Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
2cFFfHDG7D.msi

Overview

General Information

Sample name:2cFFfHDG7D.msi
renamed because original name is a hash value
Original sample name:af6d4ffcaf5d3dab814d16429cb76754.msi
Analysis ID:1467118
MD5:af6d4ffcaf5d3dab814d16429cb76754
SHA1:04224ab9da82d078d5b9e48589c56e9bde707fcf
SHA256:55af6a90ac8863f27b3fcaa416a0f1e4ff02fb42aa46a7274c6b76aa000aacc2
Tags:msiMuddyWaterTA450
Infos:

Detection

AteraAgent
Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected AteraAgent
AI detected suspicious sample
Creates files in the system32 config directory
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Reads the Security eventlog
Reads the System eventlog
Yara detected Generic Downloader
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops certificate files (DER)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Stores large binary data to the registry
Uses code obfuscation techniques (call, push, ret)
Uses net.exe to stop services
Uses taskkill to terminate processes
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 6824 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\2cFFfHDG7D.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 5440 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 4456 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 0F692C21F340271B8770E1FC6E93F18E MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • rundll32.exe (PID: 6904 cmdline: rundll32.exe "C:\Windows\Installer\MSIF644.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5699250 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId MD5: 889B99C52A60DD49227C5E485A016679)
      • rundll32.exe (PID: 7200 cmdline: rundll32.exe "C:\Windows\Installer\MSIF924.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5699937 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart MD5: 889B99C52A60DD49227C5E485A016679)
      • rundll32.exe (PID: 7300 cmdline: rundll32.exe "C:\Windows\Installer\MSID78.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5705093 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation MD5: 889B99C52A60DD49227C5E485A016679)
      • rundll32.exe (PID: 7932 cmdline: rundll32.exe "C:\Windows\Installer\MSI27EA.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5711890 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd MD5: 889B99C52A60DD49227C5E485A016679)
    • msiexec.exe (PID: 7356 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 185C737B37B128F567DAE967E866CAE9 E Global\MSI0000 MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • net.exe (PID: 7396 cmdline: "NET" STOP AteraAgent MD5: 31890A7DE89936F922D44D677F681A7F)
        • conhost.exe (PID: 7404 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • net1.exe (PID: 7440 cmdline: C:\Windows\system32\net1 STOP AteraAgent MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1)
      • taskkill.exe (PID: 7468 cmdline: "TaskKill.exe" /f /im AteraAgent.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 7476 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AteraAgent.exe (PID: 7548 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="omar.zetawi@polaris-tek.com" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000HarDhIAJ" /AgentId="7d7ca517-f825-4372-8327-c232f61880c4" MD5: 477293F80461713D51A98A24023D45E8)
  • AteraAgent.exe (PID: 7728 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" MD5: 477293F80461713D51A98A24023D45E8)
    • sc.exe (PID: 7848 cmdline: "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000 MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
      • conhost.exe (PID: 7864 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageAgentInformation.exe (PID: 7264 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "3205572e-b701-411c-935a-8eefcd863daa" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ MD5: 47709084FF7F796AAE3D6430AB076793)
      • conhost.exe (PID: 7204 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageAgentInformation.exe (PID: 7284 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "e84a63c2-b176-4565-84a8-bf664a770baa" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ MD5: 47709084FF7F796AAE3D6430AB076793)
      • conhost.exe (PID: 7188 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageAgentInformation.exe (PID: 7848 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "64e30cd7-7773-4e23-a998-f6edaea887a9" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ MD5: 47709084FF7F796AAE3D6430AB076793)
      • conhost.exe (PID: 7884 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageAgentInformation.exe (PID: 4180 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "0a143a2b-b19b-4fce-bc04-41b81bcbcc4b" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ MD5: 47709084FF7F796AAE3D6430AB076793)
      • conhost.exe (PID: 1868 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageAgentInformation.exe (PID: 2076 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "0a143a2b-b19b-4fce-bc04-41b81bcbcc4b" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ MD5: 47709084FF7F796AAE3D6430AB076793)
      • conhost.exe (PID: 1360 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageAgentInformation.exe (PID: 6904 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "f7c52d87-a697-402f-9ddb-f4bd7930a959" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ MD5: 47709084FF7F796AAE3D6430AB076793)
      • conhost.exe (PID: 7120 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageAgentInformation.exe (PID: 7304 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "34fed5af-6ccf-418e-89e6-f319c0139431" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ MD5: 47709084FF7F796AAE3D6430AB076793)
      • conhost.exe (PID: 6572 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageAgentInformation.exe (PID: 6128 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "16f383b9-4be1-4380-b33c-f4b37a96755f" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ MD5: 47709084FF7F796AAE3D6430AB076793)
      • conhost.exe (PID: 1820 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLogJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
    C:\Windows\Temp\~DFEB3FF44FCF811A1A.TMPJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
      C:\Windows\Temp\~DF6A8465F9B84E5905.TMPJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
        C:\Windows\Temp\~DF1D087F7A3E9CA16A.TMPJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
          C:\Windows\Temp\~DF976A0F2522BB20B3.TMPJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
            Click to see the 14 entries

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            00000015.00000002.1938695669.0000024C04F52000.00000002.00000001.01000000.00000018.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
              00000021.00000002.2818020572.0000019DB5D20000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                0000001B.00000002.2551673351.000001CE7F49B000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                  00000023.00000002.2908773950.00000213E39E5000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                    00000018.00000002.2482169319.0000024296857000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                      Click to see the 154 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      20.0.AgentPackageAgentInformation.exe.169f6680000.0.unpackJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                        20.0.AgentPackageAgentInformation.exe.169f6680000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                          21.2.AgentPackageAgentInformation.exe.24c04f50000.1.unpackJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                            12.0.AteraAgent.exe.1e1b60c0000.0.unpackJoeSecurity_AteraAgentYara detected AteraAgentJoe Security

                              Sigma Signatures

                              Sigma detected: Net.exe Execution
                              Source: Process startedAuthor: Michael Haag, Mark Woan (improvements), James Pemberton / @4A616D6573 / oscd.community (improvements): Data: Command: "NET" STOP AteraAgent, CommandLine: "NET" STOP AteraAgent, CommandLine|base64offset|contains: I3, Image: C:\Windows\SysWOW64\net.exe, NewProcessName: C:\Windows\SysWOW64\net.exe, OriginalFileName: C:\Windows\SysWOW64\net.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 185C737B37B128F567DAE967E866CAE9 E Global\MSI0000, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 7356, ParentProcessName: msiexec.exe, ProcessCommandLine: "NET" STOP AteraAgent, ProcessId: 7396, ProcessName: net.exe
                              Sigma detected: Stop Windows Service Via Net.EXE
                              Source: Process startedAuthor: Jakob Weinzettl, oscd.community, Nasreddine Bencherchali (Nextron Systems): Data: Command: "NET" STOP AteraAgent, CommandLine: "NET" STOP AteraAgent, CommandLine|base64offset|contains: I3, Image: C:\Windows\SysWOW64\net.exe, NewProcessName: C:\Windows\SysWOW64\net.exe, OriginalFileName: C:\Windows\SysWOW64\net.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 185C737B37B128F567DAE967E866CAE9 E Global\MSI0000, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 7356, ParentProcessName: msiexec.exe, ProcessCommandLine: "NET" STOP AteraAgent, ProcessId: 7396, ProcessName: net.exe

