Windows Analysis Report
2cFFfHDG7D.msi

Overview

General Information

Sample name:	2cFFfHDG7D.msi renamed because original name is a hash value
Original sample name:	af6d4ffcaf5d3dab814d16429cb76754.msi
Analysis ID:	1467118
MD5:	af6d4ffcaf5d3dab814d16429cb76754
SHA1:	04224ab9da82d078d5b9e48589c56e9bde707fcf
SHA256:	55af6a90ac8863f27b3fcaa416a0f1e4ff02fb42aa46a7274c6b76aa000aacc2
Tags:	msiMuddyWaterTA450
Infos:

Detection

AteraAgent

Score:	88
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Yara detected AteraAgent

AI detected suspicious sample

Creates files in the system32 config directory

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Reads the Security eventlog

Reads the System eventlog

Yara detected Generic Downloader

Adds / modifies Windows certificates

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks for available system drives (often done to infect USB drives)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates or modifies windows services

Deletes files inside the Windows folder

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Drops certificate files (DER)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found inlined nop instructions (likely shell or obfuscated code)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains an invalid checksum

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Stores large binary data to the registry

Uses code obfuscation techniques (call, push, ret)

Uses net.exe to stop services

Uses taskkill to terminate processes

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Signatures

AV Detection

Multi AV Scanner detection for dropped file

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

ReversingLabs: Detection: 18%

Multi AV Scanner detection for submitted file

Source: 2cFFfHDG7D.msi

ReversingLabs: Detection: 23%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 98.0% probability

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\InstallUtil.InstallLog			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog			Jump to behavior

Source: unknown	HTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.165.136.99:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49779 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49781 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49790 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49797 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49798 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49809 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49813 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49816 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49821 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49820 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49823 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49837 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49838 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49842 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49848 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49849 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49857 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49857 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49863 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49869 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49871 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49877 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49879 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49889 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49890 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49892 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49893 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49902 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49903 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49922 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49924 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49931 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49930 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49932 version: TLS 1.2

Source:	Binary string: D:\a\1\s\AgentPackageAgentInformation\AgentPackageAgentInformation\obj\Release\AgentPackageAgentInformation.pdb source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000000.1915534412.00000169F6682000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: D:\a\1\s\AlphaControlAgentInstallation\obj\Release\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.16.dr, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.3.dr, AlphaControlAgentInstallation.dll.4.dr
Source:	Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: AgentPackageAgentInformation.exe, 00000015.00000002.1939963150.0000024C1D90A000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.13.dr
Source:	Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb source: AteraAgent.exe, 0000000C.00000000.1773587469.000001E1B60C2000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe.1.dr
Source:	Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb<$ source: AteraAgent.exe, 0000000C.00000000.1773587469.000001E1B60C2000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe.1.dr
Source:	Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2965349590.00000217FBE22000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1939963150.0000024C1D90A000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.13.dr
Source:	Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdb source: AgentPackageAgentInformation.exe, 00000015.00000002.1938695669.0000024C04F52000.00000002.00000001.01000000.00000018.sdmp, Atera.AgentPackage.Common.dll.13.dr
Source:	Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdb source: System.ValueTuple.dll.1.dr
Source:	Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdbSHA256 source: System.ValueTuple.dll.1.dr
Source:	Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdbSHA256 source: AteraAgent.exe, 0000000C.00000002.1814443901.000001E1D0672000.00000002.00000001.01000000.00000011.sdmp, Pubnub.dll.1.dr
Source:	Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdb source: AteraAgent.exe, 0000000C.00000002.1814443901.000001E1D0672000.00000002.00000001.01000000.00000011.sdmp, AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp, Pubnub.dll.1.dr
Source:	Binary string: C:\agent\_work\66\s\build\ship\x86\SfxCA.pdb source: 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, 56f4b0.msi.1.dr, MSID78.tmp.1.dr, MSI27EA.tmp.1.dr, MSIF924.tmp.1.dr, MSIF644.tmp.1.dr
Source:	Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, MSIFFB.tmp.1.dr
Source:	Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdbSHA256mW source: AteraAgent.exe, 0000000D.00000002.2968940245.00000217FC4B2000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.1.dr
Source:	Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdb source: AteraAgent.exe, 0000000D.00000002.2968940245.00000217FC4B2000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.1.dr
Source:	Binary string: BouncyCastle.Crypto.pdb source: BouncyCastle.Crypto.dll.1.dr
Source:	Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA2567 source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2965349590.00000217FBE22000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr
Source:	Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: rundll32.exe, 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr
Source:	Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdbPf source: AgentPackageAgentInformation.exe, 00000015.00000002.1938695669.0000024C04F52000.00000002.00000001.01000000.00000018.sdmp, Atera.AgentPackage.Common.dll.13.dr
Source:	Binary string: BouncyCastle.Crypto.pdbSHA256 source: BouncyCastle.Crypto.dll.1.dr
Source:	Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: rundll32.exe, 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr

Checks for available system drives (often done to infect USB drives)

Source: C:\Windows\System32\msiexec.exe	File opened: z:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: x:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: v:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: t:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: r:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: p:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: n:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: l:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: j:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: h:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: f:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: b:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: y:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: w:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: u:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: s:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: q:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: o:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: m:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: k:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: i:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: g:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: e:	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File opened: c:
Source: C:\Windows\System32\msiexec.exe	File opened: a:	Jump to behavior

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FFD9B411A44h	12_2_00007FFD9B411895
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FFD9B411FFFh	12_2_00007FFD9B411895
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FFD9B411FFFh	12_2_00007FFD9B411EB6
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FFD9B411FFFh	12_2_00007FFD9B411EA1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FFD9B411FFFh	12_2_00007FFD9B411E7E
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FFD9B411873h	12_2_00007FFD9B410C89
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FFD9B41227Bh	12_2_00007FFD9B410C89
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FFD9B404ECBh	13_2_00007FFD9B404E5C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FFD9B62680Eh	13_2_00007FFD9B626755
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FFD9B626CECh	13_2_00007FFD9B626922
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then dec eax	13_2_00007FFD9B626663
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FFD9B6265F3h	13_2_00007FFD9B6265DD

Networking

Yara detected Generic Downloader

Source: Yara match	File source: 20.0.AgentPackageAgentInformation.exe.169f6680000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, type: DROPPED

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=4268a400-66a4-4a60-8ada-3d40a293c400&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=0eb26796-307c-4e44-aa88-dac711ca4da1&tt=0&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ceac7b8a-d06f-46f6-b40d-723d7f8ecc6e&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=3223849c-8c48-4b98-a40e-e3dd7f3726a2&tr=43&tt=17200236621884071&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /agentpackagesnet45/AgentPackageAgentInformation/36.7/AgentPackageAgentInformation.zip?yxq+fCr1/sCV4kS8o/HVmHx/dgGVV270VK3QOQFoBjo5F8FfGf1KSAqUEXmoaJqt HTTP/1.1Host: ps.atera.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=8a73a0d7-bb19-4916-959c-ca27c4baf748&tr=43&tt=17200236642292064&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=22cf76d8-ac1d-4e8c-a645-ddf02c4a5363&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=357c8023-d06f-43c6-af75-ff9276fa6312&tr=43&tt=17200236682775915&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6108e17e-e70c-47ee-93a9-dff9a3c5dc87&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=272b312b-8cbb-4ed4-bd82-1f2dd3cf8d11&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=02fdafa7-0cbf-4d21-9e7c-2644b1b8a69d&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=01817154-5258-48a3-85c0-e83f589a219b&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=644afada-5df7-4de5-b444-b1d3402ba380&tr=43&tt=17200237221481014&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6e72782c-04f9-4b3f-b04c-e2bcfd8dec88&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=40aa23c2-5df2-4df3-a659-4fa85cdec74a&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=8c864d9a-ab98-41ba-aa3b-cc8bfbb46040&tt=0&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=fc3fa390-dd57-497e-a9ea-94acf3fd13aa&tr=43&tt=17200237287764896&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=28c02dc8-fc10-46f4-9892-4dca60ee91e7&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=31d30483-1276-494b-8626-3e162b57285f&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=dbb4b35f-5f78-4ab4-bdd1-d6b922caff40&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=23953f87-3c94-4d9a-b977-4822589fc3f4&tt=0&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9d6606e1-8f57-49c5-9ab0-2ca887e76ed8&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e3c1bb87-134a-4b79-9350-4fcf40025dd1&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=5284cc2c-6255-40ac-a5e3-fbd09bfcbf48&tr=41&tt=17200237441191360&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=c089a5f6-aacc-464d-ba59-69fd86253ba9&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=be598775-daec-44be-852d-698fb405c4ff&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e6094e12-9fa8-4d26-aa06-4e8fb7a4009c&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=3da9111c-aaa7-4e08-ba06-01a1cd672c2b&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ad2ddba0-edbb-429e-9340-5807bd34a581&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=1408e3ed-857e-4623-a748-09006bf71303&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8ca60d9f-75c2-4d80-a8a7-b05f671b9e42&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=04b28964-6ef0-4a42-97e9-de0d1f8969f6&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=59ddd6fa-ec59-4c28-92e6-b21af451dd77&tt=0&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=24efe0cb-37e4-4030-8040-96cc03619cbf&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=712442ef-230d-4277-b641-1839d4d8d808&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9adb2664-b18c-43f3-856f-5709e73f6369&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=f70c64fb-bd8c-4b68-8d78-3a86a80f0fd6&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=139b731a-b591-4698-bfee-48cc028559cd&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=800f1992-a163-4e95-be3a-8d7dd58c0f05&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=01dd44b0-5151-4864-a34b-b47d9fe01029&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=eacad4ff-a252-4743-af8e-8338583503dc&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=49462288-5478-4372-9693-b47681abf7af&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d8ba7937-4d26-44cf-99ef-80b433702404&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e8b5af52-42a9-47e1-bdc7-0d69fb53c145&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8a35289a-c57c-4499-bfaf-3530f6d376e0&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=c2080080-bc76-4491-ab59-0a0eabfe07a8&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0f6a6f9e-92dd-416b-bb7d-5bf345e8ea10&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=b4930227-1a65-4e53-bbd5-48fb14f079bb&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=580032ce-f9f4-4e21-acd4-6e1ccc580200&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d20451e7-16e9-46dc-ae34-697bd2a310ef&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=7232c231-fbd8-40c5-9fd4-a6b3ac2c95bc&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6d71671f-ff3a-4b21-bbc6-dec364cbbb66&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ccd8b767-ce84-425a-a6fc-e1d295ece179&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=12b69830-20e9-4eb2-bbe8-e1a13e0b11f8&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 35.157.63.229 35.157.63.229

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=4268a400-66a4-4a60-8ada-3d40a293c400&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=0eb26796-307c-4e44-aa88-dac711ca4da1&tt=0&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ceac7b8a-d06f-46f6-b40d-723d7f8ecc6e&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=3223849c-8c48-4b98-a40e-e3dd7f3726a2&tr=43&tt=17200236621884071&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /agentpackagesnet45/AgentPackageAgentInformation/36.7/AgentPackageAgentInformation.zip?yxq+fCr1/sCV4kS8o/HVmHx/dgGVV270VK3QOQFoBjo5F8FfGf1KSAqUEXmoaJqt HTTP/1.1Host: ps.atera.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=8a73a0d7-bb19-4916-959c-ca27c4baf748&tr=43&tt=17200236642292064&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=22cf76d8-ac1d-4e8c-a645-ddf02c4a5363&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=357c8023-d06f-43c6-af75-ff9276fa6312&tr=43&tt=17200236682775915&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6108e17e-e70c-47ee-93a9-dff9a3c5dc87&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=272b312b-8cbb-4ed4-bd82-1f2dd3cf8d11&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=02fdafa7-0cbf-4d21-9e7c-2644b1b8a69d&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=01817154-5258-48a3-85c0-e83f589a219b&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=644afada-5df7-4de5-b444-b1d3402ba380&tr=43&tt=17200237221481014&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6e72782c-04f9-4b3f-b04c-e2bcfd8dec88&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=40aa23c2-5df2-4df3-a659-4fa85cdec74a&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=8c864d9a-ab98-41ba-aa3b-cc8bfbb46040&tt=0&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=fc3fa390-dd57-497e-a9ea-94acf3fd13aa&tr=43&tt=17200237287764896&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=28c02dc8-fc10-46f4-9892-4dca60ee91e7&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=31d30483-1276-494b-8626-3e162b57285f&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=dbb4b35f-5f78-4ab4-bdd1-d6b922caff40&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=23953f87-3c94-4d9a-b977-4822589fc3f4&tt=0&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9d6606e1-8f57-49c5-9ab0-2ca887e76ed8&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e3c1bb87-134a-4b79-9350-4fcf40025dd1&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=5284cc2c-6255-40ac-a5e3-fbd09bfcbf48&tr=41&tt=17200237441191360&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=c089a5f6-aacc-464d-ba59-69fd86253ba9&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=be598775-daec-44be-852d-698fb405c4ff&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e6094e12-9fa8-4d26-aa06-4e8fb7a4009c&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=3da9111c-aaa7-4e08-ba06-01a1cd672c2b&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ad2ddba0-edbb-429e-9340-5807bd34a581&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=1408e3ed-857e-4623-a748-09006bf71303&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8ca60d9f-75c2-4d80-a8a7-b05f671b9e42&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=04b28964-6ef0-4a42-97e9-de0d1f8969f6&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=59ddd6fa-ec59-4c28-92e6-b21af451dd77&tt=0&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=24efe0cb-37e4-4030-8040-96cc03619cbf&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=712442ef-230d-4277-b641-1839d4d8d808&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9adb2664-b18c-43f3-856f-5709e73f6369&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=f70c64fb-bd8c-4b68-8d78-3a86a80f0fd6&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=139b731a-b591-4698-bfee-48cc028559cd&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=800f1992-a163-4e95-be3a-8d7dd58c0f05&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=01dd44b0-5151-4864-a34b-b47d9fe01029&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=eacad4ff-a252-4743-af8e-8338583503dc&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=49462288-5478-4372-9693-b47681abf7af&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d8ba7937-4d26-44cf-99ef-80b433702404&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e8b5af52-42a9-47e1-bdc7-0d69fb53c145&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8a35289a-c57c-4499-bfaf-3530f6d376e0&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=c2080080-bc76-4491-ab59-0a0eabfe07a8&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0f6a6f9e-92dd-416b-bb7d-5bf345e8ea10&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=b4930227-1a65-4e53-bbd5-48fb14f079bb&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=580032ce-f9f4-4e21-acd4-6e1ccc580200&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d20451e7-16e9-46dc-ae34-697bd2a310ef&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=7232c231-fbd8-40c5-9fd4-a6b3ac2c95bc&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6d71671f-ff3a-4b21-bbc6-dec364cbbb66&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ccd8b767-ce84-425a-a6fc-e1d295ece179&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=12b69830-20e9-4eb2-bbe8-e1a13e0b11f8&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com

Source: global traffic	DNS traffic detected: DNS query: agent-api.atera.com
Source: global traffic	DNS traffic detected: DNS query: ps.pndsn.com
Source: global traffic	DNS traffic detected: DNS query: ps.atera.com

