77706ce8a935306135821bca84dddc93de30b07b02

    SHA512

    01c03fcd6cc3758064f3072ee758c8b9f08c7a724f915ced8618024d6b182599aca9e791e5c787980bae7998dc6e85f38c75626c63f7a63733898d2161ddd829

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    265b133b3793c93ac1a359a53e0283c6

    SHA1

    fbc55ef0825eee70734fb12d8c0cc6c1f045d35c

    SHA256

    2a2839d6b797ea9514adcf9cb953b2046849f32eee032526fee62a403eeb391b

    SHA512

    61f926c190886ff115b7e169d09887a021dd380a36c7ae6d218fe837ce9c20d5ac153d4cb9a7f18eba752d12ce221e5d175dc08cb6da76f6f63b454d832ada35

    Download Submit

  • C:\Windows\Temp\Cab843D.tmp
    Filesize

    29KB

    MD5

    d59a6b36c5a94916241a3ead50222b6f

    SHA1

    e274e9486d318c383bc4b9812844ba56f0cff3c6

    SHA256

    a38d01d3f024e626d579cf052ac3bd4260bb00c34bc6085977a5f4135ab09b53

    SHA512

    17012307955fef045e7c13bf0613bd40df27c29778ba6572640b76c18d379e02dc478e855c9276737363d0ad09b9a94f2adaa85da9c77ebb3c2d427aa68e2489

    Download Submit

  • C:\Windows\Temp\Tar846F.tmp
    Filesize

    81KB

    MD5

    b13f51572f55a2d31ed9f266d581e9ea

    SHA1

    7eef3111b878e159e520f34410ad87adecf0ca92

    SHA256

    725980edc240c928bec5a5f743fdabeee1692144da7091cf836dc7d0997cef15

    SHA512

    f437202723b2817f2fef64b53d4eb67f782bdc61884c0c1890b46deca7ca63313ee2ad093428481f94edfcecd9c77da6e72b604998f7d551af959dbd6915809c

    Download Submit

  • \Windows\Installer\MSI1641.tmp-\AlphaControlAgentInstallation.dll
    Filesize

    25KB

    MD5

    aa1b9c5c685173fad2dabebeb3171f01

    SHA1

    ed756b1760e563ce888276ff248c734b7dd851fb

    SHA256

    e44a6582cd3f84f4255d3c230e0a2c284e0cffa0ca5e62e4d749e089555494c7

    SHA512

    d3bfb4bd7e7fdb7159fbfc14056067c813ce52cdd91e885bdaac36820b5385fb70077bf58ec434d31a5a48245eb62b6794794618c73fe7953f79a4fc26592334

    Download Submit

  • \Windows\Installer\MSI1641.tmp-\Microsoft.Deployment.WindowsInstaller.dll
    Filesize

    179KB

    MD5

    1a5caea6734fdd07caa514c3f3fb75da

    SHA1

    f070ac0d91bd337d7952abd1ddf19a737b94510c

    SHA256

    cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

    SHA512

    a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

    Download Submit

  • \Windows\Installer\MSI1A28.tmp-\Newtonsoft.Json.dll
    Filesize

    695KB

    MD5

    715a1fbee4665e99e859eda667fe8034

    SHA1

    e13c6e4210043c4976dcdc447ea2b32854f70cc6

    SHA256

    c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

    SHA512

    bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

    Download Submit

  • memory/296-215-0x000000001AE70000-0x000000001AF08000-memory.dmp

    Filesize

    608KB

    Download

  • memory/296-203-0x0000000000E00000-0x0000000000E28000-memory.dmp

    Filesize

    160KB

    Download

  • memory/1228-76-0x0000000001FC0000-0x0000000001FCC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1228-72-0x0000000000520000-0x000000000054E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1304-283-0x0000000004850000-0x0000000004902000-memory.dmp

    Filesize

    712KB

    Download

  • memory/1304-279-0x00000000004E0000-0x00000000004EC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1304-275-0x0000000000330000-0x000000000035E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2160-105-0x00000000003D0000-0x00000000003DC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2160-101-0x0000000000350000-0x000000000037E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2160-109-0x0000000004C90000-0x0000000004D42000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2236-2086-0x00000000012D0000-0x0000000001312000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2236-2088-0x00000000003C0000-0x0000000000470000-memory.dmp

    Filesize

    704KB

    Download

  • memory/2236-2089-0x0000000000170000-0x000000000018C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/2464-266-0x0000000019450000-0x0000000019502000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2464-1928-0x0000000019E90000-0x0000000019EC8000-memory.dmp

    Filesize

    224KB

    Download