                              Snort Signatures

                              No Snort rule has matched

                              Joe Sandbox Signatures

                              Click to jump to signature section

                              Show All Signature Results

                              AV Detection

                              barindex
                              Multi AV Scanner detection for dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeReversingLabs: Detection: 18%
                              Multi AV Scanner detection for submitted file
                              Source: 2cFFfHDG7D.msiReversingLabs: Detection: 23%
                              AI detected suspicious sample
                              Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.0% probability
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\InstallUtil.InstallLogJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLogJump to behavior
                              Source: unknownHTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49743 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49746 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49751 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49750 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 3.165.136.99:443 -> 192.168.2.4:49756 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49755 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49754 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49779 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49778 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49781 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49789 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49790 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49792 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49797 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49798 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49809 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49810 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49810 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49813 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49816 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49821 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49820 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49823 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49837 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49838 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49842 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49848 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49849 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49857 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49857 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49863 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49869 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49871 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49877 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49879 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49889 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49890 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49892 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49893 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49902 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49903 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49922 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49924 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49931 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49930 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49932 version: TLS 1.2
                              Source: Binary string: D:\a\1\s\AgentPackageAgentInformation\AgentPackageAgentInformation\obj\Release\AgentPackageAgentInformation.pdb source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000000.1915534412.00000169F6682000.00000002.00000001.01000000.00000016.sdmp
                              Source: Binary string: D:\a\1\s\AlphaControlAgentInstallation\obj\Release\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.16.dr, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.3.dr, AlphaControlAgentInstallation.dll.4.dr
                              Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: AgentPackageAgentInformation.exe, 00000015.00000002.1939963150.0000024C1D90A000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.13.dr
                              Source: Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb source: AteraAgent.exe, 0000000C.00000000.1773587469.000001E1B60C2000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe.1.dr
                              Source: Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb<$ source: AteraAgent.exe, 0000000C.00000000.1773587469.000001E1B60C2000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe.1.dr
                              Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2965349590.00000217FBE22000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1939963150.0000024C1D90A000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.13.dr
                              Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdb source: AgentPackageAgentInformation.exe, 00000015.00000002.1938695669.0000024C04F52000.00000002.00000001.01000000.00000018.sdmp, Atera.AgentPackage.Common.dll.13.dr
                              Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdb source: System.ValueTuple.dll.1.dr
                              Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdbSHA256 source: System.ValueTuple.dll.1.dr
                              Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdbSHA256 source: AteraAgent.exe, 0000000C.00000002.1814443901.000001E1D0672000.00000002.00000001.01000000.00000011.sdmp, Pubnub.dll.1.dr
                              Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdb source: AteraAgent.exe, 0000000C.00000002.1814443901.000001E1D0672000.00000002.00000001.01000000.00000011.sdmp, AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp, Pubnub.dll.1.dr
                              Source: Binary string: C:\agent\_work\66\s\build\ship\x86\SfxCA.pdb source: 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, 56f4b0.msi.1.dr, MSID78.tmp.1.dr, MSI27EA.tmp.1.dr, MSIF924.tmp.1.dr, MSIF644.tmp.1.dr
                              Source: Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, MSIFFB.tmp.1.dr
                              Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdbSHA256mW source: AteraAgent.exe, 0000000D.00000002.2968940245.00000217FC4B2000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.1.dr
                              Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdb source: AteraAgent.exe, 0000000D.00000002.2968940245.00000217FC4B2000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.1.dr
                              Source: Binary string: BouncyCastle.Crypto.pdb source: BouncyCastle.Crypto.dll.1.dr
                              Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA2567 source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2965349590.00000217FBE22000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr
                              Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: rundll32.exe, 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr
                              Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdbPf source: AgentPackageAgentInformation.exe, 00000015.00000002.1938695669.0000024C04F52000.00000002.00000001.01000000.00000018.sdmp, Atera.AgentPackage.Common.dll.13.dr
                              Source: Binary string: BouncyCastle.Crypto.pdbSHA256 source: BouncyCastle.Crypto.dll.1.dr
                              Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: rundll32.exe, 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr
                              Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile opened: c:
                              Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B411A44h12_2_00007FFD9B411895
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B411FFFh12_2_00007FFD9B411895
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B411FFFh12_2_00007FFD9B411EB6
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B411FFFh12_2_00007FFD9B411EA1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B411FFFh12_2_00007FFD9B411E7E
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B411873h12_2_00007FFD9B410C89
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B41227Bh12_2_00007FFD9B410C89
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B404ECBh13_2_00007FFD9B404E5C
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B62680Eh13_2_00007FFD9B626755
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B626CECh13_2_00007FFD9B626922
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then dec eax13_2_00007FFD9B626663
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B6265F3h13_2_00007FFD9B6265DD