Source: AteraAgent.exe, 0000000C.00000000.1773587469.000001E1B60C2000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780001000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe.1.dr	String found in binary or memory: http://acontrol.atera.com/
Source: rundll32.exe, 00000004.00000002.1748246531.0000000004C85000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780682000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780692000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217809A0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217808CD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.000002178094C000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.0000000004405000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.1937782713.000001698012F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1938810865.0000024C0510F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2483470135.000002429720F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2548929719.000001CE0064F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.2567708299.000002388012F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.2720357078.000001CA9077F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.2819989598.0000019DB653F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.2925775178.00000213E437F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://agent-api.atera.com
Source: rundll32.exe, 00000004.00000002.1748246531.0000000004C85000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780682000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217809A0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217808CD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.000002178094C000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.0000000004405000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.1937782713.000001698012F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1938810865.0000024C0510F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2483470135.000002429720F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2548929719.000001CE0064F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.2567708299.000002388012F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.2720357078.000001CA9077F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.2819989598.0000019DB653F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.2925775178.00000213E437F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://atera-agent-api-eu.westeurope.cloudapp.azure.com
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2967800760.00000217FC18E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, ICSharpCode.SharpZipLib.dll.1.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, 56f4b0.msi.1.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.13.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, Newtonsoft.Json.dll.13.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertCSRSA4096RootG5.crt0E
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780422000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt
Source: AteraAgent.exe, 0000000C.00000002.1814741521.000001E1D084B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1814741521.000001E1D087A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812098404.000001E1B7ED9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2969217705.00000217FC602000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, ICSharpCode.SharpZipLib.dll.1.dr, AteraAgent.exe.1.dr, 56f4b0.msi.1.dr, Atera.AgentPackage.Common.dll.13.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, Newtonsoft.Json.dll.13.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, ICSharpCode.SharpZipLib.dll.1.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, 56f4b0.msi.1.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.13.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, Newtonsoft.Json.dll.13.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: F2E248BEDDBB2D85122423C41028BFD40.13.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.1941466735.00000169F78AB000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1941843551.0000024C1D987000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2484656312.00000242AF97D000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2551673351.000001CE7F548000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2550356997.000001CE18D95000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2550356997.000001CE18D54000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.2579606173.00000238EB4A2000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.2579606173.00000238EB48C000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.2722001142.000001CAA8F22000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.2822736956.0000019DCEB66000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.2928905254.00000213FC910000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.2928905254.00000213FC98A000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.dr	String found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr	String found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA2.crt0
Source: AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D0573000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/
Source: AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D0573000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/$
Source: AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2967800760.00000217FC18E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, ICSharpCode.SharpZipLib.dll.1.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, 56f4b0.msi.1.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.13.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, Newtonsoft.Json.dll.13.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertCSRSA4096RootG5.crl0
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0AF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2967800760.00000217FC18E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp, 1A374813EDB1A6631387E414D3E732320.13.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
Source: AteraAgent.exe, 0000000C.00000002.1814741521.000001E1D084B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1814741521.000001E1D087A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812098404.000001E1B7ED9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780422000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2969217705.00000217FC602000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, ICSharpCode.SharpZipLib.dll.1.dr, AteraAgent.exe.1.dr, 56f4b0.msi.1.dr, Atera.AgentPackage.Common.dll.13.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, Newtonsoft.Json.dll.13.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D0540000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl_D
Source: AteraAgent.exe, 0000000C.00000002.1814741521.000001E1D084B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlhttp://crl4.digicert.co
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, ICSharpCode.SharpZipLib.dll.1.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, 56f4b0.msi.1.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.13.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, Newtonsoft.Json.dll.13.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp, BA74182F76F15A9CF514DEF352303C950.13.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl
Source: Newtonsoft.Json.dll.13.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crlL
Source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crlU/-
Source: AteraAgent.exe, 0000000C.00000002.1814741521.000001E1D083D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crlUQ
Source: AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D0573000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crll
Source: AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl~
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.dr	String found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr	String found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0F
Source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/eSig
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: AteraAgent.exe, 0000000C.00000002.1813166524.000001E1D05BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com:80/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
Source: AteraAgent.exe, 0000000C.00000002.1813166524.000001E1D05BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com:80/DigiCertTrustedRootG4.crlLow
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2967800760.00000217FC18E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp, 329B6147266C1E26CD774EA22B79EC2E0.13.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
Source: AteraAgent.exe, 0000000C.00000002.1814741521.000001E1D084B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1814741521.000001E1D087A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812098404.000001E1B7ED9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2969217705.00000217FC602000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, ICSharpCode.SharpZipLib.dll.1.dr, AteraAgent.exe.1.dr, 56f4b0.msi.1.dr, Atera.AgentPackage.Common.dll.13.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, Newtonsoft.Json.dll.13.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780422000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl8
Source: AteraAgent.exe, 0000000D.00000002.2967800760.00000217FC18E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlH
Source: AteraAgent.exe, 0000000C.00000002.1813166524.000001E1D05BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlN
Source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlT
Source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlh
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.dr	String found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr	String found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0=
Source: AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D0573000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/l
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: AteraAgent.exe, 0000000C.00000002.1813166524.000001E1D05BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com:80/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl7
Source: 57C8EDB95DF3F0AD4EE2DC2B8CFD4157.12.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
Source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en0w
Source: AgentPackageAgentInformation.exe, 00000014.00000000.1915534412.00000169F6682000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: http://dl.google.com/googletalk/googletalk-setup.exe
Source: Newtonsoft.Json.dll.13.dr	String found in binary or memory: http://james.newtonking.com/projects/json
Source: AgentPackageAgentInformation.exe, 0000001F.00000002.2722001142.000001CAA8F84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://microsoft.co$
Source: AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.c
Source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com
Source: AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com/
Source: AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp, 8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A9440.12.dr	String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rh
Source: 698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB0.12.dr	String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxL
Source: AteraAgent.exe, 0000000D.00000002.2961466558.00000217FAC24000.00000004.00000020.00020000.00000000.sdmp, C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F1410.13.dr	String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxX
Source: AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com/l
Source: AteraAgent.exe, 0000000C.00000002.1814741521.000001E1D084B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1814741521.000001E1D087A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812098404.000001E1B7ED9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780422000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2969217705.00000217FC602000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, ICSharpCode.SharpZipLib.dll.1.dr, AteraAgent.exe.1.dr, 56f4b0.msi.1.dr, Atera.AgentPackage.Common.dll.13.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, Newtonsoft.Json.dll.13.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.1941466735.00000169F78AB000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1941843551.0000024C1D987000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2484656312.00000242AF97D000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2551673351.000001CE7F548000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2550356997.000001CE18D95000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2550356997.000001CE18D54000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.2579606173.00000238EB4A2000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.2579606173.00000238EB48C000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.2722001142.000001CAA8F22000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.2822736956.0000019DCEB66000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.2928905254.00000213FC910000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.2928905254.00000213FC98A000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2967800760.00000217FC18E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Newtonsoft.Json.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Newtonsoft.Json.dll.16.dr, ICSharpCode.SharpZipLib.dll.1.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.13.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, Pubnub.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.dr	String found in binary or memory: http://ocsp.digicert.com0K
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Newtonsoft.Json.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Newtonsoft.Json.dll.5.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.dr	String found in binary or memory: http://ocsp.digicert.com0O
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, ICSharpCode.SharpZipLib.dll.1.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, 56f4b0.msi.1.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.13.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, Newtonsoft.Json.dll.13.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: AteraAgent.exe, 0000000D.00000002.2968059004.00000217FC22F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRS
Source: AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
Source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC107000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com:80
Source: AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com:80/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF
Source: AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D0540000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBBBE000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC107000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com:80/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7Nfjgt
Source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC107000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com:80Windows
Source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comJ
Source: AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D0540000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertAssuredIDRootCA.crlIE
Source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC107000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.cr
Source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC074000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedRootG4.crl
Source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC074000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedRootG4.crl)
Source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comm
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780908000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217806B0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217809A0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217806DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ps.pndsn.com
Source: AteraAgent.exe, 0000000C.00000002.1812098404.000001E1B7ED9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org
Source: AteraAgent.exe, 0000000C.00000002.1812098404.000001E1B7ED9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/
Source: AteraAgent.exe, 0000000C.00000002.1812098404.000001E1B7ED9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceProcess
Source: AteraAgent.exe, 0000000C.00000002.1812098404.000001E1B7ED9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceProcess0
Source: rundll32.exe, 00000004.00000002.1748246531.0000000004C64000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1748246531.0000000004BC1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780001000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.0000000004341000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.1937782713.0000016980083000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1938810865.0000024C0509F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2483470135.000002429719F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2548929719.000001CE005DF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.2567708299.00000238800BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.2720357078.000001CA9070F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.2819989598.0000019DB64CF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.2925775178.00000213E430F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.dr	String found in binary or memory: http://wixtoolset.org
Source: rundll32.exe, 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr	String found in binary or memory: http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/v
Source: rundll32.exe, 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr	String found in binary or memory: http://wixtoolset.org/news/
Source: rundll32.exe, 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr	String found in binary or memory: http://wixtoolset.org/releases/
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780422000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1814741521.000001E1D084B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1814741521.000001E1D087A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812098404.000001E1B7ED9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, ICSharpCode.SharpZipLib.dll.1.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, 56f4b0.msi.1.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.13.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: AteraAgent.exe, 0000000C.00000002.1812098404.000001E1B7ED9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.w3.o
Source: AteraAgent.exe, 0000000C.00000002.1812098404.000001E1B7ED9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.w3.oh
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217809A0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.000002178094C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217808ED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.P
Source: rundll32.exe, 00000004.00000002.1748246531.0000000004C64000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.00000000043E7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.aterD
Source: rundll32.exe, 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1748246531.0000000004C64000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1748246531.0000000004BC1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780682000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780692000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780001000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.0000000004341000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.1937782713.0000016980083000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1938810865.0000024C0509F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2483470135.000002429719F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2548929719.000001CE005DF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.2567708299.00000238800BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.2720357078.000001CA9070F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.2819989598.0000019DB64CF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.2925775178.00000213E430F000.00000004.00000800.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.16.dr, AlphaControlAgentInstallation.dll.5.dr	String found in binary or memory: https://agent-api.atera.com
Source: rundll32.exe, 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1748246531.0000000004C64000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1748246531.0000000004BC1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.0000000004341000.00000004.00000800.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.16.dr, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.3.dr, AlphaControlAgentInstallation.dll.4.dr	String found in binary or memory: https://agent-api.atera.com/
Source: AgentPackageAgentInformation.exe, 00000014.00000002.1937782713.0000016980083000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1938810865.0000024C0509F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2483470135.000002429719F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2548929719.000001CE005DF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.2567708299.00000238800BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.2720357078.000001CA9070F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.2819989598.0000019DB64CF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.2925775178.00000213E430F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production
Source: rundll32.exe, 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1748246531.0000000004C64000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1748246531.0000000004BC1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.000002178094C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.0000000004341000.00000004.00000800.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.16.dr, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.3.dr, AlphaControlAgentInstallation.dll.4.dr	String found in binary or memory: https://agent-api.atera.com/Production/Agent/
Source: AteraAgent.exe, 0000000D.00000002.2950826484.000002178094C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/Acknowl
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780422000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.000002178094C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780232000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/AcknowledgeCommands
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217808ED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/Age
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780682000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780422000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.000002178008C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780232000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217808ED000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217803F7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/AgentStarting
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217808E4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217808ED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/AgentStarting)
Source: AgentPackageAgentInformation.exe, 00000014.00000002.1937782713.0000016980083000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1938810865.0000024C0509F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2483470135.000002429719F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2548929719.000001CE005DF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.2567708299.00000238800BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.2720357078.000001CA9070F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.2819989598.0000019DB64CF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.2925775178.00000213E430F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/CommandResult
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217809A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetComm
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780232000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommands
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217808E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommands)
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780422000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217809A0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780232000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217806CE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommandsFallback
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780692000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommandsFallback)
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780001000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetEnvironmentStatus
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetRecurringPackages
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetRecurringPackages17-f825-4372-8327-c232f61880c4;
Source: rundll32.exe, 00000004.00000002.1748246531.0000000004C64000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1748246531.0000000004BC1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.0000000004341000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/track-event
Source: rundll32.exe, 00000004.00000002.1748246531.0000000004CA6000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.0000000004426000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/track-event;
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2965349590.00000217FBE22000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1939963150.0000024C1D8F9000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.13.dr	String found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json
Source: System.ValueTuple.dll.1.dr	String found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf
Source: System.ValueTuple.dll.1.dr	String found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf8
Source: AteraAgent.exe, 0000000D.00000002.2968940245.00000217FC4B2000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.1.dr	String found in binary or memory: https://github.com/icsharpcode/SharpZipLib
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780232000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.1/AgentPackageAg
Source: AteraAgent.exe, 0000000D.00000002.2950826484.000002178019D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780066000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.1/AgentPackageAgentIn
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780934000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.Availability/0.16/Agent.Package.Availability.zip
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zip
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.Watchdog/1.5/Agent.Package.Watchdog.zip
Source: AteraAgent.exe, 0000000D.00000002.2950826484.000002178022E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780066000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageAgentInformation/36.7/AgentPackageAgentInformation
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageNetworkDiscovery/13.0/AgentPackageNetworkDiscovery
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageRuntimeInstaller/1.5/AgentPackageRuntimeInstaller.
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageTaskScheduler/13.0/AgentPackageTaskScheduler.zip
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.Availability/0.16/Agent.Package.Availability.z
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zip
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.Watchdog/1.5/Agent.Package.Watchdog.zip
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageADRemote/6.0/AgentPackageADRemote.zip
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/36.7/AgentPackageAgentInformati
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageHeartbeat/17.14/AgentPackageHeartbeat.zip
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageInternalPoller/23.8/AgentPackageInternalPoller.z
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMarketplace/1.4/AgentPackageMarketplace.zip
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMonitoring/36.8/AgentPackageMonitoring.zip
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageNetworkDiscovery/23.9/AgentPackageNetworkDiscove
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageOsUpdates/19.2/AgentPackageOsUpdates.zip
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageProgramManagement/22.9/AgentPackageProgramManage
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageRuntimeInstaller/1.6/AgentPackageRuntimeInstalle
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSTRemote/21.6/AgentPackageSTRemote.zip
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSystemTools/26.6/AgentPackageSystemTools.zip
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageTaskScheduler/17.2/AgentPackageTaskScheduler.zip
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageTicketing/27.5/AgentPackageTicketing.zip
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageUpgradeAgent/26.8/AgentPackageUpgradeAgent.zip
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageWindowsUpdate/24.6/AgentPackageWindowsUpdate.zip
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.Availability/13.0/Agent.Package.Availability.zip
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.IotPoc/13.0/Agent.Package.IotPoc.zip
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.Watchdog/13.0/Agent.Package.Watchdog.zip
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780934000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageAgentI
Source: AteraAgent.exe, 0000000D.00000002.2950826484.000002178022E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780066000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageAgentInformation/22.7/AgentPackageAgentInformation
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageRuntimeInstaller/13.0/AgentPackageRuntimeInstaller
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageTaskScheduler/13.1/AgentPackageTaskScheduler.zip
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217806E4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217809A0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217806D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217806E4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780908000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217806B0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217809A0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.000002178008C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217806DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780232000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=01817154-5258-48a3-85c0-e83f589a219b
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=01dd44b0-5151-4864-a34b-b47d9fe01029
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=24efe0cb-37e4-4030-8040-96cc03619cbf
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780232000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=272b312b-8cbb-4ed4-bd82-1f2dd3cf8d11
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780232000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=28c02dc8-fc10-46f4-9892-4dca60ee91e7
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780232000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=31d30483-1276-494b-8626-3e162b57285f
Source: AteraAgent.exe, 0000000D.00000002.2950826484.000002178008C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=4268a400-66a4-4a60-8ada-3d40a293c400
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780422000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=580032ce-f9f4-4e21-acd4-6e1ccc580200
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6108e17e-e70c-47ee-93a9-dff9a3c5dc87
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217809A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6d71671f-ff3a-4b21-bbc6-dec364cbbb66
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780232000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6e72782c-04f9-4b3f-b04c-e2bcfd8dec88
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8ca60d9f-75c2-4d80-a8a7-b05f671b9e42
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217806E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ccd8b767-ce84-425a-a6fc-e1d295ece179
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e3c1bb87-134a-4b79-9350-4fcf40025dd1
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=f70c64fb-bd8c-4b68-8d78-3a86a80f0fd6
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780998000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217806CE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/v2
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217806B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/v2/presence/sub
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780422000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/v2/presence/sub_key/sub-c
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-H
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217806C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/v2/subscribe/sub-c-a02cec
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a9
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr	String found in binary or memory: https://www.newtonsoft.com/json
Source: Newtonsoft.Json.dll.13.dr	String found in binary or memory: https://www.newtonsoft.com/jsonschema
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2965349590.00000217FBE22000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1939963150.0000024C1D90A000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.13.dr	String found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown	HTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.165.136.99:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49779 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49781 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49790 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49797 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49798 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49809 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49813 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49816 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49821 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49820 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49823 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49837 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49838 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49842 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49848 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49849 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49857 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49857 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49863 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49869 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49871 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49877 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49879 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49889 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49890 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49892 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49893 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49902 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49903 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49922 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49924 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49931 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49930 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49932 version: TLS 1.2

Drops certificate files (DER)

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BA74182F76F15A9CF514DEF352303C95	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB	Jump to dropped file

Spam, unwanted Advertisements and Ransom Demands

Reads the Security eventlog

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\AteraAgent	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\AlphaAgent
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security

Reads the System eventlog

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\AteraAgent	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\AlphaAgent
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System

Creates files inside the system directory

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\56f4ae.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF644.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF924.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSID78.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{E732A0D7-A2F2-4657-AC41-B19742648E45}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF9C.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF9D.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIFFB.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI1116.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\56f4b0.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\56f4b0.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI27EA.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF644.tmp-	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF644.tmp-\AlphaControlAgentInstallation.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF644.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF644.tmp-\Newtonsoft.Json.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF644.tmp-\System.Management.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF644.tmp-\CustomAction.config	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF924.tmp-	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF924.tmp-\AlphaControlAgentInstallation.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF924.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF924.tmp-\Newtonsoft.Json.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF924.tmp-\System.Management.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF924.tmp-\CustomAction.config	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSID78.tmp-	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSID78.tmp-\AlphaControlAgentInstallation.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSID78.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSID78.tmp-\Newtonsoft.Json.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSID78.tmp-\System.Management.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSID78.tmp-\CustomAction.config	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\InstallUtil.InstallLog	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BA74182F76F15A9CF514DEF352303C95
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BA74182F76F15A9CF514DEF352303C95
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1A374813EDB1A6631387E414D3E73232
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1A374813EDB1A6631387E414D3E73232
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\329B6147266C1E26CD774EA22B79EC2E
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\329B6147266C1E26CD774EA22B79EC2E
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI27EA.tmp-
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI27EA.tmp-\AlphaControlAgentInstallation.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI27EA.tmp-\Microsoft.Deployment.WindowsInstaller.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI27EA.tmp-\Newtonsoft.Json.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI27EA.tmp-\System.Management.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI27EA.tmp-\CustomAction.config
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log