                              Networking

                              barindex
                              Yara detected Generic Downloader
                              Source: Yara matchFile source: 20.0.AgentPackageAgentInformation.exe.169f6680000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, type: DROPPED
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=4268a400-66a4-4a60-8ada-3d40a293c400&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=0eb26796-307c-4e44-aa88-dac711ca4da1&tt=0&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ceac7b8a-d06f-46f6-b40d-723d7f8ecc6e&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=3223849c-8c48-4b98-a40e-e3dd7f3726a2&tr=43&tt=17200236621884071&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /agentpackagesnet45/AgentPackageAgentInformation/36.7/AgentPackageAgentInformation.zip?yxq+fCr1/sCV4kS8o/HVmHx/dgGVV270VK3QOQFoBjo5F8FfGf1KSAqUEXmoaJqt HTTP/1.1Host: ps.atera.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=8a73a0d7-bb19-4916-959c-ca27c4baf748&tr=43&tt=17200236642292064&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=22cf76d8-ac1d-4e8c-a645-ddf02c4a5363&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=357c8023-d06f-43c6-af75-ff9276fa6312&tr=43&tt=17200236682775915&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6108e17e-e70c-47ee-93a9-dff9a3c5dc87&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=272b312b-8cbb-4ed4-bd82-1f2dd3cf8d11&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=02fdafa7-0cbf-4d21-9e7c-2644b1b8a69d&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=01817154-5258-48a3-85c0-e83f589a219b&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=644afada-5df7-4de5-b444-b1d3402ba380&tr=43&tt=17200237221481014&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6e72782c-04f9-4b3f-b04c-e2bcfd8dec88&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=40aa23c2-5df2-4df3-a659-4fa85cdec74a&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=8c864d9a-ab98-41ba-aa3b-cc8bfbb46040&tt=0&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=fc3fa390-dd57-497e-a9ea-94acf3fd13aa&tr=43&tt=17200237287764896&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=28c02dc8-fc10-46f4-9892-4dca60ee91e7&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=31d30483-1276-494b-8626-3e162b57285f&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=dbb4b35f-5f78-4ab4-bdd1-d6b922caff40&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=23953f87-3c94-4d9a-b977-4822589fc3f4&tt=0&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9d6606e1-8f57-49c5-9ab0-2ca887e76ed8&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e3c1bb87-134a-4b79-9350-4fcf40025dd1&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=5284cc2c-6255-40ac-a5e3-fbd09bfcbf48&tr=41&tt=17200237441191360&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=c089a5f6-aacc-464d-ba59-69fd86253ba9&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=be598775-daec-44be-852d-698fb405c4ff&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e6094e12-9fa8-4d26-aa06-4e8fb7a4009c&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=3da9111c-aaa7-4e08-ba06-01a1cd672c2b&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ad2ddba0-edbb-429e-9340-5807bd34a581&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=1408e3ed-857e-4623-a748-09006bf71303&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8ca60d9f-75c2-4d80-a8a7-b05f671b9e42&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=04b28964-6ef0-4a42-97e9-de0d1f8969f6&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=59ddd6fa-ec59-4c28-92e6-b21af451dd77&tt=0&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=24efe0cb-37e4-4030-8040-96cc03619cbf&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=712442ef-230d-4277-b641-1839d4d8d808&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9adb2664-b18c-43f3-856f-5709e73f6369&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=f70c64fb-bd8c-4b68-8d78-3a86a80f0fd6&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=139b731a-b591-4698-bfee-48cc028559cd&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=800f1992-a163-4e95-be3a-8d7dd58c0f05&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=01dd44b0-5151-4864-a34b-b47d9fe01029&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=eacad4ff-a252-4743-af8e-8338583503dc&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=49462288-5478-4372-9693-b47681abf7af&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d8ba7937-4d26-44cf-99ef-80b433702404&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e8b5af52-42a9-47e1-bdc7-0d69fb53c145&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8a35289a-c57c-4499-bfaf-3530f6d376e0&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=c2080080-bc76-4491-ab59-0a0eabfe07a8&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0f6a6f9e-92dd-416b-bb7d-5bf345e8ea10&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=b4930227-1a65-4e53-bbd5-48fb14f079bb&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=580032ce-f9f4-4e21-acd4-6e1ccc580200&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d20451e7-16e9-46dc-ae34-697bd2a310ef&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=7232c231-fbd8-40c5-9fd4-a6b3ac2c95bc&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6d71671f-ff3a-4b21-bbc6-dec364cbbb66&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ccd8b767-ce84-425a-a6fc-e1d295ece179&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=12b69830-20e9-4eb2-bbe8-e1a13e0b11f8&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: Joe Sandbox ViewIP Address: 35.157.63.229 35.157.63.229
                              Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=4268a400-66a4-4a60-8ada-3d40a293c400&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=0eb26796-307c-4e44-aa88-dac711ca4da1&tt=0&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ceac7b8a-d06f-46f6-b40d-723d7f8ecc6e&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=3223849c-8c48-4b98-a40e-e3dd7f3726a2&tr=43&tt=17200236621884071&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /agentpackagesnet45/AgentPackageAgentInformation/36.7/AgentPackageAgentInformation.zip?yxq+fCr1/sCV4kS8o/HVmHx/dgGVV270VK3QOQFoBjo5F8FfGf1KSAqUEXmoaJqt HTTP/1.1Host: ps.atera.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=8a73a0d7-bb19-4916-959c-ca27c4baf748&tr=43&tt=17200236642292064&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=22cf76d8-ac1d-4e8c-a645-ddf02c4a5363&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=357c8023-d06f-43c6-af75-ff9276fa6312&tr=43&tt=17200236682775915&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6108e17e-e70c-47ee-93a9-dff9a3c5dc87&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=272b312b-8cbb-4ed4-bd82-1f2dd3cf8d11&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=02fdafa7-0cbf-4d21-9e7c-2644b1b8a69d&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=01817154-5258-48a3-85c0-e83f589a219b&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=644afada-5df7-4de5-b444-b1d3402ba380&tr=43&tt=17200237221481014&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6e72782c-04f9-4b3f-b04c-e2bcfd8dec88&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=40aa23c2-5df2-4df3-a659-4fa85cdec74a&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=8c864d9a-ab98-41ba-aa3b-cc8bfbb46040&tt=0&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=fc3fa390-dd57-497e-a9ea-94acf3fd13aa&tr=43&tt=17200237287764896&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=28c02dc8-fc10-46f4-9892-4dca60ee91e7&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=31d30483-1276-494b-8626-3e162b57285f&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=dbb4b35f-5f78-4ab4-bdd1-d6b922caff40&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=23953f87-3c94-4d9a-b977-4822589fc3f4&tt=0&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9d6606e1-8f57-49c5-9ab0-2ca887e76ed8&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e3c1bb87-134a-4b79-9350-4fcf40025dd1&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=5284cc2c-6255-40ac-a5e3-fbd09bfcbf48&tr=41&tt=17200237441191360&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=c089a5f6-aacc-464d-ba59-69fd86253ba9&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=be598775-daec-44be-852d-698fb405c4ff&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e6094e12-9fa8-4d26-aa06-4e8fb7a4009c&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=3da9111c-aaa7-4e08-ba06-01a1cd672c2b&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ad2ddba0-edbb-429e-9340-5807bd34a581&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=1408e3ed-857e-4623-a748-09006bf71303&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8ca60d9f-75c2-4d80-a8a7-b05f671b9e42&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=04b28964-6ef0-4a42-97e9-de0d1f8969f6&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=59ddd6fa-ec59-4c28-92e6-b21af451dd77&tt=0&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=24efe0cb-37e4-4030-8040-96cc03619cbf&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=712442ef-230d-4277-b641-1839d4d8d808&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9adb2664-b18c-43f3-856f-5709e73f6369&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=f70c64fb-bd8c-4b68-8d78-3a86a80f0fd6&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=139b731a-b591-4698-bfee-48cc028559cd&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=800f1992-a163-4e95-be3a-8d7dd58c0f05&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=01dd44b0-5151-4864-a34b-b47d9fe01029&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=eacad4ff-a252-4743-af8e-8338583503dc&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=49462288-5478-4372-9693-b47681abf7af&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d8ba7937-4d26-44cf-99ef-80b433702404&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e8b5af52-42a9-47e1-bdc7-0d69fb53c145&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8a35289a-c57c-4499-bfaf-3530f6d376e0&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=c2080080-bc76-4491-ab59-0a0eabfe07a8&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0f6a6f9e-92dd-416b-bb7d-5bf345e8ea10&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=b4930227-1a65-4e53-bbd5-48fb14f079bb&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=580032ce-f9f4-4e21-acd4-6e1ccc580200&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d20451e7-16e9-46dc-ae34-697bd2a310ef&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=7232c231-fbd8-40c5-9fd4-a6b3ac2c95bc&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6d71671f-ff3a-4b21-bbc6-dec364cbbb66&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ccd8b767-ce84-425a-a6fc-e1d295ece179&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=12b69830-20e9-4eb2-bbe8-e1a13e0b11f8&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficDNS traffic detected: DNS query: agent-api.atera.com
                              Source: global trafficDNS traffic detected: DNS query: ps.pndsn.com
                              Source: global trafficDNS traffic detected: DNS query: ps.atera.com
                              Source: AteraAgent.exe, 0000000C.00000000.1773587469.000001E1B60C2000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780001000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe.1.drString found in binary or memory: http://acontrol.atera.com/
                              Source: rundll32.exe, 00000004.00000002.1748246531.0000000004C85000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780682000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780692000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217809A0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217808CD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.000002178094C000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.0000000004405000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.1937782713.000001698012F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1938810865.0000024C0510F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2483470135.000002429720F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2548929719.000001CE0064F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.2567708299.000002388012F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.2720357078.000001CA9077F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.2819989598.0000019DB653F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.2925775178.00000213E437F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://agent-api.atera.com
                              Source: rundll32.exe, 00000004.00000002.1748246531.0000000004C85000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780682000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217809A0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217808CD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.000002178094C000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.0000000004405000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.1937782713.000001698012F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1938810865.0000024C0510F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2483470135.000002429720F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2548929719.000001CE0064F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.2567708299.000002388012F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.2720357078.000001CA9077F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.2819989598.0000019DB653F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.2925775178.00000213E437F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://atera-agent-api-eu.westeurope.cloudapp.azure.com
                              Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                              Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2967800760.00000217FC18E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, ICSharpCode.SharpZipLib.dll.1.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, 56f4b0.msi.1.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.13.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, Newtonsoft.Json.dll.13.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                              Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertCSRSA4096RootG5.crt0E
                              Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780422000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt
                              Source: AteraAgent.exe, 0000000C.00000002.1814741521.000001E1D084B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1814741521.000001E1D087A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812098404.000001E1B7ED9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2969217705.00000217FC602000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, ICSharpCode.SharpZipLib.dll.1.dr, AteraAgent.exe.1.dr, 56f4b0.msi.1.dr, Atera.AgentPackage.Common.dll.13.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, Newtonsoft.Json.dll.13.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                              Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, ICSharpCode.SharpZipLib.dll.1.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, 56f4b0.msi.1.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.13.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, Newtonsoft.Json.dll.13.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                              Source: F2E248BEDDBB2D85122423C41028BFD40.13.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
                              Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.1941466735.00000169F78AB000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1941843551.0000024C1D987000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2484656312.00000242AF97D000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2551673351.000001CE7F548000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2550356997.000001CE18D95000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2550356997.000001CE18D54000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.2579606173.00000238EB4A2000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.2579606173.00000238EB48C000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.2722001142.000001CAA8F22000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.2822736956.0000019DCEB66000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.2928905254.00000213FC910000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.2928905254.00000213FC98A000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                              Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.drString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
                              Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.drString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA2.crt0
                              Source: AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D0573000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/
                              Source: AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D0573000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/$
                              Source: AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl
                              Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2967800760.00000217FC18E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, ICSharpCode.SharpZipLib.dll.1.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, 56f4b0.msi.1.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.13.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, Newtonsoft.Json.dll.13.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                              Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                              Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertCSRSA4096RootG5.crl0
                              Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
                              Source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0AF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2967800760.00000217FC18E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp, 1A374813EDB1A6631387E414D3E732320.13.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
                              Source: AteraAgent.exe, 0000000C.00000002.1814741521.000001E1D084B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1814741521.000001E1D087A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812098404.000001E1B7ED9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780422000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2969217705.00000217FC602000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, ICSharpCode.SharpZipLib.dll.1.dr, AteraAgent.exe.1.dr, 56f4b0.msi.1.dr, Atera.AgentPackage.Common.dll.13.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, Newtonsoft.Json.dll.13.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                              Source: AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D0540000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl_D
                              Source: AteraAgent.exe, 0000000C.00000002.1814741521.000001E1D084B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlhttp://crl4.digicert.co
                              Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, ICSharpCode.SharpZipLib.dll.1.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, 56f4b0.msi.1.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.13.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, Newtonsoft.Json.dll.13.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                              Source: AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp, BA74182F76F15A9CF514DEF352303C950.13.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl
                              Source: Newtonsoft.Json.dll.13.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                              Source: AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crlL
                              Source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crlU/-
                              Source: AteraAgent.exe, 0000000C.00000002.1814741521.000001E1D083D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crlUQ
                              Source: AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D0573000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crll
                              Source: AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl~
                              Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.drString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
                              Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.drString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0F
                              Source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/eSig
                              Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                              Source: AteraAgent.exe, 0000000C.00000002.1813166524.000001E1D05BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com:80/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
                              Source: AteraAgent.exe, 0000000C.00000002.1813166524.000001E1D05BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com:80/DigiCertTrustedRootG4.crlLow
                              Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2967800760.00000217FC18E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp, 329B6147266C1E26CD774EA22B79EC2E0.13.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
                              Source: AteraAgent.exe, 0000000C.00000002.1814741521.000001E1D084B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1814741521.000001E1D087A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812098404.000001E1B7ED9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2969217705.00000217FC602000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, ICSharpCode.SharpZipLib.dll.1.dr, AteraAgent.exe.1.dr, 56f4b0.msi.1.dr, Atera.AgentPackage.Common.dll.13.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, Newtonsoft.Json.dll.13.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780422000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl8
                              Source: AteraAgent.exe, 0000000D.00000002.2967800760.00000217FC18E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlH
                              Source: AteraAgent.exe, 0000000C.00000002.1813166524.000001E1D05BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlN
                              Source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlT
                              Source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlh
                              Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.drString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
                              Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.drString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0=
                              Source: AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D0573000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/l
                              Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                              Source: AteraAgent.exe, 0000000C.00000002.1813166524.000001E1D05BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com:80/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl7
                              Source: 57C8EDB95DF3F0AD4EE2DC2B8CFD4157.12.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
                              Source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en0w
                              Source: AgentPackageAgentInformation.exe, 00000014.00000000.1915534412.00000169F6682000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dl.google.com/googletalk/googletalk-setup.exe
                              Source: Newtonsoft.Json.dll.13.drString found in binary or memory: http://james.newtonking.com/projects/json
                              Source: AgentPackageAgentInformation.exe, 0000001F.00000002.2722001142.000001CAA8F84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://microsoft.co$
                              Source: AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.c
                              Source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com
                              Source: AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com/
                              Source: AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp, 8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A9440.12.drString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rh
                              Source: 698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB0.12.drString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxL
                              Source: AteraAgent.exe, 0000000D.00000002.2961466558.00000217FAC24000.00000004.00000020.00020000.00000000.sdmp, C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F1410.13.drString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxX
                              Source: AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com/l
                              Source: AteraAgent.exe, 0000000C.00000002.1814741521.000001E1D084B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1814741521.000001E1D087A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812098404.000001E1B7ED9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780422000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2969217705.00000217FC602000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, ICSharpCode.SharpZipLib.dll.1.dr, AteraAgent.exe.1.dr, 56f4b0.msi.1.dr, Atera.AgentPackage.Common.dll.13.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, Newtonsoft.Json.dll.13.drString found in binary or memory: http://ocsp.digicert.com0