Deletes files inside the Windows folder

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\MSIF644.tmp

Jump to behavior

Detected potential crypto function

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_3_06FB7678	4_3_06FB7678
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_3_06FB0040	4_3_06FB0040
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_3_046850B8	5_3_046850B8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_3_046859A8	5_3_046859A8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_3_04684D68	5_3_04684D68
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 12_2_00007FFD9B41C922	12_2_00007FFD9B41C922
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 12_2_00007FFD9B41BB76	12_2_00007FFD9B41BB76
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 12_2_00007FFD9B410C89	12_2_00007FFD9B410C89
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 13_2_00007FFD9B40CFB8	13_2_00007FFD9B40CFB8
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 13_2_00007FFD9B409AF2	13_2_00007FFD9B409AF2
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 13_2_00007FFD9B411CE0	13_2_00007FFD9B411CE0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 13_2_00007FFD9B61E2FA	13_2_00007FFD9B61E2FA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 13_2_00007FFD9B61AC97	13_2_00007FFD9B61AC97
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 13_2_00007FFD9B620CFF	13_2_00007FFD9B620CFF
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 13_2_00007FFD9B6168FB	13_2_00007FFD9B6168FB
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 13_2_00007FFD9B6193FA	13_2_00007FFD9B6193FA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 13_2_00007FFD9B620F02	13_2_00007FFD9B620F02
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 13_2_00007FFD9B620CFF	13_2_00007FFD9B620CFF
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 13_2_00007FFD9B620D73	13_2_00007FFD9B620D73
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 16_3_06820040	16_3_06820040
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 20_2_00007FFD9B42039C	20_2_00007FFD9B42039C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 20_2_00007FFD9B410FF2	20_2_00007FFD9B410FF2
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 20_2_00007FFD9B4076D6	20_2_00007FFD9B4076D6
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 20_2_00007FFD9B408482	20_2_00007FFD9B408482
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 20_2_00007FFD9B410C58	20_2_00007FFD9B410C58
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 20_2_00007FFD9B413BE5	20_2_00007FFD9B413BE5
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 20_2_00007FFD9B410B3A	20_2_00007FFD9B410B3A
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 20_2_00007FFD9B4012FA	20_2_00007FFD9B4012FA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 20_2_00007FFD9B4111D3	20_2_00007FFD9B4111D3
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 20_2_00007FFD9B4111E2	20_2_00007FFD9B4111E2
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 21_2_00007FFD9B43039C	21_2_00007FFD9B43039C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 21_2_00007FFD9B420FF2	21_2_00007FFD9B420FF2
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 21_2_00007FFD9B4176D6	21_2_00007FFD9B4176D6
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 21_2_00007FFD9B418482	21_2_00007FFD9B418482
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 21_2_00007FFD9B41BC20	21_2_00007FFD9B41BC20
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 21_2_00007FFD9B420C58	21_2_00007FFD9B420C58
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 21_2_00007FFD9B420B3A	21_2_00007FFD9B420B3A
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 21_2_00007FFD9B4112FB	21_2_00007FFD9B4112FB
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 21_2_00007FFD9B4211D3	21_2_00007FFD9B4211D3
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 21_2_00007FFD9B4211E2	21_2_00007FFD9B4211E2
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 21_2_00007FFD9B410EFA	21_2_00007FFD9B410EFA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD9B410FF2	24_2_00007FFD9B410FF2
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD9B410C58	24_2_00007FFD9B410C58
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD9B413BE5	24_2_00007FFD9B413BE5
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD9B410B3A	24_2_00007FFD9B410B3A
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD9B4111D3	24_2_00007FFD9B4111D3
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD9B4111E2	24_2_00007FFD9B4111E2
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD9B4076D6	24_2_00007FFD9B4076D6
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD9B408482	24_2_00007FFD9B408482
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD9B4012FA	24_2_00007FFD9B4012FA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD9B42039C	24_2_00007FFD9B42039C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD9B41039C	27_2_00007FFD9B41039C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD9B400FF2	27_2_00007FFD9B400FF2
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD9B3F76D6	27_2_00007FFD9B3F76D6
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD9B3F8482	27_2_00007FFD9B3F8482
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD9B3F53D3	27_2_00007FFD9B3F53D3
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD9B3F53D0	27_2_00007FFD9B3F53D0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD9B400C58	27_2_00007FFD9B400C58
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD9B403BE5	27_2_00007FFD9B403BE5
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD9B400B3A	27_2_00007FFD9B400B3A
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD9B3F12FB	27_2_00007FFD9B3F12FB
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD9B3F71D9	27_2_00007FFD9B3F71D9
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD9B4011D3	27_2_00007FFD9B4011D3
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD9B4011E2	27_2_00007FFD9B4011E2
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 29_2_00007FFD9B40039C	29_2_00007FFD9B40039C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 29_2_00007FFD9B3F0FF2	29_2_00007FFD9B3F0FF2
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 29_2_00007FFD9B3E76D6	29_2_00007FFD9B3E76D6
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 29_2_00007FFD9B3E8482	29_2_00007FFD9B3E8482
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 29_2_00007FFD9B3F0BBC	29_2_00007FFD9B3F0BBC
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 29_2_00007FFD9B3F0C58	29_2_00007FFD9B3F0C58
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 29_2_00007FFD9B3F3BE5	29_2_00007FFD9B3F3BE5
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 29_2_00007FFD9B3F11D3	29_2_00007FFD9B3F11D3
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 29_2_00007FFD9B3E1228	29_2_00007FFD9B3E1228
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 29_2_00007FFD9B3F11E2	29_2_00007FFD9B3F11E2
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 29_2_00007FFD9B3EBD00	29_2_00007FFD9B3EBD00
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 31_2_00007FFD9B3F039C	31_2_00007FFD9B3F039C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 31_2_00007FFD9B3D76D6	31_2_00007FFD9B3D76D6
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 31_2_00007FFD9B3D8482	31_2_00007FFD9B3D8482
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 31_2_00007FFD9B3E0BBC	31_2_00007FFD9B3E0BBC
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 31_2_00007FFD9B3E0C58	31_2_00007FFD9B3E0C58
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 31_2_00007FFD9B3D1228	31_2_00007FFD9B3D1228
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 33_2_00007FFD9B3F039C	33_2_00007FFD9B3F039C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 33_2_00007FFD9B3E0FF2	33_2_00007FFD9B3E0FF2
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 33_2_00007FFD9B3E0C58	33_2_00007FFD9B3E0C58
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 33_2_00007FFD9B3E3BE5	33_2_00007FFD9B3E3BE5
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 33_2_00007FFD9B3E0B3A	33_2_00007FFD9B3E0B3A
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 33_2_00007FFD9B3E11D3	33_2_00007FFD9B3E11D3
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 33_2_00007FFD9B3E11E2	33_2_00007FFD9B3E11E2
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 33_2_00007FFD9B3D76D6	33_2_00007FFD9B3D76D6
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 33_2_00007FFD9B3D8482	33_2_00007FFD9B3D8482
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 33_2_00007FFD9B3D71D9	33_2_00007FFD9B3D71D9
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 33_2_00007FFD9B3D1228	33_2_00007FFD9B3D1228
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 35_2_00007FFD9B41039C	35_2_00007FFD9B41039C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 35_2_00007FFD9B400FF2	35_2_00007FFD9B400FF2
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 35_2_00007FFD9B400BBC	35_2_00007FFD9B400BBC
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 35_2_00007FFD9B400C58	35_2_00007FFD9B400C58
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 35_2_00007FFD9B403BE5	35_2_00007FFD9B403BE5
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 35_2_00007FFD9B4011D3	35_2_00007FFD9B4011D3
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 35_2_00007FFD9B4011E2	35_2_00007FFD9B4011E2
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 35_2_00007FFD9B3F76D6	35_2_00007FFD9B3F76D6
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 35_2_00007FFD9B3F8482	35_2_00007FFD9B3F8482
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 35_2_00007FFD9B3F12FB	35_2_00007FFD9B3F12FB

Dropped file seen in connection with other malware

Source: Joe Sandbox View	Dropped File: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe A96A0BA7998A6956C8073B6EFF9306398CC03FB9866E4CABF0810A69BB2A43B2
Source: Joe Sandbox View	Dropped File: C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll 443A1C088E62810A954FFE9F0136F7A8D5E44928425D23B5284D936270D9837A
Source: Joe Sandbox View	Dropped File: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll 2B5B7A2AFBC88A4F674E1D7836119B57E65FAE6863F4BE6832C38E08341F2D68

Sample file is different than original file name gathered from version info

Source: 2cFFfHDG7D.msi	Binary or memory string: OriginalFilenameAlphaControlAgentInstallation.dll\ vs 2cFFfHDG7D.msi
Source: 2cFFfHDG7D.msi	Binary or memory string: OriginalFilenameSfxCA.dll\ vs 2cFFfHDG7D.msi
Source: 2cFFfHDG7D.msi	Binary or memory string: OriginalFilenamewixca.dll\ vs 2cFFfHDG7D.msi

Source: ICSharpCode.SharpZipLib.dll.1.dr, InflaterInputBuffer.cs	Cryptographic APIs: 'TransformBlock'
Source: ICSharpCode.SharpZipLib.dll.1.dr, DeflaterOutputStream.cs	Cryptographic APIs: 'TransformBlock'
Source: ICSharpCode.SharpZipLib.dll.1.dr, ZipAESTransform.cs	Cryptographic APIs: 'TransformBlock'

Source: AteraAgent.exe.1.dr, SignatureValidator.cs

Base64 encoded string: 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0YmxeR/2wifvwd/MQXb/5tsLsvlMs50tmraklX8MKsU1EgEpRZ+W0Ro1ZHoLhQG53oq9hPz9bmJge78yZr6l1QJWz6wCj+yQUxM5f0gt4fHEf2yA94Tklnds7JPr2vQRb5rjAnxnt7722oWFc1bxFFsIcIhOI/EHYCE0qSPE1pKMXALkHZYoDQEFUu3YgEc0Oo7ClJNFrB75g6tVZRqGKxVvYQBb9zKDxhBRnDkhZuB7D1gRaR9PNwCr7tVtPt40c+CCf5ktUkeu4JzaiEipWvKYgRvotqsFtZF5uFso2UmdvxO+lIw9i/GPDfgS4JhKu/Y9lCuaan+xEluhSK0vpQIDAQAB'

Source: classification engine

Classification label: mal88.troj.spyw.evad.winMSI@52/91@12/3

Source: C:\Windows\System32\msiexec.exe

File created: C:\Program Files (x86)\ATERA Networks

Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:7204:120:WilError_03
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Mutant created: NULL
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\netfxeventlog.1.0
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:7864:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:1360:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:6572:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7404:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:7188:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:7884:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:7120:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:1820:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7476:120:WilError_03
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Mutant created: \BaseNamedObjects\Global\netfxeventlog.1.0
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:1868:120:WilError_03

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\TEMP\~DFEB3FF44FCF811A1A.TMP

Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "AteraAgent.exe")
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\System32\sc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

File read: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.ini

Source: C:\Windows\System32\msiexec.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: C:\Windows\SysWOW64\msiexec.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIF644.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5699250 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId

Source: 2cFFfHDG7D.msi

Static file information: TRID: Microsoft Windows Installer (60509/1) 57.88%

Source: 2cFFfHDG7D.msi

ReversingLabs: Detection: 23%

Source: unknown	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\2cFFfHDG7D.msi"
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 0F692C21F340271B8770E1FC6E93F18E
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIF644.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5699250 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIF924.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5699937 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSID78.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5705093 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 185C737B37B128F567DAE967E866CAE9 E Global\MSI0000
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgent
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="omar.zetawi@polaris-tek.com" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000HarDhIAJ" /AgentId="7d7ca517-f825-4372-8327-c232f61880c4"
Source: unknown	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI27EA.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5711890 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "3205572e-b701-411c-935a-8eefcd863daa" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "e84a63c2-b176-4565-84a8-bf664a770baa" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "64e30cd7-7773-4e23-a998-f6edaea887a9" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "0a143a2b-b19b-4fce-bc04-41b81bcbcc4b" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "0a143a2b-b19b-4fce-bc04-41b81bcbcc4b" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "f7c52d87-a697-402f-9ddb-f4bd7930a959" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "34fed5af-6ccf-418e-89e6-f319c0139431" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "16f383b9-4be1-4380-b33c-f4b37a96755f" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 0F692C21F340271B8770E1FC6E93F18E	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 185C737B37B128F567DAE967E866CAE9 E Global\MSI0000	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="omar.zetawi@polaris-tek.com" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000HarDhIAJ" /AgentId="7d7ca517-f825-4372-8327-c232f61880c4"	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIF644.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5699250 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIF924.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5699937 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSID78.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5705093 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI27EA.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5711890 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe	Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgent	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "3205572e-b701-411c-935a-8eefcd863daa" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "e84a63c2-b176-4565-84a8-bf664a770baa" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "0a143a2b-b19b-4fce-bc04-41b81bcbcc4b" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "0a143a2b-b19b-4fce-bc04-41b81bcbcc4b" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "f7c52d87-a697-402f-9ddb-f4bd7930a959" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "34fed5af-6ccf-418e-89e6-f319c0139431" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "16f383b9-4be1-4380-b33c-f4b37a96755f" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ

Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msihnd.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srclient.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: spp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: cryptnet.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: edputil.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: urlmon.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: appresolver.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: bcp47langs.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: slc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: sppc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rasman.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rtutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: schannel.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: amsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: cryptnet.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: webio.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: amsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasman.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rtutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: schannel.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: amsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasman.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rtutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: schannel.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: amsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasman.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rtutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: schannel.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: amsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasman.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rtutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: schannel.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: amsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasman.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rtutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: schannel.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: amsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasman.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rtutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: schannel.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: amsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasman.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rtutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: schannel.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: amsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasman.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rtutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc.dll

Source: C:\Windows\SysWOW64\rundll32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32

Jump to behavior

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

File written: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.ini

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Source: 2cFFfHDG7D.msi

Static file information: File size 2994176 > 1048576

Source:	Binary string: D:\a\1\s\AgentPackageAgentInformation\AgentPackageAgentInformation\obj\Release\AgentPackageAgentInformation.pdb source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000000.1915534412.00000169F6682000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: D:\a\1\s\AlphaControlAgentInstallation\obj\Release\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.16.dr, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.3.dr, AlphaControlAgentInstallation.dll.4.dr
Source:	Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: AgentPackageAgentInformation.exe, 00000015.00000002.1939963150.0000024C1D90A000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.13.dr
Source:	Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb source: AteraAgent.exe, 0000000C.00000000.1773587469.000001E1B60C2000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe.1.dr
Source:	Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb<$ source: AteraAgent.exe, 0000000C.00000000.1773587469.000001E1B60C2000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe.1.dr
Source:	Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2965349590.00000217FBE22000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1939963150.0000024C1D90A000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.13.dr
Source:	Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdb source: AgentPackageAgentInformation.exe, 00000015.00000002.1938695669.0000024C04F52000.00000002.00000001.01000000.00000018.sdmp, Atera.AgentPackage.Common.dll.13.dr
Source:	Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdb source: System.ValueTuple.dll.1.dr
Source:	Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdbSHA256 source: System.ValueTuple.dll.1.dr
Source:	Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdbSHA256 source: AteraAgent.exe, 0000000C.00000002.1814443901.000001E1D0672000.00000002.00000001.01000000.00000011.sdmp, Pubnub.dll.1.dr
Source:	Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdb source: AteraAgent.exe, 0000000C.00000002.1814443901.000001E1D0672000.00000002.00000001.01000000.00000011.sdmp, AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp, Pubnub.dll.1.dr
Source:	Binary string: C:\agent\_work\66\s\build\ship\x86\SfxCA.pdb source: 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, 56f4b0.msi.1.dr, MSID78.tmp.1.dr, MSI27EA.tmp.1.dr, MSIF924.tmp.1.dr, MSIF644.tmp.1.dr
Source:	Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, MSIFFB.tmp.1.dr
Source:	Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdbSHA256mW source: AteraAgent.exe, 0000000D.00000002.2968940245.00000217FC4B2000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.1.dr
Source:	Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdb source: AteraAgent.exe, 0000000D.00000002.2968940245.00000217FC4B2000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.1.dr
Source:	Binary string: BouncyCastle.Crypto.pdb source: BouncyCastle.Crypto.dll.1.dr
Source:	Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA2567 source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2965349590.00000217FBE22000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr
Source:	Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: rundll32.exe, 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr
Source:	Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdbPf source: AgentPackageAgentInformation.exe, 00000015.00000002.1938695669.0000024C04F52000.00000002.00000001.01000000.00000018.sdmp, Atera.AgentPackage.Common.dll.13.dr
Source:	Binary string: BouncyCastle.Crypto.pdbSHA256 source: BouncyCastle.Crypto.dll.1.dr
Source:	Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: rundll32.exe, 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr

Binary contains a suspicious time stamp

Source: BouncyCastle.Crypto.dll.1.dr

Static PE information: 0xE49A52B3 [Sun Jul 15 06:22:43 2091 UTC]

PE file contains an invalid checksum

Source: MSIF924.tmp.1.dr	Static PE information: real checksum: 0x32353 should be: 0x88610
Source: MSID78.tmp.1.dr	Static PE information: real checksum: 0x32353 should be: 0x88610
Source: MSIF644.tmp.1.dr	Static PE information: real checksum: 0x32353 should be: 0x88610

Uses code obfuscation techniques (call, push, ret)