                              Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.1941466735.00000169F78AB000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1941843551.0000024C1D987000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2484656312.00000242AF97D000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2551673351.000001CE7F548000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2550356997.000001CE18D95000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2550356997.000001CE18D54000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.2579606173.00000238EB4A2000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.2579606173.00000238EB48C000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.2722001142.000001CAA8F22000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.2822736956.0000019DCEB66000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.2928905254.00000213FC910000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.2928905254.00000213FC98A000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.drString found in binary or memory: http://ocsp.digicert.com0A
                              Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2967800760.00000217FC18E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Newtonsoft.Json.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Newtonsoft.Json.dll.16.dr, ICSharpCode.SharpZipLib.dll.1.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.13.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, Pubnub.dll.1.drString found in binary or memory: http://ocsp.digicert.com0C
                              Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.drString found in binary or memory: http://ocsp.digicert.com0K
                              Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.drString found in binary or memory: http://ocsp.digicert.com0N
                              Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Newtonsoft.Json.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Newtonsoft.Json.dll.5.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.drString found in binary or memory: http://ocsp.digicert.com0O
                              Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, ICSharpCode.SharpZipLib.dll.1.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, 56f4b0.msi.1.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.13.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, Newtonsoft.Json.dll.13.drString found in binary or memory: http://ocsp.digicert.com0X
                              Source: AteraAgent.exe, 0000000D.00000002.2968059004.00000217FC22F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRS
                              Source: AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
                              Source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC107000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com:80
                              Source: AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com:80/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF
                              Source: AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D0540000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBBBE000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC107000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com:80/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7Nfjgt
                              Source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC107000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com:80Windows
                              Source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comJ
                              Source: AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D0540000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertAssuredIDRootCA.crlIE
                              Source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC107000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.cr
                              Source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC074000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedRootG4.crl
                              Source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC074000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedRootG4.crl)
                              Source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comm
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780908000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217806B0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217809A0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217806DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ps.pndsn.com
                              Source: AteraAgent.exe, 0000000C.00000002.1812098404.000001E1B7ED9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org
                              Source: AteraAgent.exe, 0000000C.00000002.1812098404.000001E1B7ED9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
                              Source: AteraAgent.exe, 0000000C.00000002.1812098404.000001E1B7ED9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceProcess
                              Source: AteraAgent.exe, 0000000C.00000002.1812098404.000001E1B7ED9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceProcess0
                              Source: rundll32.exe, 00000004.00000002.1748246531.0000000004C64000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1748246531.0000000004BC1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780001000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.0000000004341000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.1937782713.0000016980083000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1938810865.0000024C0509F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2483470135.000002429719F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2548929719.000001CE005DF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.2567708299.00000238800BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.2720357078.000001CA9070F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.2819989598.0000019DB64CF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.2925775178.00000213E430F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                              Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.drString found in binary or memory: http://wixtoolset.org
                              Source: rundll32.exe, 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.16.drString found in binary or memory: http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/v
                              Source: rundll32.exe, 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.16.drString found in binary or memory: http://wixtoolset.org/news/
                              Source: rundll32.exe, 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.16.drString found in binary or memory: http://wixtoolset.org/releases/
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780422000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS
                              Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1814741521.000001E1D084B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1814741521.000001E1D087A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812098404.000001E1B7ED9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, ICSharpCode.SharpZipLib.dll.1.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, 56f4b0.msi.1.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.13.drString found in binary or memory: http://www.digicert.com/CPS0
                              Source: AteraAgent.exe, 0000000C.00000002.1812098404.000001E1B7ED9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.o
                              Source: AteraAgent.exe, 0000000C.00000002.1812098404.000001E1B7ED9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.oh
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217809A0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.000002178094C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217808ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.P
                              Source: rundll32.exe, 00000004.00000002.1748246531.0000000004C64000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.00000000043E7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.aterD
                              Source: rundll32.exe, 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1748246531.0000000004C64000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1748246531.0000000004BC1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780682000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780692000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780001000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.0000000004341000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.1937782713.0000016980083000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1938810865.0000024C0509F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2483470135.000002429719F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2548929719.000001CE005DF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.2567708299.00000238800BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.2720357078.000001CA9070F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.2819989598.0000019DB64CF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.2925775178.00000213E430F000.00000004.00000800.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.16.dr, AlphaControlAgentInstallation.dll.5.drString found in binary or memory: https://agent-api.atera.com
                              Source: rundll32.exe, 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1748246531.0000000004C64000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1748246531.0000000004BC1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.0000000004341000.00000004.00000800.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.16.dr, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.3.dr, AlphaControlAgentInstallation.dll.4.drString found in binary or memory: https://agent-api.atera.com/
                              Source: AgentPackageAgentInformation.exe, 00000014.00000002.1937782713.0000016980083000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1938810865.0000024C0509F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2483470135.000002429719F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2548929719.000001CE005DF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.2567708299.00000238800BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.2720357078.000001CA9070F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.2819989598.0000019DB64CF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.2925775178.00000213E430F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production
                              Source: rundll32.exe, 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1748246531.0000000004C64000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1748246531.0000000004BC1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.000002178094C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.0000000004341000.00000004.00000800.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.16.dr, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.3.dr, AlphaControlAgentInstallation.dll.4.drString found in binary or memory: https://agent-api.atera.com/Production/Agent/
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.000002178094C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/Acknowl
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780422000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.000002178094C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780232000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/AcknowledgeCommands
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217808ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/Age
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780682000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780422000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.000002178008C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780232000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217808ED000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217803F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/AgentStarting
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217808E4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217808ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/AgentStarting)
                              Source: AgentPackageAgentInformation.exe, 00000014.00000002.1937782713.0000016980083000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1938810865.0000024C0509F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2483470135.000002429719F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2548929719.000001CE005DF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.2567708299.00000238800BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.2720357078.000001CA9070F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.2819989598.0000019DB64CF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.2925775178.00000213E430F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/CommandResult
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217809A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetComm
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780232000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommands
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217808E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommands)
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780422000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217809A0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780232000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217806CE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommandsFallback
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780692000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommandsFallback)
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetEnvironmentStatus
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetRecurringPackages
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetRecurringPackages17-f825-4372-8327-c232f61880c4;
                              Source: rundll32.exe, 00000004.00000002.1748246531.0000000004C64000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1748246531.0000000004BC1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.0000000004341000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/track-event
                              Source: rundll32.exe, 00000004.00000002.1748246531.0000000004CA6000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.0000000004426000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/track-event;
                              Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2965349590.00000217FBE22000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1939963150.0000024C1D8F9000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.13.drString found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json
                              Source: System.ValueTuple.dll.1.drString found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf
                              Source: System.ValueTuple.dll.1.drString found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf8
                              Source: AteraAgent.exe, 0000000D.00000002.2968940245.00000217FC4B2000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.1.drString found in binary or memory: https://github.com/icsharpcode/SharpZipLib
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780232000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.1/AgentPackageAg
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.000002178019D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780066000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.1/AgentPackageAgentIn
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780934000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.Availability/0.16/Agent.Package.Availability.zip
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zip
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.Watchdog/1.5/Agent.Package.Watchdog.zip
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.000002178022E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780066000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageAgentInformation/36.7/AgentPackageAgentInformation
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageNetworkDiscovery/13.0/AgentPackageNetworkDiscovery
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageRuntimeInstaller/1.5/AgentPackageRuntimeInstaller.
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageTaskScheduler/13.0/AgentPackageTaskScheduler.zip
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.Availability/0.16/Agent.Package.Availability.z
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zip
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.Watchdog/1.5/Agent.Package.Watchdog.zip
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageADRemote/6.0/AgentPackageADRemote.zip
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/36.7/AgentPackageAgentInformati
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageHeartbeat/17.14/AgentPackageHeartbeat.zip
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageInternalPoller/23.8/AgentPackageInternalPoller.z
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMarketplace/1.4/AgentPackageMarketplace.zip
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMonitoring/36.8/AgentPackageMonitoring.zip
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageNetworkDiscovery/23.9/AgentPackageNetworkDiscove
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageOsUpdates/19.2/AgentPackageOsUpdates.zip
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageProgramManagement/22.9/AgentPackageProgramManage
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageRuntimeInstaller/1.6/AgentPackageRuntimeInstalle
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSTRemote/21.6/AgentPackageSTRemote.zip
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSystemTools/26.6/AgentPackageSystemTools.zip
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageTaskScheduler/17.2/AgentPackageTaskScheduler.zip
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageTicketing/27.5/AgentPackageTicketing.zip
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageUpgradeAgent/26.8/AgentPackageUpgradeAgent.zip
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageWindowsUpdate/24.6/AgentPackageWindowsUpdate.zip
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.Availability/13.0/Agent.Package.Availability.zip
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.IotPoc/13.0/Agent.Package.IotPoc.zip
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.Watchdog/13.0/Agent.Package.Watchdog.zip
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780934000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageAgentI
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.000002178022E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780066000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageAgentInformation/22.7/AgentPackageAgentInformation
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageRuntimeInstaller/13.0/AgentPackageRuntimeInstaller
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217800C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageTaskScheduler/13.1/AgentPackageTaskScheduler.zip
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217806E4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217809A0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217806D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217806E4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780908000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217806B0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217809A0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.000002178008C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217806DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780232000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=01817154-5258-48a3-85c0-e83f589a219b
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=01dd44b0-5151-4864-a34b-b47d9fe01029
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=24efe0cb-37e4-4030-8040-96cc03619cbf
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780232000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=272b312b-8cbb-4ed4-bd82-1f2dd3cf8d11
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780232000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=28c02dc8-fc10-46f4-9892-4dca60ee91e7
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780232000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=31d30483-1276-494b-8626-3e162b57285f
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.000002178008C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=4268a400-66a4-4a60-8ada-3d40a293c400
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780422000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=580032ce-f9f4-4e21-acd4-6e1ccc580200
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6108e17e-e70c-47ee-93a9-dff9a3c5dc87
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217809A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6d71671f-ff3a-4b21-bbc6-dec364cbbb66
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780232000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6e72782c-04f9-4b3f-b04c-e2bcfd8dec88
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8ca60d9f-75c2-4d80-a8a7-b05f671b9e42
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217806E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ccd8b767-ce84-425a-a6fc-e1d295ece179
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e3c1bb87-134a-4b79-9350-4fcf40025dd1
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=f70c64fb-bd8c-4b68-8d78-3a86a80f0fd6
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780998000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217806CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/v2
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217806B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/v2/presence/sub
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780422000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/v2/presence/sub_key/sub-c
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-H
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217806C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/v2/subscribe/sub-c-a02cec
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a9
                              Source: AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327
                              Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.drString found in binary or memory: https://www.digicert.com/CPS0
                              Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.drString found in binary or memory: https://www.newtonsoft.com/json
                              Source: Newtonsoft.Json.dll.13.drString found in binary or memory: https://www.newtonsoft.com/jsonschema
                              Source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2965349590.00000217FBE22000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1939963150.0000024C1D90A000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.13.drString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49931
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49919
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49915
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49903
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49901
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                              Source: unknownHTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49743 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49746 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49751 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49750 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 3.165.136.99:443 -> 192.168.2.4:49756 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49755 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49754 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49779 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49778 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.4:49781 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49789 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49790 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49792 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49797 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49798 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49809 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49810 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49810 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49813 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49816 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49821 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49820 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49823 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49837 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49838 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49842 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49848 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49849 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49857 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49857 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49863 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49869 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49871 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49877 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49879 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49889 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49890 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49892 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49893 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49902 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49903 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49922 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49924 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49931 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49930 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49932 version: TLS 1.2
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1Jump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944Jump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BA74182F76F15A9CF514DEF352303C95Jump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141Jump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4Jump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBJump to dropped file