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_3_04B857B8 push es; ret	4_3_04B85840
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_3_04B84E98 push es; ret	4_3_04B84EA0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_3_04B86880 push es; ret	4_3_04B86890
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_3_04B86BF1 push es; ret	4_3_04B86C00
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_3_04B8D1A1 push es; ret	4_3_04B8D1B0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_3_04B8DDC0 push es; ret	4_3_04B8DDD0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_3_04B858B0 push es; ret	4_3_04B858C0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_3_04B85890 push es; ret	4_3_04B858A0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_3_04B858D2 push es; ret	4_3_04B85900
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_3_04B85870 push es; ret	4_3_04B85880
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_3_04B85850 push es; ret	4_3_04B85860
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_3_04B85910 push es; ret	4_3_04B85920
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_3_06FB84A1 push es; ret	4_3_06FB84B0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_3_06FB4ECF push dword ptr [esp+ecx*2-75h]; ret	4_3_06FB4ED3
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 13_2_00007FFD9B4172BE push esi; retf	13_2_00007FFD9B4173D7
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 13_2_00007FFD9B40A020 push esi; retf	13_2_00007FFD9B4173D7
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 13_2_00007FFD9B610F64 push eax; ret	13_2_00007FFD9B610F94
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 16_3_067457B8 push es; ret	16_3_06745840
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 16_3_06744E90 push es; ret	16_3_06744EA0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 16_3_0674576F push es; ret	16_3_06745840
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 16_3_06745870 push es; ret	16_3_067458C0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 16_3_068284A1 push es; ret	16_3_068284B0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 16_3_06824ECF push dword ptr [esp+ecx*2-75h]; ret	16_3_06824ED3
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 20_2_00007FFD9B4000BD pushad ; iretd	20_2_00007FFD9B4000C1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 20_2_00007FFD9B419DA9 push eax; retf	20_2_00007FFD9B419DB9
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 20_2_00007FFD9B415590 push eax; iretd	20_2_00007FFD9B4155DD
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 21_2_00007FFD9B4100BD pushad ; iretd	21_2_00007FFD9B4100C1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 21_2_00007FFD9B4255B6 push eax; iretd	21_2_00007FFD9B4255DD
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 21_2_00007FFD9B429DA9 push eax; retf	21_2_00007FFD9B429DB9
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD9B4155B6 push eax; iretd	24_2_00007FFD9B4155DD
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD9B419DA9 push eax; retf	24_2_00007FFD9B419DB9

Persistence and Installation Behavior

Creates files in the system32 config directory

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BA74182F76F15A9CF514DEF352303C95
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BA74182F76F15A9CF514DEF352303C95
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1A374813EDB1A6631387E414D3E73232
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1A374813EDB1A6631387E414D3E73232
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\329B6147266C1E26CD774EA22B79EC2E
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\329B6147266C1E26CD774EA22B79EC2E
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log

Drops PE files

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSID78.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF644.tmp-\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF924.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSID78.tmp-\System.Management.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI27EA.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI27EA.tmp-\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF924.tmp-\AlphaControlAgentInstallation.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI27EA.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF924.tmp-\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF9D.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSID78.tmp-\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF644.tmp-\AlphaControlAgentInstallation.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI27EA.tmp-\System.Management.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF644.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI1116.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF644.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSID78.tmp-\AlphaControlAgentInstallation.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIFFB.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF924.tmp-\System.Management.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSID78.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF644.tmp-\System.Management.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF924.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI27EA.tmp-\AlphaControlAgentInstallation.dll	Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSID78.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF644.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF644.tmp-\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF924.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSID78.tmp-\System.Management.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI27EA.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI27EA.tmp-\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF924.tmp-\AlphaControlAgentInstallation.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI1116.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI27EA.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF924.tmp-\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF644.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSID78.tmp-\AlphaControlAgentInstallation.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF9D.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIFFB.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF924.tmp-\System.Management.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSID78.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSID78.tmp-\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF644.tmp-\System.Management.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF924.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF644.tmp-\AlphaControlAgentInstallation.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI27EA.tmp-\AlphaControlAgentInstallation.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI27EA.tmp-\System.Management.dll	Jump to dropped file

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\InstallUtil.InstallLog			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog			Jump to behavior

Creates or modifies windows services

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application

Jump to behavior

Uses net.exe to stop services

Source: C:\Windows\SysWOW64\msiexec.exe

Process created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

Process created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Registry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot

Stores large binary data to the registry

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

Key value created or modified: HKEY_USERS.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C Blob

Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\rundll32.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
Source: C:\Windows\System32\sc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Memory allocated: 1E1B6420000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Memory allocated: 1E1CFE10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Memory allocated: 217FAE40000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Memory allocated: 217FB4E0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 169F69D0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 169F70D0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 24C04990000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 24C1CFE0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 24296F40000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 242AF0E0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 1CE004C0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 1CE18520000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 238EA460000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 238EAC90000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 1CA8FF10000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 1CAA8650000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 19DB5D10000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 19DCE410000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 213E3AA0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 213FC250000 memory reserve \| memory write watch

Contains long sleeps (>= 3 min)

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Window / User API: threadDelayed 3752
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Window / User API: threadDelayed 5933

Found dropped PE file which has not been started or loaded

Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSID78.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIF644.tmp-\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIF924.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSID78.tmp-\System.Management.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI27EA.tmp-\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI27EA.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIF924.tmp-\AlphaControlAgentInstallation.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI27EA.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIF924.tmp-\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIF9D.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSID78.tmp-\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIF644.tmp-\AlphaControlAgentInstallation.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI27EA.tmp-\System.Management.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIF644.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI1116.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIF644.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSID78.tmp-\AlphaControlAgentInstallation.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIFFB.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIF924.tmp-\System.Management.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSID78.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIF644.tmp-\System.Management.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIF924.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI27EA.tmp-\AlphaControlAgentInstallation.dll	Jump to dropped file

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Windows\SysWOW64\rundll32.exe TID: 7256	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7624	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7580	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7780	Thread sleep count: 3752 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7780	Thread sleep count: 5933 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7976	Thread sleep time: -22136092888451448s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7976	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 8004	Thread sleep time: -150000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 8036	Thread sleep time: -5534023222112862s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 8000	Thread sleep time: -180000s >= -30000s
Source: C:\Windows\SysWOW64\rundll32.exe TID: 8068	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7392	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7344	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7424	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7452	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7712	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7604	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7944	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 8132	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7356	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7368	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3164	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6568	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6424	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1888	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6044	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3588	Thread sleep time: -922337203685477s >= -30000s

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\rundll32.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
Source: C:\Windows\System32\sc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\rundll32.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\System32\sc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 30000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 90000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477

Source: AgentPackageAgentInformation.exe, 00000014.00000000.1915534412.00000169F6682000.00000002.00000001.01000000.00000016.sdmp	Binary or memory string: VIRUSfighterAVMware Carbon Black Cloud Sensor7VMware Carbon Black Defense/VMware Carbon Black EDR9VMware Carbon Black Response
Source: AgentPackageAgentInformation.exe, 00000021.00000002.2822736956.0000019DCEB24000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllhh0
Source: AteraAgent.exe, 0000000C.00000002.1813166524.000001E1D05BE000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2967800760.00000217FC18E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D0573000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWpaP
Source: AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: eartbeat ServicevmicheartbeatH
Source: rundll32.exe, 00000004.00000003.1746683166.0000000002D30000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1746860726.0000000002D35000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1747243890.0000000002D36000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1870935509.0000000002A1E000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.1941466735.00000169F784A000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.2579606173.00000238EB44D000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.2722001142.000001CAA8F22000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: AgentPackageAgentInformation.exe, 00000015.00000002.1941843551.0000024C1D961000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllPP
Source: AgentPackageAgentInformation.exe, 00000018.00000002.2484656312.00000242AF947000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllUU
Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2550356997.000001CE18D0A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll;;
Source: AgentPackageAgentInformation.exe, 00000023.00000002.2928905254.00000213FC970000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllpp

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

Jump to behavior

Enables debug privileges

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process token adjusted: Debug

Source: C:\Windows\SysWOW64\rundll32.exe

Memory allocated: page read and write | page guard

Jump to behavior

Creates a process in suspended mode (likely to inject code)

Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="omar.zetawi@polaris-tek.com" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000HarDhIAJ" /AgentId="7d7ca517-f825-4372-8327-c232f61880c4"	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe	Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgent	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "3205572e-b701-411c-935a-8eefcd863daa" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "e84a63c2-b176-4565-84a8-bf664a770baa" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "0a143a2b-b19b-4fce-bc04-41b81bcbcc4b" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "0a143a2b-b19b-4fce-bc04-41b81bcbcc4b" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "f7c52d87-a697-402f-9ddb-f4bd7930a959" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "34fed5af-6ccf-418e-89e6-f319c0139431" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "16f383b9-4be1-4380-b33c-f4b37a96755f" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ

Uses taskkill to terminate processes

Source: C:\Windows\SysWOW64\msiexec.exe

Process created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe

Jump to behavior

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSIF644.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSIF644.tmp-\AlphaControlAgentInstallation.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSIF924.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSIF924.tmp-\AlphaControlAgentInstallation.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSIF924.tmp-\Newtonsoft.Json.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSID78.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSID78.tmp-\AlphaControlAgentInstallation.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSI27EA.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSI27EA.tmp-\AlphaControlAgentInstallation.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSI27EA.tmp-\Newtonsoft.Json.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation

Source: C:\Windows\SysWOW64\rundll32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Adds / modifies Windows certificates

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 Blob

Remote Access Functionality

Yara detected AteraAgent

Source: Yara match	File source: 20.0.AgentPackageAgentInformation.exe.169f6680000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.AgentPackageAgentInformation.exe.24c04f50000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.0.AteraAgent.exe.1e1b60c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000015.00000002.1938695669.0000024C04F52000.00000002.00000001.01000000.00000018.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2818020572.0000019DB5D20000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2551673351.000001CE7F49B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.2908773950.00000213E39E5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2482169319.0000024296857000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1816073152.00007FFD9B4A4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2548929719.000001CE005DF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1748246531.0000000004C64000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2720357078.000001CA90651000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.2908773950.00000213E399D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.1938810865.0000024C04FE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2483470135.0000024297127000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2720357078.000001CA906D3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2718323397.000001CA8FE18000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2814840353.0000019DB5AA0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1811465867.000001E1B6311000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000000.1773587469.000001E1B60C2000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.1938735886.00000169F67A0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2814840353.0000019DB5AA9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2966329034.00000217FC074000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2946215609.0000007EE0BD5000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2483202493.0000024296B70000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.2925775178.00000213E42D3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2579606173.00000238EB400000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2950826484.0000021780692000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.1937961302.0000024C049CB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1814707609.000001E1D0810000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2551673351.000001CE7F4A8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1812098404.000001E1B7F42000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2814840353.0000019DB5AE3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.1938735886.00000169F677F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2950826484.0000021780422000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2819989598.0000019DB64CF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2950826484.00000217806B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1811401559.000001E1B62D0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2551673351.000001CE7F548000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.2925775178.00000213E4297000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1812098404.000001E1B7F8C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2576271251.00000238EA4AC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2718323397.000001CA8FE10000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1812869872.000001E1D0540000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.1938810865.0000024C05063000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2483470135.00000242970E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2567708299.00000238800BF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2950826484.000002178013E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2548929719.000001CE005A3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1811465867.000001E1B630E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2576271251.00000238EA490000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2950826484.00000217809A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1812098404.000001E1B7E9C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000000.1915534412.00000169F6682000.00000002.00000001.01000000.00000016.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2567708299.0000023880047000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1813166524.000001E1D05BE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2567708299.0000023880001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1812098404.000001E1B7ECA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2718323397.000001CA8FE5C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.1938735886.00000169F6760000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2718323397.000001CA8FE9B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2551673351.000001CE7F460000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1748246531.0000000004BC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1811261269.000001E1B6260000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2819989598.0000019DB6493000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2576271251.00000238EA4CC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2966329034.00000217FC08B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.1937961302.0000024C049EC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2482169319.0000024296819000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2950826484.000002178094C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2550356997.000001CE18D0A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2482169319.000002429684D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2961429977.00000217FAB90000.00000004.00000020.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.2925775178.00000213E430F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2950826484.0000021780914000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.2925187633.00000213E3AE0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.2908773950.00000213E3960000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.1937782713.0000016980083000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.1937961302.0000024C049FA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2961466558.00000217FABA0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2950826484.00000217808E4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2814840353.0000019DB5B26000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1812098404.000001E1B7EC4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1811465867.000001E1B6359000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1812098404.000001E1B7EC2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.1871926707.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2483470135.0000024297163000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.1938735886.00000169F67AD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2814840353.0000019DB5ADD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2548929719.000001CE00521000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1811465867.000001E1B635F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.1937961302.0000024C04A36000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.1939609942.00000169F69F0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2950826484.0000021780232000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2720357078.000001CA9070F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2482169319.0000024296896000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1811401559.000001E1B62D6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2950826484.0000021780001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.1938810865.0000024C05027000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.2908773950.00000213E3969000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2961466558.00000217FABA8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.1938810865.0000024C0509F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2551673351.000001CE7F4E8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.1941843551.0000024C1D961000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2574330320.00000238EA3F0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2553023308.000001CE7F7C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2819989598.0000019DB6411000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2483470135.000002429719F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2962759137.00000217FADB0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.1937873368.0000024C049B0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2961466558.00000217FABDC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2551673351.000001CE7F469000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2482169319.0000024296810000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2720226579.000001CA90080000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1812098404.000001E1B7ED9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2576271251.00000238EA4DC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2576271251.00000238EA499000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1812098404.000001E1B7E99000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2576271251.00000238EA568000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1811465867.000001E1B62EE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2567708299.0000023880083000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2950826484.00000217806CE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.1937784076.0000024C04970000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.2908773950.00000213E399F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2822736956.0000019DCEAD0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.1937873368.0000024C049B8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2950826484.00000217808ED000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.2925775178.00000213E4251000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2720357078.000001CA90697000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2950826484.000002178006E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2961466558.00000217FAC24000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2819989598.0000019DB6457000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2814840353.0000019DB5B61000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2548929719.000001CE00567000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.1938735886.00000169F67ED000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2576271251.00000238EA517000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.1937782713.0000016980001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1812098404.000001E1B7E11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.1871926707.0000000004341000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: rundll32.exe PID: 6904, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: rundll32.exe PID: 7200, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: rundll32.exe PID: 7300, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AteraAgent.exe PID: 7548, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AteraAgent.exe PID: 7728, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: rundll32.exe PID: 7932, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageAgentInformation.exe PID: 7264, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageAgentInformation.exe PID: 7284, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageAgentInformation.exe PID: 7848, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageAgentInformation.exe PID: 4180, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageAgentInformation.exe PID: 2076, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageAgentInformation.exe PID: 6904, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageAgentInformation.exe PID: 7304, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageAgentInformation.exe PID: 6128, type: MEMORYSTR
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DFEB3FF44FCF811A1A.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF6A8465F9B84E5905.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF1D087F7A3E9CA16A.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF976A0F2522BB20B3.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\Installer\MSID78.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
Source: Yara match	File source: C:\Windows\Installer\MSI27EA.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
Source: Yara match	File source: C:\Config.Msi\56f4af.rbs, type: DROPPED
Source: Yara match	File source: C:\Windows\Installer\MSIF644.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DFB4214A4473B515E6.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\Installer\MSIF9C.tmp, type: DROPPED
Source: Yara match	File source: C:\Windows\Installer\inprogressinstallinfo.ipi, type: DROPPED
Source: Yara match	File source: C:\Windows\System32\InstallUtil.InstallLog, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF6E3B0B399A62DDDC.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\Installer\MSIF924.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, type: DROPPED

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
35.157.63.227	unknown	United States	16509	AMAZON-02US	false
35.157.63.229	ps.pndsn.com	United States	16509	AMAZON-02US	false
3.165.136.99	d25btwd9wax8gu.cloudfront.net	United States	16509	AMAZON-02US	false

Contacted Domains

Name	IP	Active
ps.pndsn.com	35.157.63.229	true
bg.microsoft.map.fastly.net	199.232.214.172	true
d25btwd9wax8gu.cloudfront.net	3.165.136.99	true
fp2e7a.wpc.phicdn.net	192.229.221.95	true
ps.atera.com	unknown	unknown
agent-api.atera.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=04b28964-6ef0-4a42-97e9-de0d1f8969f6&uuid=7d7ca517-f825-4372-8327-c232f61880c4	false	Avira URL Cloud: safe	unknown
https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=7232c231-fbd8-40c5-9fd4-a6b3ac2c95bc&uuid=7d7ca517-f825-4372-8327-c232f61880c4	false	Avira URL Cloud: safe	unknown
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6108e17e-e70c-47ee-93a9-dff9a3c5dc87&uuid=7d7ca517-f825-4372-8327-c232f61880c4	false	Avira URL Cloud: safe	unknown
https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=644afada-5df7-4de5-b444-b1d3402ba380&tr=43&tt=17200237221481014&uuid=7d7ca517-f825-4372-8327-c232f61880c4	false	Avira URL Cloud: safe	unknown
https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=8c864d9a-ab98-41ba-aa3b-cc8bfbb46040&tt=0&uuid=7d7ca517-f825-4372-8327-c232f61880c4	false	Avira URL Cloud: safe	unknown
https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=3223849c-8c48-4b98-a40e-e3dd7f3726a2&tr=43&tt=17200236621884071&uuid=7d7ca517-f825-4372-8327-c232f61880c4	false	Avira URL Cloud: safe	unknown
https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=59ddd6fa-ec59-4c28-92e6-b21af451dd77&tt=0&uuid=7d7ca517-f825-4372-8327-c232f61880c4	false	Avira URL Cloud: safe	unknown
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ceac7b8a-d06f-46f6-b40d-723d7f8ecc6e&uuid=7d7ca517-f825-4372-8327-c232f61880c4	false	Avira URL Cloud: safe	unknown
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=4268a400-66a4-4a60-8ada-3d40a293c400&uuid=7d7ca517-f825-4372-8327-c232f61880c4	false	Avira URL Cloud: safe	unknown
https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=357c8023-d06f-43c6-af75-ff9276fa6312&tr=43&tt=17200236682775915&uuid=7d7ca517-f825-4372-8327-c232f61880c4	false	Avira URL Cloud: safe	unknown
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=01817154-5258-48a3-85c0-e83f589a219b&uuid=7d7ca517-f825-4372-8327-c232f61880c4	false	Avira URL Cloud: safe	unknown
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=272b312b-8cbb-4ed4-bd82-1f2dd3cf8d11&uuid=7d7ca517-f825-4372-8327-c232f61880c4	false	Avira URL Cloud: safe	unknown
https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9d6606e1-8f57-49c5-9ab0-2ca887e76ed8&uuid=7d7ca517-f825-4372-8327-c232f61880c4	false	Avira URL Cloud: safe	unknown
https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=dbb4b35f-5f78-4ab4-bdd1-d6b922caff40&uuid=7d7ca517-f825-4372-8327-c232f61880c4	false	Avira URL Cloud: safe	unknown
https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=c089a5f6-aacc-464d-ba59-69fd86253ba9&uuid=7d7ca517-f825-4372-8327-c232f61880c4	false	Avira URL Cloud: safe	unknown
https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=139b731a-b591-4698-bfee-48cc028559cd&uuid=7d7ca517-f825-4372-8327-c232f61880c4	false	Avira URL Cloud: safe	unknown
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=49462288-5478-4372-9693-b47681abf7af&uuid=7d7ca517-f825-4372-8327-c232f61880c4	false	Avira URL Cloud: safe	unknown
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e6094e12-9fa8-4d26-aa06-4e8fb7a4009c&uuid=7d7ca517-f825-4372-8327-c232f61880c4	false	Avira URL Cloud: safe	unknown
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0f6a6f9e-92dd-416b-bb7d-5bf345e8ea10&uuid=7d7ca517-f825-4372-8327-c232f61880c4	false	Avira URL Cloud: safe	unknown
https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=712442ef-230d-4277-b641-1839d4d8d808&uuid=7d7ca517-f825-4372-8327-c232f61880c4	false	Avira URL Cloud: safe	unknown
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ad2ddba0-edbb-429e-9340-5807bd34a581&uuid=7d7ca517-f825-4372-8327-c232f61880c4	false	Avira URL Cloud: safe	unknown
https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9adb2664-b18c-43f3-856f-5709e73f6369&uuid=7d7ca517-f825-4372-8327-c232f61880c4	false	Avira URL Cloud: safe	unknown
https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=02fdafa7-0cbf-4d21-9e7c-2644b1b8a69d&uuid=7d7ca517-f825-4372-8327-c232f61880c4	false	Avira URL Cloud: safe	unknown
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ccd8b767-ce84-425a-a6fc-e1d295ece179&uuid=7d7ca517-f825-4372-8327-c232f61880c4	false	Avira URL Cloud: safe	unknown
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=22cf76d8-ac1d-4e8c-a645-ddf02c4a5363&uuid=7d7ca517-f825-4372-8327-c232f61880c4	false	Avira URL Cloud: safe	unknown
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6d71671f-ff3a-4b21-bbc6-dec364cbbb66&uuid=7d7ca517-f825-4372-8327-c232f61880c4	false	Avira URL Cloud: safe	unknown
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=24efe0cb-37e4-4030-8040-96cc03619cbf&uuid=7d7ca517-f825-4372-8327-c232f61880c4	false	Avira URL Cloud: safe	unknown
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e3c1bb87-134a-4b79-9350-4fcf40025dd1&uuid=7d7ca517-f825-4372-8327-c232f61880c4	false	Avira URL Cloud: safe	unknown
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=f70c64fb-bd8c-4b68-8d78-3a86a80f0fd6&uuid=7d7ca517-f825-4372-8327-c232f61880c4	false	Avira URL Cloud: safe	unknown
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=28c02dc8-fc10-46f4-9892-4dca60ee91e7&uuid=7d7ca517-f825-4372-8327-c232f61880c4	false	Avira URL Cloud: safe	unknown
https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=800f1992-a163-4e95-be3a-8d7dd58c0f05&uuid=7d7ca517-f825-4372-8327-c232f61880c4	false	Avira URL Cloud: safe	unknown
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8ca60d9f-75c2-4d80-a8a7-b05f671b9e42&uuid=7d7ca517-f825-4372-8327-c232f61880c4	false	Avira URL Cloud: safe	unknown
https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=3da9111c-aaa7-4e08-ba06-01a1cd672c2b&uuid=7d7ca517-f825-4372-8327-c232f61880c4	false	Avira URL Cloud: safe	unknown
https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=c2080080-bc76-4491-ab59-0a0eabfe07a8&uuid=7d7ca517-f825-4372-8327-c232f61880c4	false	Avira URL Cloud: safe	unknown

AV Detection

Multi AV Scanner detection for dropped file

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

ReversingLabs: Detection: 18%

Multi AV Scanner detection for submitted file

Source: 2cFFfHDG7D.msi

ReversingLabs: Detection: 23%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 98.0% probability

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\InstallUtil.InstallLog			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog			Jump to behavior

Source: unknown	HTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.165.136.99:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49779 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49781 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49790 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49797 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49798 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49809 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49813 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49816 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49821 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49820 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49823 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49837 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49838 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49842 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49848 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49849 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49857 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49857 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49863 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49869 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49871 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49877 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49879 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49889 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49890 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49892 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49893 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49902 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49903 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49922 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49924 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49931 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49930 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49932 version: TLS 1.2

Source:	Binary string: D:\a\1\s\AgentPackageAgentInformation\AgentPackageAgentInformation\obj\Release\AgentPackageAgentInformation.pdb source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000000.1915534412.00000169F6682000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: D:\a\1\s\AlphaControlAgentInstallation\obj\Release\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.16.dr, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.3.dr, AlphaControlAgentInstallation.dll.4.dr
Source:	Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: AgentPackageAgentInformation.exe, 00000015.00000002.1939963150.0000024C1D90A000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.13.dr
Source:	Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb source: AteraAgent.exe, 0000000C.00000000.1773587469.000001E1B60C2000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe.1.dr
Source:	Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb<$ source: AteraAgent.exe, 0000000C.00000000.1773587469.000001E1B60C2000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe.1.dr
Source:	Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2965349590.00000217FBE22000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1939963150.0000024C1D90A000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.13.dr
Source:	Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdb source: AgentPackageAgentInformation.exe, 00000015.00000002.1938695669.0000024C04F52000.00000002.00000001.01000000.00000018.sdmp, Atera.AgentPackage.Common.dll.13.dr
Source:	Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdb source: System.ValueTuple.dll.1.dr
Source:	Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdbSHA256 source: System.ValueTuple.dll.1.dr
Source:	Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdbSHA256 source: AteraAgent.exe, 0000000C.00000002.1814443901.000001E1D0672000.00000002.00000001.01000000.00000011.sdmp, Pubnub.dll.1.dr
Source:	Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdb source: AteraAgent.exe, 0000000C.00000002.1814443901.000001E1D0672000.00000002.00000001.01000000.00000011.sdmp, AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp, Pubnub.dll.1.dr
Source:	Binary string: C:\agent\_work\66\s\build\ship\x86\SfxCA.pdb source: 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, 56f4b0.msi.1.dr, MSID78.tmp.1.dr, MSI27EA.tmp.1.dr, MSIF924.tmp.1.dr, MSIF644.tmp.1.dr
Source:	Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, MSIFFB.tmp.1.dr
Source:	Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdbSHA256mW source: AteraAgent.exe, 0000000D.00000002.2968940245.00000217FC4B2000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.1.dr
Source:	Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdb source: AteraAgent.exe, 0000000D.00000002.2968940245.00000217FC4B2000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.1.dr
Source:	Binary string: BouncyCastle.Crypto.pdb source: BouncyCastle.Crypto.dll.1.dr
Source:	Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA2567 source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2965349590.00000217FBE22000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr
Source:	Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: rundll32.exe, 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr
Source:	Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdbPf source: AgentPackageAgentInformation.exe, 00000015.00000002.1938695669.0000024C04F52000.00000002.00000001.01000000.00000018.sdmp, Atera.AgentPackage.Common.dll.13.dr
Source:	Binary string: BouncyCastle.Crypto.pdbSHA256 source: BouncyCastle.Crypto.dll.1.dr
Source:	Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: rundll32.exe, 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr

Checks for available system drives (often done to infect USB drives)

Source: C:\Windows\System32\msiexec.exe	File opened: z:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: x:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: v:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: t:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: r:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: p:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: n:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: l:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: j:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: h:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: f:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: b:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: y:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: w:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: u:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: s:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: q:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: o:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: m:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: k:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: i:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: g:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: e:	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File opened: c:
Source: C:\Windows\System32\msiexec.exe	File opened: a:	Jump to behavior

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FFD9B411A44h	12_2_00007FFD9B411895
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FFD9B411FFFh	12_2_00007FFD9B411895
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FFD9B411FFFh	12_2_00007FFD9B411EB6
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FFD9B411FFFh	12_2_00007FFD9B411EA1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FFD9B411FFFh	12_2_00007FFD9B411E7E
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FFD9B411873h	12_2_00007FFD9B410C89
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FFD9B41227Bh	12_2_00007FFD9B410C89
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FFD9B404ECBh	13_2_00007FFD9B404E5C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FFD9B62680Eh	13_2_00007FFD9B626755
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FFD9B626CECh	13_2_00007FFD9B626922
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then dec eax	13_2_00007FFD9B626663
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FFD9B6265F3h	13_2_00007FFD9B6265DD

Networking

Yara detected Generic Downloader

Source: Yara match	File source: 20.0.AgentPackageAgentInformation.exe.169f6680000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, type: DROPPED

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=4268a400-66a4-4a60-8ada-3d40a293c400&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=0eb26796-307c-4e44-aa88-dac711ca4da1&tt=0&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ceac7b8a-d06f-46f6-b40d-723d7f8ecc6e&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=3223849c-8c48-4b98-a40e-e3dd7f3726a2&tr=43&tt=17200236621884071&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /agentpackagesnet45/AgentPackageAgentInformation/36.7/AgentPackageAgentInformation.zip?yxq+fCr1/sCV4kS8o/HVmHx/dgGVV270VK3QOQFoBjo5F8FfGf1KSAqUEXmoaJqt HTTP/1.1Host: ps.atera.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=8a73a0d7-bb19-4916-959c-ca27c4baf748&tr=43&tt=17200236642292064&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=22cf76d8-ac1d-4e8c-a645-ddf02c4a5363&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=357c8023-d06f-43c6-af75-ff9276fa6312&tr=43&tt=17200236682775915&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6108e17e-e70c-47ee-93a9-dff9a3c5dc87&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=272b312b-8cbb-4ed4-bd82-1f2dd3cf8d11&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=02fdafa7-0cbf-4d21-9e7c-2644b1b8a69d&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=01817154-5258-48a3-85c0-e83f589a219b&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=644afada-5df7-4de5-b444-b1d3402ba380&tr=43&tt=17200237221481014&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6e72782c-04f9-4b3f-b04c-e2bcfd8dec88&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=40aa23c2-5df2-4df3-a659-4fa85cdec74a&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=8c864d9a-ab98-41ba-aa3b-cc8bfbb46040&tt=0&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=fc3fa390-dd57-497e-a9ea-94acf3fd13aa&tr=43&tt=17200237287764896&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=28c02dc8-fc10-46f4-9892-4dca60ee91e7&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=31d30483-1276-494b-8626-3e162b57285f&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=dbb4b35f-5f78-4ab4-bdd1-d6b922caff40&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=23953f87-3c94-4d9a-b977-4822589fc3f4&tt=0&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9d6606e1-8f57-49c5-9ab0-2ca887e76ed8&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e3c1bb87-134a-4b79-9350-4fcf40025dd1&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=5284cc2c-6255-40ac-a5e3-fbd09bfcbf48&tr=41&tt=17200237441191360&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=c089a5f6-aacc-464d-ba59-69fd86253ba9&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=be598775-daec-44be-852d-698fb405c4ff&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e6094e12-9fa8-4d26-aa06-4e8fb7a4009c&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=3da9111c-aaa7-4e08-ba06-01a1cd672c2b&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ad2ddba0-edbb-429e-9340-5807bd34a581&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=1408e3ed-857e-4623-a748-09006bf71303&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8ca60d9f-75c2-4d80-a8a7-b05f671b9e42&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=04b28964-6ef0-4a42-97e9-de0d1f8969f6&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=59ddd6fa-ec59-4c28-92e6-b21af451dd77&tt=0&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=24efe0cb-37e4-4030-8040-96cc03619cbf&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=712442ef-230d-4277-b641-1839d4d8d808&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9adb2664-b18c-43f3-856f-5709e73f6369&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=f70c64fb-bd8c-4b68-8d78-3a86a80f0fd6&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=139b731a-b591-4698-bfee-48cc028559cd&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=800f1992-a163-4e95-be3a-8d7dd58c0f05&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=01dd44b0-5151-4864-a34b-b47d9fe01029&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=eacad4ff-a252-4743-af8e-8338583503dc&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=49462288-5478-4372-9693-b47681abf7af&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d8ba7937-4d26-44cf-99ef-80b433702404&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e8b5af52-42a9-47e1-bdc7-0d69fb53c145&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8a35289a-c57c-4499-bfaf-3530f6d376e0&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=c2080080-bc76-4491-ab59-0a0eabfe07a8&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0f6a6f9e-92dd-416b-bb7d-5bf345e8ea10&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=b4930227-1a65-4e53-bbd5-48fb14f079bb&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=580032ce-f9f4-4e21-acd4-6e1ccc580200&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d20451e7-16e9-46dc-ae34-697bd2a310ef&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=7232c231-fbd8-40c5-9fd4-a6b3ac2c95bc&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6d71671f-ff3a-4b21-bbc6-dec364cbbb66&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ccd8b767-ce84-425a-a6fc-e1d295ece179&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=12b69830-20e9-4eb2-bbe8-e1a13e0b11f8&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 35.157.63.229 35.157.63.229

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=4268a400-66a4-4a60-8ada-3d40a293c400&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=0eb26796-307c-4e44-aa88-dac711ca4da1&tt=0&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ceac7b8a-d06f-46f6-b40d-723d7f8ecc6e&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=3223849c-8c48-4b98-a40e-e3dd7f3726a2&tr=43&tt=17200236621884071&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /agentpackagesnet45/AgentPackageAgentInformation/36.7/AgentPackageAgentInformation.zip?yxq+fCr1/sCV4kS8o/HVmHx/dgGVV270VK3QOQFoBjo5F8FfGf1KSAqUEXmoaJqt HTTP/1.1Host: ps.atera.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=8a73a0d7-bb19-4916-959c-ca27c4baf748&tr=43&tt=17200236642292064&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=22cf76d8-ac1d-4e8c-a645-ddf02c4a5363&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=357c8023-d06f-43c6-af75-ff9276fa6312&tr=43&tt=17200236682775915&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6108e17e-e70c-47ee-93a9-dff9a3c5dc87&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=272b312b-8cbb-4ed4-bd82-1f2dd3cf8d11&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=02fdafa7-0cbf-4d21-9e7c-2644b1b8a69d&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=01817154-5258-48a3-85c0-e83f589a219b&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=644afada-5df7-4de5-b444-b1d3402ba380&tr=43&tt=17200237221481014&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6e72782c-04f9-4b3f-b04c-e2bcfd8dec88&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=40aa23c2-5df2-4df3-a659-4fa85cdec74a&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=8c864d9a-ab98-41ba-aa3b-cc8bfbb46040&tt=0&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=fc3fa390-dd57-497e-a9ea-94acf3fd13aa&tr=43&tt=17200237287764896&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=28c02dc8-fc10-46f4-9892-4dca60ee91e7&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=31d30483-1276-494b-8626-3e162b57285f&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=dbb4b35f-5f78-4ab4-bdd1-d6b922caff40&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=23953f87-3c94-4d9a-b977-4822589fc3f4&tt=0&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9d6606e1-8f57-49c5-9ab0-2ca887e76ed8&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e3c1bb87-134a-4b79-9350-4fcf40025dd1&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=5284cc2c-6255-40ac-a5e3-fbd09bfcbf48&tr=41&tt=17200237441191360&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=c089a5f6-aacc-464d-ba59-69fd86253ba9&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=be598775-daec-44be-852d-698fb405c4ff&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e6094e12-9fa8-4d26-aa06-4e8fb7a4009c&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=3da9111c-aaa7-4e08-ba06-01a1cd672c2b&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ad2ddba0-edbb-429e-9340-5807bd34a581&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=1408e3ed-857e-4623-a748-09006bf71303&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8ca60d9f-75c2-4d80-a8a7-b05f671b9e42&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=04b28964-6ef0-4a42-97e9-de0d1f8969f6&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=59ddd6fa-ec59-4c28-92e6-b21af451dd77&tt=0&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=24efe0cb-37e4-4030-8040-96cc03619cbf&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=712442ef-230d-4277-b641-1839d4d8d808&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9adb2664-b18c-43f3-856f-5709e73f6369&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=f70c64fb-bd8c-4b68-8d78-3a86a80f0fd6&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=139b731a-b591-4698-bfee-48cc028559cd&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=800f1992-a163-4e95-be3a-8d7dd58c0f05&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=01dd44b0-5151-4864-a34b-b47d9fe01029&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=eacad4ff-a252-4743-af8e-8338583503dc&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=49462288-5478-4372-9693-b47681abf7af&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d8ba7937-4d26-44cf-99ef-80b433702404&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e8b5af52-42a9-47e1-bdc7-0d69fb53c145&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8a35289a-c57c-4499-bfaf-3530f6d376e0&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=c2080080-bc76-4491-ab59-0a0eabfe07a8&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0f6a6f9e-92dd-416b-bb7d-5bf345e8ea10&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=b4930227-1a65-4e53-bbd5-48fb14f079bb&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=580032ce-f9f4-4e21-acd4-6e1ccc580200&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d20451e7-16e9-46dc-ae34-697bd2a310ef&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=7232c231-fbd8-40c5-9fd4-a6b3ac2c95bc&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6d71671f-ff3a-4b21-bbc6-dec364cbbb66&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ccd8b767-ce84-425a-a6fc-e1d295ece179&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=12b69830-20e9-4eb2-bbe8-e1a13e0b11f8&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com