                              Spam, unwanted Advertisements and Ransom Demands

                              barindex
                              Reads the Security eventlog
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\AteraAgentJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\AlphaAgent
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                              Reads the System eventlog
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\AteraAgentJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\AlphaAgent
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\56f4ae.msiJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF644.tmpJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF924.tmpJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID78.tmpJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{E732A0D7-A2F2-4657-AC41-B19742648E45}Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF9C.tmpJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF9D.tmpJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFFB.tmpJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1116.tmpJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\56f4b0.msiJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\56f4b0.msiJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI27EA.tmpJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIF644.tmp-Jump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIF644.tmp-\AlphaControlAgentInstallation.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIF644.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIF644.tmp-\Newtonsoft.Json.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIF644.tmp-\System.Management.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIF644.tmp-\CustomAction.configJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIF924.tmp-Jump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIF924.tmp-\AlphaControlAgentInstallation.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIF924.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIF924.tmp-\Newtonsoft.Json.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIF924.tmp-\System.Management.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIF924.tmp-\CustomAction.configJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSID78.tmp-Jump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSID78.tmp-\AlphaControlAgentInstallation.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSID78.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSID78.tmp-\Newtonsoft.Json.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSID78.tmp-\System.Management.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSID78.tmp-\CustomAction.configJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\InstallUtil.InstallLogJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BA74182F76F15A9CF514DEF352303C95
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BA74182F76F15A9CF514DEF352303C95
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1A374813EDB1A6631387E414D3E73232
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1A374813EDB1A6631387E414D3E73232
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\329B6147266C1E26CD774EA22B79EC2E
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\329B6147266C1E26CD774EA22B79EC2E
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI27EA.tmp-
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI27EA.tmp-\AlphaControlAgentInstallation.dll
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI27EA.tmp-\Microsoft.Deployment.WindowsInstaller.dll
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI27EA.tmp-\Newtonsoft.Json.dll
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI27EA.tmp-\System.Management.dll
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI27EA.tmp-\CustomAction.config
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log
                              Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSIF644.tmpJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_06FB76784_3_06FB7678
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_06FB00404_3_06FB0040
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_3_046850B85_3_046850B8
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_3_046859A85_3_046859A8
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_3_04684D685_3_04684D68
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 12_2_00007FFD9B41C92212_2_00007FFD9B41C922
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 12_2_00007FFD9B41BB7612_2_00007FFD9B41BB76
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 12_2_00007FFD9B410C8912_2_00007FFD9B410C89
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B40CFB813_2_00007FFD9B40CFB8
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B409AF213_2_00007FFD9B409AF2
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B411CE013_2_00007FFD9B411CE0
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B61E2FA13_2_00007FFD9B61E2FA
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B61AC9713_2_00007FFD9B61AC97
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B620CFF13_2_00007FFD9B620CFF
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B6168FB13_2_00007FFD9B6168FB
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B6193FA13_2_00007FFD9B6193FA
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B620F0213_2_00007FFD9B620F02
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B620CFF13_2_00007FFD9B620CFF
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B620D7313_2_00007FFD9B620D73
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_3_0682004016_3_06820040
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD9B42039C20_2_00007FFD9B42039C
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD9B410FF220_2_00007FFD9B410FF2
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD9B4076D620_2_00007FFD9B4076D6
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD9B40848220_2_00007FFD9B408482
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD9B410C5820_2_00007FFD9B410C58
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD9B413BE520_2_00007FFD9B413BE5
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD9B410B3A20_2_00007FFD9B410B3A
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD9B4012FA20_2_00007FFD9B4012FA
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD9B4111D320_2_00007FFD9B4111D3
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD9B4111E220_2_00007FFD9B4111E2
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 21_2_00007FFD9B43039C21_2_00007FFD9B43039C
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 21_2_00007FFD9B420FF221_2_00007FFD9B420FF2
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 21_2_00007FFD9B4176D621_2_00007FFD9B4176D6
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 21_2_00007FFD9B41848221_2_00007FFD9B418482
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 21_2_00007FFD9B41BC2021_2_00007FFD9B41BC20
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 21_2_00007FFD9B420C5821_2_00007FFD9B420C58
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 21_2_00007FFD9B420B3A21_2_00007FFD9B420B3A
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 21_2_00007FFD9B4112FB21_2_00007FFD9B4112FB
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 21_2_00007FFD9B4211D321_2_00007FFD9B4211D3
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 21_2_00007FFD9B4211E221_2_00007FFD9B4211E2
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 21_2_00007FFD9B410EFA21_2_00007FFD9B410EFA
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD9B410FF224_2_00007FFD9B410FF2
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD9B410C5824_2_00007FFD9B410C58
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD9B413BE524_2_00007FFD9B413BE5
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD9B410B3A24_2_00007FFD9B410B3A
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD9B4111D324_2_00007FFD9B4111D3
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD9B4111E224_2_00007FFD9B4111E2
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD9B4076D624_2_00007FFD9B4076D6
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD9B40848224_2_00007FFD9B408482
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD9B4012FA24_2_00007FFD9B4012FA
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD9B42039C24_2_00007FFD9B42039C
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 27_2_00007FFD9B41039C27_2_00007FFD9B41039C
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 27_2_00007FFD9B400FF227_2_00007FFD9B400FF2
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 27_2_00007FFD9B3F76D627_2_00007FFD9B3F76D6
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 27_2_00007FFD9B3F848227_2_00007FFD9B3F8482
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 27_2_00007FFD9B3F53D327_2_00007FFD9B3F53D3
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 27_2_00007FFD9B3F53D027_2_00007FFD9B3F53D0
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 27_2_00007FFD9B400C5827_2_00007FFD9B400C58
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 27_2_00007FFD9B403BE527_2_00007FFD9B403BE5
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 27_2_00007FFD9B400B3A27_2_00007FFD9B400B3A
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 27_2_00007FFD9B3F12FB27_2_00007FFD9B3F12FB
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 27_2_00007FFD9B3F71D927_2_00007FFD9B3F71D9
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 27_2_00007FFD9B4011D327_2_00007FFD9B4011D3
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 27_2_00007FFD9B4011E227_2_00007FFD9B4011E2
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 29_2_00007FFD9B40039C29_2_00007FFD9B40039C
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 29_2_00007FFD9B3F0FF229_2_00007FFD9B3F0FF2
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 29_2_00007FFD9B3E76D629_2_00007FFD9B3E76D6