Source: global traffic	DNS traffic detected: DNS query: agent-api.atera.com
Source: global traffic	DNS traffic detected: DNS query: ps.pndsn.com
Source: global traffic	DNS traffic detected: DNS query: ps.atera.com

Source: AteraAgent.exe, 0000000C.00000000.1773587469.000001E1B60C2000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780001000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe.1.dr	String found in binary or memory: http://acontrol.atera.com/
Source: rundll32.exe, 00000004.00000002.1748246531.0000000004C85000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780682000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780692000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217809A0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217808CD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.000002178094C000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.0000000004405000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.1937782713.000001698012F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1938810865.0000024C0510F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2483470135.000002429720F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2548929719.000001CE0064F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.2567708299.000002388012F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.2720357078.000001CA9077F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.2819989598.0000019DB653F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.2925775178.00000213E437F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://agent-api.atera.com
Source: rundll32.exe, 00000004.00000002.1748246531.0000000004C85000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780682000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217809A0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217808CD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.000002178094C000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.0000000004405000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.1937782713.000001698012F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1938810865.0000024C0510F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2483470135.000002429720F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2548929719.000001CE0064F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.2567708299.000002388012F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.2720357078.000001CA9077F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.2819989598.0000019DB653F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.2925775178.00000213E437F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://atera-agent-api-eu.westeurope.cloudapp.azure.com
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2967800760.00000217FC18E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, ICSharpCode.SharpZipLib.dll.1.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, 56f4b0.msi.1.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.13.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, Newtonsoft.Json.dll.13.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertCSRSA4096RootG5.crt0E
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780422000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt
Source: AteraAgent.exe, 0000000C.00000002.1814741521.000001E1D084B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1814741521.000001E1D087A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812098404.000001E1B7ED9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2969217705.00000217FC602000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, ICSharpCode.SharpZipLib.dll.1.dr, AteraAgent.exe.1.dr, 56f4b0.msi.1.dr, Atera.AgentPackage.Common.dll.13.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, Newtonsoft.Json.dll.13.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, ICSharpCode.SharpZipLib.dll.1.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, 56f4b0.msi.1.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.13.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, Newtonsoft.Json.dll.13.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: F2E248BEDDBB2D85122423C41028BFD40.13.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.1941466735.00000169F78AB000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1941843551.0000024C1D987000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2484656312.00000242AF97D000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2551673351.000001CE7F548000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2550356997.000001CE18D95000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2550356997.000001CE18D54000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.2579606173.00000238EB4A2000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.2579606173.00000238EB48C000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.2722001142.000001CAA8F22000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.2822736956.0000019DCEB66000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.2928905254.00000213FC910000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.2928905254.00000213FC98A000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.dr	String found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr	String found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA2.crt0
Source: AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D0573000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/
Source: AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D0573000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/$
Source: AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2967800760.00000217FC18E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, ICSharpCode.SharpZipLib.dll.1.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, 56f4b0.msi.1.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.13.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, Newtonsoft.Json.dll.13.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertCSRSA4096RootG5.crl0
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0AF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2967800760.00000217FC18E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp, 1A374813EDB1A6631387E414D3E732320.13.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
Source: AteraAgent.exe, 0000000C.00000002.1814741521.000001E1D084B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1814741521.000001E1D087A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812098404.000001E1B7ED9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780422000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2969217705.00000217FC602000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, ICSharpCode.SharpZipLib.dll.1.dr, AteraAgent.exe.1.dr, 56f4b0.msi.1.dr, Atera.AgentPackage.Common.dll.13.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, Newtonsoft.Json.dll.13.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D0540000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl_D
Source: AteraAgent.exe, 0000000C.00000002.1814741521.000001E1D084B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlhttp://crl4.digicert.co
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, ICSharpCode.SharpZipLib.dll.1.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, 56f4b0.msi.1.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.13.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, Newtonsoft.Json.dll.13.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp, BA74182F76F15A9CF514DEF352303C950.13.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl
Source: Newtonsoft.Json.dll.13.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crlL
Source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crlU/-
Source: AteraAgent.exe, 0000000C.00000002.1814741521.000001E1D083D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crlUQ
Source: AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D0573000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crll
Source: AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl~
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.dr	String found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr	String found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0F
Source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/eSig
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: AteraAgent.exe, 0000000C.00000002.1813166524.000001E1D05BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com:80/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
Source: AteraAgent.exe, 0000000C.00000002.1813166524.000001E1D05BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com:80/DigiCertTrustedRootG4.crlLow
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2967800760.00000217FC18E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp, 329B6147266C1E26CD774EA22B79EC2E0.13.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
Source: AteraAgent.exe, 0000000C.00000002.1814741521.000001E1D084B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1814741521.000001E1D087A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812098404.000001E1B7ED9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2969217705.00000217FC602000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, ICSharpCode.SharpZipLib.dll.1.dr, AteraAgent.exe.1.dr, 56f4b0.msi.1.dr, Atera.AgentPackage.Common.dll.13.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, Newtonsoft.Json.dll.13.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780422000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl8
Source: AteraAgent.exe, 0000000D.00000002.2967800760.00000217FC18E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlH
Source: AteraAgent.exe, 0000000C.00000002.1813166524.000001E1D05BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlN
Source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlT
Source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlh
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.dr	String found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr	String found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0=
Source: AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D0573000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/l
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: AteraAgent.exe, 0000000C.00000002.1813166524.000001E1D05BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com:80/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl7
Source: 57C8EDB95DF3F0AD4EE2DC2B8CFD4157.12.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
Source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en0w
Source: AgentPackageAgentInformation.exe, 00000014.00000000.1915534412.00000169F6682000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: http://dl.google.com/googletalk/googletalk-setup.exe
Source: Newtonsoft.Json.dll.13.dr	String found in binary or memory: http://james.newtonking.com/projects/json
Source: AgentPackageAgentInformation.exe, 0000001F.00000002.2722001142.000001CAA8F84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://microsoft.co$
Source: AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.c
Source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com
Source: AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com/
Source: AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp, 8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A9440.12.dr	String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rh
Source: 698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB0.12.dr	String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxL
Source: AteraAgent.exe, 0000000D.00000002.2961466558.00000217FAC24000.00000004.00000020.00020000.00000000.sdmp, C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F1410.13.dr	String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxX
Source: AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com/l
Source: AteraAgent.exe, 0000000C.00000002.1814741521.000001E1D084B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1814741521.000001E1D087A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812098404.000001E1B7ED9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780422000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2969217705.00000217FC602000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, ICSharpCode.SharpZipLib.dll.1.dr, AteraAgent.exe.1.dr, 56f4b0.msi.1.dr, Atera.AgentPackage.Common.dll.13.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, Newtonsoft.Json.dll.13.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.1941466735.00000169F78AB000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1941843551.0000024C1D987000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2484656312.00000242AF97D000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2551673351.000001CE7F548000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2550356997.000001CE18D95000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2550356997.000001CE18D54000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.2579606173.00000238EB4A2000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.2579606173.00000238EB48C000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.2722001142.000001CAA8F22000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.2822736956.0000019DCEB66000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.2928905254.00000213FC910000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.2928905254.00000213FC98A000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2967800760.00000217FC18E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Newtonsoft.Json.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Newtonsoft.Json.dll.16.dr, ICSharpCode.SharpZipLib.dll.1.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.13.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, Pubnub.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.dr	String found in binary or memory: http://ocsp.digicert.com0K
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Newtonsoft.Json.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Newtonsoft.Json.dll.5.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.dr	String found in binary or memory: http://ocsp.digicert.com0O
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, ICSharpCode.SharpZipLib.dll.1.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, 56f4b0.msi.1.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.13.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, Newtonsoft.Json.dll.13.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: AteraAgent.exe, 0000000D.00000002.2968059004.00000217FC22F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRS
Source: AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
Source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC107000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com:80
Source: AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com:80/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF
Source: AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D0540000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBBBE000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC107000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com:80/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7Nfjgt
Source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC107000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com:80Windows
Source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comJ
Source: AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D0540000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertAssuredIDRootCA.crlIE
Source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC107000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.cr
Source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC074000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedRootG4.crl
Source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC074000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedRootG4.crl)
Source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comm
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780908000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217806B0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217809A0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217806DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ps.pndsn.com
Source: AteraAgent.exe, 0000000C.00000002.1812098404.000001E1B7ED9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org
Source: AteraAgent.exe, 0000000C.00000002.1812098404.000001E1B7ED9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/
Source: AteraAgent.exe, 0000000C.00000002.1812098404.000001E1B7ED9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceProcess
Source: AteraAgent.exe, 0000000C.00000002.1812098404.000001E1B7ED9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceProcess0
Source: rundll32.exe, 00000004.00000002.1748246531.0000000004C64000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1748246531.0000000004BC1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780001000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.0000000004341000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.1937782713.0000016980083000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1938810865.0000024C0509F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2483470135.000002429719F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2548929719.000001CE005DF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.2567708299.00000238800BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.2720357078.000001CA9070F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.2819989598.0000019DB64CF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.2925775178.00000213E430F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.dr	String found in binary or memory: http://wixtoolset.org
Source: rundll32.exe, 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr	String found in binary or memory: http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/v
Source: rundll32.exe, 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr	String found in binary or memory: http://wixtoolset.org/news/
Source: rundll32.exe, 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr	String found in binary or memory: http://wixtoolset.org/releases/
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780422000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1814741521.000001E1D084B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1814741521.000001E1D087A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812098404.000001E1B7ED9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, ICSharpCode.SharpZipLib.dll.1.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, 56f4b0.msi.1.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.13.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: AteraAgent.exe, 0000000C.00000002.1812098404.000001E1B7ED9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.w3.o
Source: AteraAgent.exe, 0000000C.00000002.1812098404.000001E1B7ED9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.w3.oh
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217809A0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.000002178094C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217808ED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.P
Source: rundll32.exe, 00000004.00000002.1748246531.0000000004C64000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.00000000043E7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.aterD
Source: rundll32.exe, 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1748246531.0000000004C64000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1748246531.0000000004BC1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780682000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780692000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780001000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.0000000004341000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.1937782713.0000016980083000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1938810865.0000024C0509F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2483470135.000002429719F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2548929719.000001CE005DF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.2567708299.00000238800BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.2720357078.000001CA9070F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.2819989598.0000019DB64CF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.2925775178.00000213E430F000.00000004.00000800.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.16.dr, AlphaControlAgentInstallation.dll.5.dr	String found in binary or memory: https://agent-api.atera.com
Source: rundll32.exe, 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1748246531.0000000004C64000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1748246531.0000000004BC1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.0000000004341000.00000004.00000800.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.16.dr, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.3.dr, AlphaControlAgentInstallation.dll.4.dr	String found in binary or memory: https://agent-api.atera.com/
Source: AgentPackageAgentInformation.exe, 00000014.00000002.1937782713.0000016980083000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1938810865.0000024C0509F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2483470135.000002429719F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2548929719.000001CE005DF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.2567708299.00000238800BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.2720357078.000001CA9070F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.2819989598.0000019DB64CF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.2925775178.00000213E430F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production
Source: rundll32.exe, 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1748246531.0000000004C64000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1748246531.0000000004BC1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.000002178094C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.0000000004341000.00000004.00000800.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.16.dr, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.3.dr, AlphaControlAgentInstallation.dll.4.dr	String found in binary or memory: https://agent-api.atera.com/Production/Agent/
Source: AteraAgent.exe, 0000000D.00000002.2950826484.000002178094C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/Acknowl
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780422000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.000002178094C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780232000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/AcknowledgeCommands
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217808ED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/Age
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780682000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780422000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.000002178008C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780232000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217808ED000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217803F7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/AgentStarting
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217808E4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217808ED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/AgentStarting)
Source: AgentPackageAgentInformation.exe, 00000014.00000002.1937782713.0000016980083000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1938810865.0000024C0509F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2483470135.000002429719F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2548929719.000001CE005DF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.2567708299.00000238800BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.2720357078.000001CA9070F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.2819989598.0000019DB64CF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.2925775178.00000213E430F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/CommandResult
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217809A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetComm
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780232000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommands
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217808E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommands)
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780422000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217809A0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780232000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217806CE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommandsFallback
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780692000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommandsFallback)
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780001000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetEnvironmentStatus
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetRecurringPackages
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetRecurringPackages17-f825-4372-8327-c232f61880c4;
Source: rundll32.exe, 00000004.00000002.1748246531.0000000004C64000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1748246531.0000000004BC1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.0000000004341000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/track-event
Source: rundll32.exe, 00000004.00000002.1748246531.0000000004CA6000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.0000000004426000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/track-event;
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2965349590.00000217FBE22000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1939963150.0000024C1D8F9000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.13.dr	String found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json
Source: System.ValueTuple.dll.1.dr	String found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf
Source: System.ValueTuple.dll.1.dr	String found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf8
Source: AteraAgent.exe, 0000000D.00000002.2968940245.00000217FC4B2000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.1.dr	String found in binary or memory: https://github.com/icsharpcode/SharpZipLib
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780232000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.1/AgentPackageAg
Source: AteraAgent.exe, 0000000D.00000002.2950826484.000002178019D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780066000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.1/AgentPackageAgentIn
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780934000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.Availability/0.16/Agent.Package.Availability.zip
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zip
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.Watchdog/1.5/Agent.Package.Watchdog.zip
Source: AteraAgent.exe, 0000000D.00000002.2950826484.000002178022E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780066000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageAgentInformation/36.7/AgentPackageAgentInformation
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageNetworkDiscovery/13.0/AgentPackageNetworkDiscovery
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageRuntimeInstaller/1.5/AgentPackageRuntimeInstaller.
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageTaskScheduler/13.0/AgentPackageTaskScheduler.zip
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.Availability/0.16/Agent.Package.Availability.z
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zip
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.Watchdog/1.5/Agent.Package.Watchdog.zip
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageADRemote/6.0/AgentPackageADRemote.zip
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/36.7/AgentPackageAgentInformati
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageHeartbeat/17.14/AgentPackageHeartbeat.zip
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageInternalPoller/23.8/AgentPackageInternalPoller.z
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMarketplace/1.4/AgentPackageMarketplace.zip
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMonitoring/36.8/AgentPackageMonitoring.zip
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageNetworkDiscovery/23.9/AgentPackageNetworkDiscove
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageOsUpdates/19.2/AgentPackageOsUpdates.zip
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageProgramManagement/22.9/AgentPackageProgramManage
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageRuntimeInstaller/1.6/AgentPackageRuntimeInstalle
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSTRemote/21.6/AgentPackageSTRemote.zip
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSystemTools/26.6/AgentPackageSystemTools.zip
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageTaskScheduler/17.2/AgentPackageTaskScheduler.zip
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageTicketing/27.5/AgentPackageTicketing.zip
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageUpgradeAgent/26.8/AgentPackageUpgradeAgent.zip
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageWindowsUpdate/24.6/AgentPackageWindowsUpdate.zip
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.Availability/13.0/Agent.Package.Availability.zip
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.IotPoc/13.0/Agent.Package.IotPoc.zip
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.Watchdog/13.0/Agent.Package.Watchdog.zip
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780934000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageAgentI
Source: AteraAgent.exe, 0000000D.00000002.2950826484.000002178022E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780066000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageAgentInformation/22.7/AgentPackageAgentInformation
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageRuntimeInstaller/13.0/AgentPackageRuntimeInstaller
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageTaskScheduler/13.1/AgentPackageTaskScheduler.zip
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217806E4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217809A0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217806D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217806E4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780908000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217806B0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217809A0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.000002178008C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217806DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780232000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=01817154-5258-48a3-85c0-e83f589a219b
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=01dd44b0-5151-4864-a34b-b47d9fe01029
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=24efe0cb-37e4-4030-8040-96cc03619cbf
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780232000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=272b312b-8cbb-4ed4-bd82-1f2dd3cf8d11
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780232000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=28c02dc8-fc10-46f4-9892-4dca60ee91e7
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780232000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=31d30483-1276-494b-8626-3e162b57285f
Source: AteraAgent.exe, 0000000D.00000002.2950826484.000002178008C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=4268a400-66a4-4a60-8ada-3d40a293c400
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780422000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=580032ce-f9f4-4e21-acd4-6e1ccc580200
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6108e17e-e70c-47ee-93a9-dff9a3c5dc87
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217809A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6d71671f-ff3a-4b21-bbc6-dec364cbbb66
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780232000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6e72782c-04f9-4b3f-b04c-e2bcfd8dec88
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8ca60d9f-75c2-4d80-a8a7-b05f671b9e42
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217806E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ccd8b767-ce84-425a-a6fc-e1d295ece179
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e3c1bb87-134a-4b79-9350-4fcf40025dd1
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=f70c64fb-bd8c-4b68-8d78-3a86a80f0fd6
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780998000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217806CE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/v2
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217806B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/v2/presence/sub
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780422000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/v2/presence/sub_key/sub-c
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-H
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217806C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/v2/subscribe/sub-c-a02cec
Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a9
Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr	String found in binary or memory: https://www.newtonsoft.com/json
Source: Newtonsoft.Json.dll.13.dr	String found in binary or memory: https://www.newtonsoft.com/jsonschema
Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2965349590.00000217FBE22000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1939963150.0000024C1D90A000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.13.dr	String found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown	HTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.165.136.99:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49779 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49781 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49790 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49797 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49798 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49809 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49813 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49816 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49821 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49820 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49823 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49837 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49838 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49842 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49848 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49849 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49857 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49857 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49863 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49869 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49871 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49877 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49879 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49889 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49890 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49892 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49893 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49902 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49903 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49922 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49924 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49931 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49930 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49932 version: TLS 1.2

Drops certificate files (DER)

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BA74182F76F15A9CF514DEF352303C95	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB	Jump to dropped file

Spam, unwanted Advertisements and Ransom Demands

Reads the Security eventlog

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\AteraAgent	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\AlphaAgent
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security

Reads the System eventlog

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\AteraAgent	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\AlphaAgent
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System

Creates files inside the system directory

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\56f4ae.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF644.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF924.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSID78.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{E732A0D7-A2F2-4657-AC41-B19742648E45}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF9C.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF9D.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIFFB.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI1116.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\56f4b0.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\56f4b0.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI27EA.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF644.tmp-	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF644.tmp-\AlphaControlAgentInstallation.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF644.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF644.tmp-\Newtonsoft.Json.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF644.tmp-\System.Management.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF644.tmp-\CustomAction.config	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF924.tmp-	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF924.tmp-\AlphaControlAgentInstallation.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF924.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF924.tmp-\Newtonsoft.Json.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF924.tmp-\System.Management.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF924.tmp-\CustomAction.config	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSID78.tmp-	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSID78.tmp-\AlphaControlAgentInstallation.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSID78.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSID78.tmp-\Newtonsoft.Json.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSID78.tmp-\System.Management.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSID78.tmp-\CustomAction.config	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\InstallUtil.InstallLog	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BA74182F76F15A9CF514DEF352303C95
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BA74182F76F15A9CF514DEF352303C95
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1A374813EDB1A6631387E414D3E73232
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1A374813EDB1A6631387E414D3E73232
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\329B6147266C1E26CD774EA22B79EC2E
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\329B6147266C1E26CD774EA22B79EC2E
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI27EA.tmp-
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI27EA.tmp-\AlphaControlAgentInstallation.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI27EA.tmp-\Microsoft.Deployment.WindowsInstaller.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI27EA.tmp-\Newtonsoft.Json.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI27EA.tmp-\System.Management.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI27EA.tmp-\CustomAction.config
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log

Deletes files inside the Windows folder

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\MSIF644.tmp

Jump to behavior

Detected potential crypto function

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_3_06FB7678	4_3_06FB7678
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_3_06FB0040	4_3_06FB0040
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_3_046850B8	5_3_046850B8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_3_046859A8	5_3_046859A8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_3_04684D68	5_3_04684D68
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 12_2_00007FFD9B41C922	12_2_00007FFD9B41C922
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 12_2_00007FFD9B41BB76	12_2_00007FFD9B41BB76
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 12_2_00007FFD9B410C89	12_2_00007FFD9B410C89
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 13_2_00007FFD9B40CFB8	13_2_00007FFD9B40CFB8
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 13_2_00007FFD9B409AF2	13_2_00007FFD9B409AF2
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 13_2_00007FFD9B411CE0	13_2_00007FFD9B411CE0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 13_2_00007FFD9B61E2FA	13_2_00007FFD9B61E2FA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 13_2_00007FFD9B61AC97	13_2_00007FFD9B61AC97
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 13_2_00007FFD9B620CFF	13_2_00007FFD9B620CFF
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 13_2_00007FFD9B6168FB	13_2_00007FFD9B6168FB
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 13_2_00007FFD9B6193FA	13_2_00007FFD9B6193FA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 13_2_00007FFD9B620F02	13_2_00007FFD9B620F02
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 13_2_00007FFD9B620CFF	13_2_00007FFD9B620CFF
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 13_2_00007FFD9B620D73	13_2_00007FFD9B620D73
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 16_3_06820040	16_3_06820040
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 20_2_00007FFD9B42039C	20_2_00007FFD9B42039C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 20_2_00007FFD9B410FF2	20_2_00007FFD9B410FF2
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 20_2_00007FFD9B4076D6	20_2_00007FFD9B4076D6
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 20_2_00007FFD9B408482	20_2_00007FFD9B408482
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 20_2_00007FFD9B410C58	20_2_00007FFD9B410C58
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 20_2_00007FFD9B413BE5	20_2_00007FFD9B413BE5
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 20_2_00007FFD9B410B3A	20_2_00007FFD9B410B3A
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 20_2_00007FFD9B4012FA	20_2_00007FFD9B4012FA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 20_2_00007FFD9B4111D3	20_2_00007FFD9B4111D3
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 20_2_00007FFD9B4111E2	20_2_00007FFD9B4111E2
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 21_2_00007FFD9B43039C	21_2_00007FFD9B43039C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 21_2_00007FFD9B420FF2	21_2_00007FFD9B420FF2
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 21_2_00007FFD9B4176D6	21_2_00007FFD9B4176D6
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 21_2_00007FFD9B418482	21_2_00007FFD9B418482
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 21_2_00007FFD9B41BC20	21_2_00007FFD9B41BC20
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 21_2_00007FFD9B420C58	21_2_00007FFD9B420C58
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 21_2_00007FFD9B420B3A	21_2_00007FFD9B420B3A
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 21_2_00007FFD9B4112FB	21_2_00007FFD9B4112FB
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 21_2_00007FFD9B4211D3	21_2_00007FFD9B4211D3
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 21_2_00007FFD9B4211E2	21_2_00007FFD9B4211E2
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 21_2_00007FFD9B410EFA	21_2_00007FFD9B410EFA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD9B410FF2	24_2_00007FFD9B410FF2
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD9B410C58	24_2_00007FFD9B410C58
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD9B413BE5	24_2_00007FFD9B413BE5
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD9B410B3A	24_2_00007FFD9B410B3A
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD9B4111D3	24_2_00007FFD9B4111D3
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD9B4111E2	24_2_00007FFD9B4111E2
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD9B4076D6	24_2_00007FFD9B4076D6
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD9B408482	24_2_00007FFD9B408482
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD9B4012FA	24_2_00007FFD9B4012FA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD9B42039C	24_2_00007FFD9B42039C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD9B41039C	27_2_00007FFD9B41039C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD9B400FF2	27_2_00007FFD9B400FF2
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD9B3F76D6	27_2_00007FFD9B3F76D6
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD9B3F8482	27_2_00007FFD9B3F8482
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD9B3F53D3	27_2_00007FFD9B3F53D3
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD9B3F53D0	27_2_00007FFD9B3F53D0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD9B400C58	27_2_00007FFD9B400C58
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD9B403BE5	27_2_00007FFD9B403BE5
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD9B400B3A	27_2_00007FFD9B400B3A
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD9B3F12FB	27_2_00007FFD9B3F12FB
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD9B3F71D9	27_2_00007FFD9B3F71D9
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD9B4011D3	27_2_00007FFD9B4011D3
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD9B4011E2	27_2_00007FFD9B4011E2
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 29_2_00007FFD9B40039C	29_2_00007FFD9B40039C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 29_2_00007FFD9B3F0FF2	29_2_00007FFD9B3F0FF2
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 29_2_00007FFD9B3E76D6	29_2_00007FFD9B3E76D6
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 29_2_00007FFD9B3E8482	29_2_00007FFD9B3E8482
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 29_2_00007FFD9B3F0BBC	29_2_00007FFD9B3F0BBC
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 29_2_00007FFD9B3F0C58	29_2_00007FFD9B3F0C58
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 29_2_00007FFD9B3F3BE5	29_2_00007FFD9B3F3BE5
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 29_2_00007FFD9B3F11D3	29_2_00007FFD9B3F11D3
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 29_2_00007FFD9B3E1228	29_2_00007FFD9B3E1228
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 29_2_00007FFD9B3F11E2	29_2_00007FFD9B3F11E2
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 29_2_00007FFD9B3EBD00	29_2_00007FFD9B3EBD00
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 31_2_00007FFD9B3F039C	31_2_00007FFD9B3F039C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 31_2_00007FFD9B3D76D6	31_2_00007FFD9B3D76D6
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 31_2_00007FFD9B3D8482	31_2_00007FFD9B3D8482
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 31_2_00007FFD9B3E0BBC	31_2_00007FFD9B3E0BBC
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 31_2_00007FFD9B3E0C58	31_2_00007FFD9B3E0C58
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 31_2_00007FFD9B3D1228	31_2_00007FFD9B3D1228
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 33_2_00007FFD9B3F039C	33_2_00007FFD9B3F039C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 33_2_00007FFD9B3E0FF2	33_2_00007FFD9B3E0FF2
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 33_2_00007FFD9B3E0C58	33_2_00007FFD9B3E0C58
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 33_2_00007FFD9B3E3BE5	33_2_00007FFD9B3E3BE5
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 33_2_00007FFD9B3E0B3A	33_2_00007FFD9B3E0B3A
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 33_2_00007FFD9B3E11D3	33_2_00007FFD9B3E11D3
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 33_2_00007FFD9B3E11E2	33_2_00007FFD9B3E11E2
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 33_2_00007FFD9B3D76D6	33_2_00007FFD9B3D76D6
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 33_2_00007FFD9B3D8482	33_2_00007FFD9B3D8482
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 33_2_00007FFD9B3D71D9	33_2_00007FFD9B3D71D9
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 33_2_00007FFD9B3D1228	33_2_00007FFD9B3D1228
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 35_2_00007FFD9B41039C	35_2_00007FFD9B41039C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 35_2_00007FFD9B400FF2	35_2_00007FFD9B400FF2
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 35_2_00007FFD9B400BBC	35_2_00007FFD9B400BBC
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 35_2_00007FFD9B400C58	35_2_00007FFD9B400C58
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 35_2_00007FFD9B403BE5	35_2_00007FFD9B403BE5
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 35_2_00007FFD9B4011D3	35_2_00007FFD9B4011D3
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 35_2_00007FFD9B4011E2	35_2_00007FFD9B4011E2
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 35_2_00007FFD9B3F76D6	35_2_00007FFD9B3F76D6
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 35_2_00007FFD9B3F8482	35_2_00007FFD9B3F8482
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 35_2_00007FFD9B3F12FB	35_2_00007FFD9B3F12FB

Dropped file seen in connection with other malware

Source: Joe Sandbox View	Dropped File: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe A96A0BA7998A6956C8073B6EFF9306398CC03FB9866E4CABF0810A69BB2A43B2
Source: Joe Sandbox View	Dropped File: C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll 443A1C088E62810A954FFE9F0136F7A8D5E44928425D23B5284D936270D9837A
Source: Joe Sandbox View	Dropped File: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll 2B5B7A2AFBC88A4F674E1D7836119B57E65FAE6863F4BE6832C38E08341F2D68

Sample file is different than original file name gathered from version info

Source: 2cFFfHDG7D.msi	Binary or memory string: OriginalFilenameAlphaControlAgentInstallation.dll\ vs 2cFFfHDG7D.msi
Source: 2cFFfHDG7D.msi	Binary or memory string: OriginalFilenameSfxCA.dll\ vs 2cFFfHDG7D.msi
Source: 2cFFfHDG7D.msi	Binary or memory string: OriginalFilenamewixca.dll\ vs 2cFFfHDG7D.msi

Source: ICSharpCode.SharpZipLib.dll.1.dr, InflaterInputBuffer.cs	Cryptographic APIs: 'TransformBlock'
Source: ICSharpCode.SharpZipLib.dll.1.dr, DeflaterOutputStream.cs	Cryptographic APIs: 'TransformBlock'
Source: ICSharpCode.SharpZipLib.dll.1.dr, ZipAESTransform.cs	Cryptographic APIs: 'TransformBlock'

Source: AteraAgent.exe.1.dr, SignatureValidator.cs

Source: classification engine

Classification label: mal88.troj.spyw.evad.winMSI@52/91@12/3

Source: C:\Windows\System32\msiexec.exe

File created: C:\Program Files (x86)\ATERA Networks

Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:7204:120:WilError_03
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Mutant created: NULL
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\netfxeventlog.1.0
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:7864:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:1360:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:6572:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7404:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:7188:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:7884:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:7120:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:1820:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7476:120:WilError_03
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Mutant created: \BaseNamedObjects\Global\netfxeventlog.1.0
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:1868:120:WilError_03

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\TEMP\~DFEB3FF44FCF811A1A.TMP

Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "AteraAgent.exe")
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\System32\sc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

File read: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.ini

Source: C:\Windows\System32\msiexec.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: C:\Windows\SysWOW64\msiexec.exe

Source: 2cFFfHDG7D.msi

Static file information: TRID: Microsoft Windows Installer (60509/1) 57.88%

Source: 2cFFfHDG7D.msi

ReversingLabs: Detection: 23%

Source: unknown	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\2cFFfHDG7D.msi"
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 0F692C21F340271B8770E1FC6E93F18E
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIF644.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5699250 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIF924.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5699937 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSID78.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5705093 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 185C737B37B128F567DAE967E866CAE9 E Global\MSI0000
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgent
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="omar.zetawi@polaris-tek.com" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000HarDhIAJ" /AgentId="7d7ca517-f825-4372-8327-c232f61880c4"
Source: unknown	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI27EA.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5711890 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "3205572e-b701-411c-935a-8eefcd863daa" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "e84a63c2-b176-4565-84a8-bf664a770baa" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "64e30cd7-7773-4e23-a998-f6edaea887a9" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "0a143a2b-b19b-4fce-bc04-41b81bcbcc4b" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "0a143a2b-b19b-4fce-bc04-41b81bcbcc4b" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "f7c52d87-a697-402f-9ddb-f4bd7930a959" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "34fed5af-6ccf-418e-89e6-f319c0139431" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "16f383b9-4be1-4380-b33c-f4b37a96755f" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 0F692C21F340271B8770E1FC6E93F18E	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 185C737B37B128F567DAE967E866CAE9 E Global\MSI0000	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="omar.zetawi@polaris-tek.com" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000HarDhIAJ" /AgentId="7d7ca517-f825-4372-8327-c232f61880c4"	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIF644.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5699250 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIF924.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5699937 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSID78.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5705093 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI27EA.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5711890 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe	Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgent	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "3205572e-b701-411c-935a-8eefcd863daa" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "e84a63c2-b176-4565-84a8-bf664a770baa" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "0a143a2b-b19b-4fce-bc04-41b81bcbcc4b" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "0a143a2b-b19b-4fce-bc04-41b81bcbcc4b" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "f7c52d87-a697-402f-9ddb-f4bd7930a959" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "34fed5af-6ccf-418e-89e6-f319c0139431" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "16f383b9-4be1-4380-b33c-f4b37a96755f" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ

Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msihnd.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srclient.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: spp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: cryptnet.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: edputil.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: urlmon.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: appresolver.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: bcp47langs.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: slc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: sppc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rasman.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rtutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: schannel.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: amsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: cryptnet.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: webio.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: amsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasman.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rtutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: schannel.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: amsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasman.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rtutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: schannel.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: amsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasman.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rtutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: schannel.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: amsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasman.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rtutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: schannel.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: amsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasman.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rtutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: schannel.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: amsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasman.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rtutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: schannel.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: amsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasman.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rtutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: schannel.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: amsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasman.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rtutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc.dll

Source: C:\Windows\SysWOW64\rundll32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32

Jump to behavior

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

File written: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.ini

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Source: 2cFFfHDG7D.msi

Static file information: File size 2994176 > 1048576

Source:	Binary string: D:\a\1\s\AgentPackageAgentInformation\AgentPackageAgentInformation\obj\Release\AgentPackageAgentInformation.pdb source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000000.1915534412.00000169F6682000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: D:\a\1\s\AlphaControlAgentInstallation\obj\Release\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.16.dr, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.3.dr, AlphaControlAgentInstallation.dll.4.dr
Source:	Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: AgentPackageAgentInformation.exe, 00000015.00000002.1939963150.0000024C1D90A000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.13.dr
Source:	Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb source: AteraAgent.exe, 0000000C.00000000.1773587469.000001E1B60C2000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe.1.dr
Source:	Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb<$ source: AteraAgent.exe, 0000000C.00000000.1773587469.000001E1B60C2000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe.1.dr
Source:	Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2965349590.00000217FBE22000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1939963150.0000024C1D90A000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.13.dr
Source:	Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdb source: AgentPackageAgentInformation.exe, 00000015.00000002.1938695669.0000024C04F52000.00000002.00000001.01000000.00000018.sdmp, Atera.AgentPackage.Common.dll.13.dr
Source:	Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdb source: System.ValueTuple.dll.1.dr
Source:	Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdbSHA256 source: System.ValueTuple.dll.1.dr
Source:	Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdbSHA256 source: AteraAgent.exe, 0000000C.00000002.1814443901.000001E1D0672000.00000002.00000001.01000000.00000011.sdmp, Pubnub.dll.1.dr
Source:	Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdb source: AteraAgent.exe, 0000000C.00000002.1814443901.000001E1D0672000.00000002.00000001.01000000.00000011.sdmp, AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp, Pubnub.dll.1.dr
Source:	Binary string: C:\agent\_work\66\s\build\ship\x86\SfxCA.pdb source: 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, 56f4b0.msi.1.dr, MSID78.tmp.1.dr, MSI27EA.tmp.1.dr, MSIF924.tmp.1.dr, MSIF644.tmp.1.dr
Source:	Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, MSIFFB.tmp.1.dr
Source:	Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdbSHA256mW source: AteraAgent.exe, 0000000D.00000002.2968940245.00000217FC4B2000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.1.dr
Source:	Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdb source: AteraAgent.exe, 0000000D.00000002.2968940245.00000217FC4B2000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.1.dr
Source:	Binary string: BouncyCastle.Crypto.pdb source: BouncyCastle.Crypto.dll.1.dr
Source:	Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA2567 source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2965349590.00000217FBE22000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr
Source:	Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: rundll32.exe, 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr
Source:	Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdbPf source: AgentPackageAgentInformation.exe, 00000015.00000002.1938695669.0000024C04F52000.00000002.00000001.01000000.00000018.sdmp, Atera.AgentPackage.Common.dll.13.dr
Source:	Binary string: BouncyCastle.Crypto.pdbSHA256 source: BouncyCastle.Crypto.dll.1.dr
Source:	Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: rundll32.exe, 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr

Binary contains a suspicious time stamp

Source: BouncyCastle.Crypto.dll.1.dr

Static PE information: 0xE49A52B3 [Sun Jul 15 06:22:43 2091 UTC]

PE file contains an invalid checksum

Source: MSIF924.tmp.1.dr	Static PE information: real checksum: 0x32353 should be: 0x88610
Source: MSID78.tmp.1.dr	Static PE information: real checksum: 0x32353 should be: 0x88610
Source: MSIF644.tmp.1.dr	Static PE information: real checksum: 0x32353 should be: 0x88610

Uses code obfuscation techniques (call, push, ret)

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_3_04B857B8 push es; ret	4_3_04B85840
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_3_04B84E98 push es; ret	4_3_04B84EA0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_3_04B86880 push es; ret	4_3_04B86890
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_3_04B86BF1 push es; ret	4_3_04B86C00
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_3_04B8D1A1 push es; ret	4_3_04B8D1B0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_3_04B8DDC0 push es; ret	4_3_04B8DDD0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_3_04B858B0 push es; ret	4_3_04B858C0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_3_04B85890 push es; ret	4_3_04B858A0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_3_04B858D2 push es; ret	4_3_04B85900
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_3_04B85870 push es; ret	4_3_04B85880
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_3_04B85850 push es; ret	4_3_04B85860
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_3_04B85910 push es; ret	4_3_04B85920
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_3_06FB84A1 push es; ret	4_3_06FB84B0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_3_06FB4ECF push dword ptr [esp+ecx*2-75h]; ret	4_3_06FB4ED3
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 13_2_00007FFD9B4172BE push esi; retf	13_2_00007FFD9B4173D7
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 13_2_00007FFD9B40A020 push esi; retf	13_2_00007FFD9B4173D7
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 13_2_00007FFD9B610F64 push eax; ret	13_2_00007FFD9B610F94
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 16_3_067457B8 push es; ret	16_3_06745840
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 16_3_06744E90 push es; ret	16_3_06744EA0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 16_3_0674576F push es; ret	16_3_06745840
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 16_3_06745870 push es; ret	16_3_067458C0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 16_3_068284A1 push es; ret	16_3_068284B0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 16_3_06824ECF push dword ptr [esp+ecx*2-75h]; ret	16_3_06824ED3
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 20_2_00007FFD9B4000BD pushad ; iretd	20_2_00007FFD9B4000C1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 20_2_00007FFD9B419DA9 push eax; retf	20_2_00007FFD9B419DB9
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 20_2_00007FFD9B415590 push eax; iretd	20_2_00007FFD9B4155DD
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 21_2_00007FFD9B4100BD pushad ; iretd	21_2_00007FFD9B4100C1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 21_2_00007FFD9B4255B6 push eax; iretd	21_2_00007FFD9B4255DD
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 21_2_00007FFD9B429DA9 push eax; retf	21_2_00007FFD9B429DB9
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD9B4155B6 push eax; iretd	24_2_00007FFD9B4155DD
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD9B419DA9 push eax; retf	24_2_00007FFD9B419DB9

Persistence and Installation Behavior

Creates files in the system32 config directory

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BA74182F76F15A9CF514DEF352303C95
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BA74182F76F15A9CF514DEF352303C95
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1A374813EDB1A6631387E414D3E73232
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1A374813EDB1A6631387E414D3E73232
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\329B6147266C1E26CD774EA22B79EC2E
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\329B6147266C1E26CD774EA22B79EC2E
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log

Drops PE files

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSID78.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF644.tmp-\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF924.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSID78.tmp-\System.Management.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI27EA.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI27EA.tmp-\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF924.tmp-\AlphaControlAgentInstallation.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI27EA.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF924.tmp-\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF9D.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSID78.tmp-\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF644.tmp-\AlphaControlAgentInstallation.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI27EA.tmp-\System.Management.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF644.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI1116.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF644.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSID78.tmp-\AlphaControlAgentInstallation.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIFFB.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF924.tmp-\System.Management.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSID78.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF644.tmp-\System.Management.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF924.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI27EA.tmp-\AlphaControlAgentInstallation.dll	Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSID78.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF644.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF644.tmp-\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF924.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSID78.tmp-\System.Management.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI27EA.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI27EA.tmp-\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF924.tmp-\AlphaControlAgentInstallation.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI1116.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI27EA.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF924.tmp-\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF644.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSID78.tmp-\AlphaControlAgentInstallation.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF9D.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIFFB.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF924.tmp-\System.Management.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSID78.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSID78.tmp-\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF644.tmp-\System.Management.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF924.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF644.tmp-\AlphaControlAgentInstallation.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI27EA.tmp-\AlphaControlAgentInstallation.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI27EA.tmp-\System.Management.dll	Jump to dropped file

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\InstallUtil.InstallLog			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog			Jump to behavior

Creates or modifies windows services

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application

Jump to behavior

Uses net.exe to stop services

Source: C:\Windows\SysWOW64\msiexec.exe

Process created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

Process created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Registry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot

Stores large binary data to the registry

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

Key value created or modified: HKEY_USERS.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C Blob

Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\rundll32.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
Source: C:\Windows\System32\sc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Memory allocated: 1E1B6420000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Memory allocated: 1E1CFE10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Memory allocated: 217FAE40000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Memory allocated: 217FB4E0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 169F69D0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 169F70D0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 24C04990000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 24C1CFE0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 24296F40000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 242AF0E0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 1CE004C0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 1CE18520000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 238EA460000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 238EAC90000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 1CA8FF10000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 1CAA8650000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 19DB5D10000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 19DCE410000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 213E3AA0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 213FC250000 memory reserve \| memory write watch

Contains long sleeps (>= 3 min)

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Window / User API: threadDelayed 3752
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Window / User API: threadDelayed 5933

Found dropped PE file which has not been started or loaded

Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSID78.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIF644.tmp-\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIF924.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSID78.tmp-\System.Management.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI27EA.tmp-\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI27EA.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIF924.tmp-\AlphaControlAgentInstallation.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI27EA.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIF924.tmp-\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIF9D.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSID78.tmp-\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIF644.tmp-\AlphaControlAgentInstallation.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI27EA.tmp-\System.Management.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIF644.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI1116.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIF644.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSID78.tmp-\AlphaControlAgentInstallation.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIFFB.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIF924.tmp-\System.Management.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSID78.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIF644.tmp-\System.Management.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIF924.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI27EA.tmp-\AlphaControlAgentInstallation.dll	Jump to dropped file

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Windows\SysWOW64\rundll32.exe TID: 7256	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7624	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7580	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7780	Thread sleep count: 3752 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7780	Thread sleep count: 5933 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7976	Thread sleep time: -22136092888451448s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7976	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 8004	Thread sleep time: -150000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 8036	Thread sleep time: -5534023222112862s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 8000	Thread sleep time: -180000s >= -30000s
Source: C:\Windows\SysWOW64\rundll32.exe TID: 8068	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7392	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7344	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7424	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7452	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7712	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7604	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7944	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 8132	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7356	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7368	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3164	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6568	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6424	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1888	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6044	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3588	Thread sleep time: -922337203685477s >= -30000s

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\rundll32.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
Source: C:\Windows\System32\sc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\rundll32.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\System32\sc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 30000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 90000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477

Source: AgentPackageAgentInformation.exe, 00000014.00000000.1915534412.00000169F6682000.00000002.00000001.01000000.00000016.sdmp	Binary or memory string: VIRUSfighterAVMware Carbon Black Cloud Sensor7VMware Carbon Black Defense/VMware Carbon Black EDR9VMware Carbon Black Response
Source: AgentPackageAgentInformation.exe, 00000021.00000002.2822736956.0000019DCEB24000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllhh0
Source: AteraAgent.exe, 0000000C.00000002.1813166524.000001E1D05BE000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2967800760.00000217FC18E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D0573000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWpaP
Source: AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: eartbeat ServicevmicheartbeatH
Source: rundll32.exe, 00000004.00000003.1746683166.0000000002D30000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1746860726.0000000002D35000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1747243890.0000000002D36000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1870935509.0000000002A1E000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.1941466735.00000169F784A000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.2579606173.00000238EB44D000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.2722001142.000001CAA8F22000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: AgentPackageAgentInformation.exe, 00000015.00000002.1941843551.0000024C1D961000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllPP
Source: AgentPackageAgentInformation.exe, 00000018.00000002.2484656312.00000242AF947000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllUU
Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2550356997.000001CE18D0A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll;;
Source: AgentPackageAgentInformation.exe, 00000023.00000002.2928905254.00000213FC970000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllpp

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

Jump to behavior

Enables debug privileges

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process token adjusted: Debug

Source: C:\Windows\SysWOW64\rundll32.exe

Memory allocated: page read and write | page guard

Jump to behavior

Creates a process in suspended mode (likely to inject code)

Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="omar.zetawi@polaris-tek.com" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000HarDhIAJ" /AgentId="7d7ca517-f825-4372-8327-c232f61880c4"	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe	Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgent	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "3205572e-b701-411c-935a-8eefcd863daa" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "e84a63c2-b176-4565-84a8-bf664a770baa" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "0a143a2b-b19b-4fce-bc04-41b81bcbcc4b" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "0a143a2b-b19b-4fce-bc04-41b81bcbcc4b" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "f7c52d87-a697-402f-9ddb-f4bd7930a959" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "34fed5af-6ccf-418e-89e6-f319c0139431" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "16f383b9-4be1-4380-b33c-f4b37a96755f" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ

Uses taskkill to terminate processes

Source: C:\Windows\SysWOW64\msiexec.exe

Process created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe

Jump to behavior

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSIF644.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSIF644.tmp-\AlphaControlAgentInstallation.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSIF924.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSIF924.tmp-\AlphaControlAgentInstallation.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSIF924.tmp-\Newtonsoft.Json.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSID78.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSID78.tmp-\AlphaControlAgentInstallation.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSI27EA.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSI27EA.tmp-\AlphaControlAgentInstallation.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSI27EA.tmp-\Newtonsoft.Json.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation

Source: C:\Windows\SysWOW64\rundll32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Adds / modifies Windows certificates

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 Blob

Remote Access Functionality

Yara detected AteraAgent

Source: Yara match	File source: 20.0.AgentPackageAgentInformation.exe.169f6680000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.AgentPackageAgentInformation.exe.24c04f50000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.0.AteraAgent.exe.1e1b60c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000015.00000002.1938695669.0000024C04F52000.00000002.00000001.01000000.00000018.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2818020572.0000019DB5D20000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2551673351.000001CE7F49B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.2908773950.00000213E39E5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2482169319.0000024296857000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1816073152.00007FFD9B4A4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2548929719.000001CE005DF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1748246531.0000000004C64000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2720357078.000001CA90651000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.2908773950.00000213E399D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.1938810865.0000024C04FE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2483470135.0000024297127000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2720357078.000001CA906D3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2718323397.000001CA8FE18000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2814840353.0000019DB5AA0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1811465867.000001E1B6311000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000000.1773587469.000001E1B60C2000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.1938735886.00000169F67A0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2814840353.0000019DB5AA9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2966329034.00000217FC074000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2946215609.0000007EE0BD5000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2483202493.0000024296B70000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.2925775178.00000213E42D3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2579606173.00000238EB400000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2950826484.0000021780692000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.1937961302.0000024C049CB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1814707609.000001E1D0810000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2551673351.000001CE7F4A8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1812098404.000001E1B7F42000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2814840353.0000019DB5AE3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.1938735886.00000169F677F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2950826484.0000021780422000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2819989598.0000019DB64CF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2950826484.00000217806B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1811401559.000001E1B62D0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2551673351.000001CE7F548000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.2925775178.00000213E4297000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1812098404.000001E1B7F8C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2576271251.00000238EA4AC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2718323397.000001CA8FE10000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1812869872.000001E1D0540000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.1938810865.0000024C05063000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2483470135.00000242970E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2567708299.00000238800BF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2950826484.000002178013E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2548929719.000001CE005A3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1811465867.000001E1B630E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2576271251.00000238EA490000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2950826484.00000217809A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1812098404.000001E1B7E9C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000000.1915534412.00000169F6682000.00000002.00000001.01000000.00000016.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2567708299.0000023880047000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1813166524.000001E1D05BE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2567708299.0000023880001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1812098404.000001E1B7ECA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2718323397.000001CA8FE5C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.1938735886.00000169F6760000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2718323397.000001CA8FE9B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2551673351.000001CE7F460000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1748246531.0000000004BC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1811261269.000001E1B6260000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2819989598.0000019DB6493000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2576271251.00000238EA4CC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2966329034.00000217FC08B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.1937961302.0000024C049EC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2482169319.0000024296819000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2950826484.000002178094C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2550356997.000001CE18D0A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2482169319.000002429684D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2961429977.00000217FAB90000.00000004.00000020.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.2925775178.00000213E430F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2950826484.0000021780914000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.2925187633.00000213E3AE0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.2908773950.00000213E3960000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.1937782713.0000016980083000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.1937961302.0000024C049FA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2961466558.00000217FABA0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2950826484.00000217808E4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2814840353.0000019DB5B26000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1812098404.000001E1B7EC4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1811465867.000001E1B6359000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1812098404.000001E1B7EC2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.1871926707.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2483470135.0000024297163000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.1938735886.00000169F67AD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2814840353.0000019DB5ADD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2548929719.000001CE00521000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1811465867.000001E1B635F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.1937961302.0000024C04A36000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.1939609942.00000169F69F0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2950826484.0000021780232000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2720357078.000001CA9070F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2482169319.0000024296896000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1811401559.000001E1B62D6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2950826484.0000021780001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.1938810865.0000024C05027000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.2908773950.00000213E3969000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2961466558.00000217FABA8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.1938810865.0000024C0509F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2551673351.000001CE7F4E8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.1941843551.0000024C1D961000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2574330320.00000238EA3F0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2553023308.000001CE7F7C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2819989598.0000019DB6411000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2483470135.000002429719F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2962759137.00000217FADB0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.1937873368.0000024C049B0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2961466558.00000217FABDC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2551673351.000001CE7F469000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2482169319.0000024296810000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2720226579.000001CA90080000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1812098404.000001E1B7ED9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2576271251.00000238EA4DC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2576271251.00000238EA499000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1812098404.000001E1B7E99000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2576271251.00000238EA568000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1811465867.000001E1B62EE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2567708299.0000023880083000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2950826484.00000217806CE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.1937784076.0000024C04970000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.2908773950.00000213E399F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2822736956.0000019DCEAD0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.1937873368.0000024C049B8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2950826484.00000217808ED000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.2925775178.00000213E4251000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2720357078.000001CA90697000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2950826484.000002178006E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2961466558.00000217FAC24000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2819989598.0000019DB6457000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2814840353.0000019DB5B61000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2548929719.000001CE00567000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.1938735886.00000169F67ED000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2576271251.00000238EA517000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.1937782713.0000016980001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1812098404.000001E1B7E11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.1871926707.0000000004341000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: rundll32.exe PID: 6904, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: rundll32.exe PID: 7200, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: rundll32.exe PID: 7300, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AteraAgent.exe PID: 7548, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AteraAgent.exe PID: 7728, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: rundll32.exe PID: 7932, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageAgentInformation.exe PID: 7264, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageAgentInformation.exe PID: 7284, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageAgentInformation.exe PID: 7848, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageAgentInformation.exe PID: 4180, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageAgentInformation.exe PID: 2076, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageAgentInformation.exe PID: 6904, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageAgentInformation.exe PID: 7304, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageAgentInformation.exe PID: 6128, type: MEMORYSTR
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DFEB3FF44FCF811A1A.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF6A8465F9B84E5905.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF1D087F7A3E9CA16A.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF976A0F2522BB20B3.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\Installer\MSID78.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
Source: Yara match	File source: C:\Windows\Installer\MSI27EA.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
Source: Yara match	File source: C:\Config.Msi\56f4af.rbs, type: DROPPED
Source: Yara match	File source: C:\Windows\Installer\MSIF644.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DFB4214A4473B515E6.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\Installer\MSIF9C.tmp, type: DROPPED
Source: Yara match	File source: C:\Windows\Installer\inprogressinstallinfo.ipi, type: DROPPED
Source: Yara match	File source: C:\Windows\System32\InstallUtil.InstallLog, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF6E3B0B399A62DDDC.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\Installer\MSIF924.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, type: DROPPED

Windows Analysis Report
2cFFfHDG7D.msi

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

E-Banking Fraud

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

ID:	1467118
Product:	CloudBasic
Start time:	18:19:52
Start date:	03.07.2024
Sample:	2cFFfHDG7D.msi
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	af6d4ffcaf5d3dab814d16429cb76754
SHA1:	04224ab9da82d078d5b9e48589c56e9bde707fcf
SHA256:	55af6a90ac8863f27b3fcaa416a0f1e4ff02fb42aa46a7274c6b76aa000aacc2
Filetype:	Microsoft Windows Installer (60509/1) 57.88%

Windows Analysis Report 2cFFfHDG7D.msi

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

E-Banking Fraud

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
2cFFfHDG7D.msi