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 29_2_00007FFD9B3E848229_2_00007FFD9B3E8482
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 29_2_00007FFD9B3F0BBC29_2_00007FFD9B3F0BBC
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 29_2_00007FFD9B3F0C5829_2_00007FFD9B3F0C58
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 29_2_00007FFD9B3F3BE529_2_00007FFD9B3F3BE5
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 29_2_00007FFD9B3F11D329_2_00007FFD9B3F11D3
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 29_2_00007FFD9B3E122829_2_00007FFD9B3E1228
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 29_2_00007FFD9B3F11E229_2_00007FFD9B3F11E2
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 29_2_00007FFD9B3EBD0029_2_00007FFD9B3EBD00
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 31_2_00007FFD9B3F039C31_2_00007FFD9B3F039C
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 31_2_00007FFD9B3D76D631_2_00007FFD9B3D76D6
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 31_2_00007FFD9B3D848231_2_00007FFD9B3D8482
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 31_2_00007FFD9B3E0BBC31_2_00007FFD9B3E0BBC
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 31_2_00007FFD9B3E0C5831_2_00007FFD9B3E0C58
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 31_2_00007FFD9B3D122831_2_00007FFD9B3D1228
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 33_2_00007FFD9B3F039C33_2_00007FFD9B3F039C
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 33_2_00007FFD9B3E0FF233_2_00007FFD9B3E0FF2
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 33_2_00007FFD9B3E0C5833_2_00007FFD9B3E0C58
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 33_2_00007FFD9B3E3BE533_2_00007FFD9B3E3BE5
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 33_2_00007FFD9B3E0B3A33_2_00007FFD9B3E0B3A
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 33_2_00007FFD9B3E11D333_2_00007FFD9B3E11D3
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 33_2_00007FFD9B3E11E233_2_00007FFD9B3E11E2
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 33_2_00007FFD9B3D76D633_2_00007FFD9B3D76D6
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 33_2_00007FFD9B3D848233_2_00007FFD9B3D8482
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 33_2_00007FFD9B3D71D933_2_00007FFD9B3D71D9
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 33_2_00007FFD9B3D122833_2_00007FFD9B3D1228
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 35_2_00007FFD9B41039C35_2_00007FFD9B41039C
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 35_2_00007FFD9B400FF235_2_00007FFD9B400FF2
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 35_2_00007FFD9B400BBC35_2_00007FFD9B400BBC
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 35_2_00007FFD9B400C5835_2_00007FFD9B400C58
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 35_2_00007FFD9B403BE535_2_00007FFD9B403BE5
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 35_2_00007FFD9B4011D335_2_00007FFD9B4011D3
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 35_2_00007FFD9B4011E235_2_00007FFD9B4011E2
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 35_2_00007FFD9B3F76D635_2_00007FFD9B3F76D6
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 35_2_00007FFD9B3F848235_2_00007FFD9B3F8482
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 35_2_00007FFD9B3F12FB35_2_00007FFD9B3F12FB
                              Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe A96A0BA7998A6956C8073B6EFF9306398CC03FB9866E4CABF0810A69BB2A43B2
                              Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll 443A1C088E62810A954FFE9F0136F7A8D5E44928425D23B5284D936270D9837A
                              Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll 2B5B7A2AFBC88A4F674E1D7836119B57E65FAE6863F4BE6832C38E08341F2D68
                              Source: 2cFFfHDG7D.msiBinary or memory string: OriginalFilenameAlphaControlAgentInstallation.dll\ vs 2cFFfHDG7D.msi
                              Source: 2cFFfHDG7D.msiBinary or memory string: OriginalFilenameSfxCA.dll\ vs 2cFFfHDG7D.msi
                              Source: 2cFFfHDG7D.msiBinary or memory string: OriginalFilenamewixca.dll\ vs 2cFFfHDG7D.msi
                              Source: ICSharpCode.SharpZipLib.dll.1.dr, InflaterInputBuffer.csCryptographic APIs: 'TransformBlock'
                              Source: ICSharpCode.SharpZipLib.dll.1.dr, DeflaterOutputStream.csCryptographic APIs: 'TransformBlock'
                              Source: ICSharpCode.SharpZipLib.dll.1.dr, ZipAESTransform.csCryptographic APIs: 'TransformBlock'
                              Source: AteraAgent.exe.1.dr, SignatureValidator.csBase64 encoded string: 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0YmxeR/2wifvwd/MQXb/5tsLsvlMs50tmraklX8MKsU1EgEpRZ+W0Ro1ZHoLhQG53oq9hPz9bmJge78yZr6l1QJWz6wCj+yQUxM5f0gt4fHEf2yA94Tklnds7JPr2vQRb5rjAnxnt7722oWFc1bxFFsIcIhOI/EHYCE0qSPE1pKMXALkHZYoDQEFUu3YgEc0Oo7ClJNFrB75g6tVZRqGKxVvYQBb9zKDxhBRnDkhZuB7D1gRaR9PNwCr7tVtPt40c+CCf5ktUkeu4JzaiEipWvKYgRvotqsFtZF5uFso2UmdvxO+lIw9i/GPDfgS4JhKu/Y9lCuaan+xEluhSK0vpQIDAQAB'
                              Source: classification engineClassification label: mal88.troj.spyw.evad.winMSI@52/91@12/3
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA NetworksJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.logJump to behavior
                              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7204:120:WilError_03
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMutant created: NULL
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMutant created: \Sessions\1\BaseNamedObjects\Global\netfxeventlog.1.0
                              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7864:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:1360:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6572:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7404:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7188:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7884:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7120:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:1820:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7476:120:WilError_03
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMutant created: \BaseNamedObjects\Global\netfxeventlog.1.0
                              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:1868:120:WilError_03
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DFEB3FF44FCF811A1A.TMPJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;AteraAgent.exe&quot;)
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                              Source: C:\Windows\System32\sc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile read: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.ini
                              Source: C:\Windows\System32\msiexec.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIF644.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5699250 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                              Source: 2cFFfHDG7D.msiStatic file information: TRID: Microsoft Windows Installer (60509/1) 57.88%
                              Source: 2cFFfHDG7D.msiReversingLabs: Detection: 23%
                              Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\2cFFfHDG7D.msi"
                              Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 0F692C21F340271B8770E1FC6E93F18E
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIF644.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5699250 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIF924.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5699937 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSID78.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5705093 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 185C737B37B128F567DAE967E866CAE9 E Global\MSI0000
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent
                              Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgent
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe
                              Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="omar.zetawi@polaris-tek.com" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000HarDhIAJ" /AgentId="7d7ca517-f825-4372-8327-c232f61880c4"
                              Source: unknownProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                              Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI27EA.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5711890 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "3205572e-b701-411c-935a-8eefcd863daa" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "e84a63c2-b176-4565-84a8-bf664a770baa" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "64e30cd7-7773-4e23-a998-f6edaea887a9" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "0a143a2b-b19b-4fce-bc04-41b81bcbcc4b" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "0a143a2b-b19b-4fce-bc04-41b81bcbcc4b" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "f7c52d87-a697-402f-9ddb-f4bd7930a959" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "34fed5af-6ccf-418e-89e6-f319c0139431" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "16f383b9-4be1-4380-b33c-f4b37a96755f" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 0F692C21F340271B8770E1FC6E93F18EJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 185C737B37B128F567DAE967E866CAE9 E Global\MSI0000Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="omar.zetawi@polaris-tek.com" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000HarDhIAJ" /AgentId="7d7ca517-f825-4372-8327-c232f61880c4"Jump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIF644.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5699250 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentIdJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIF924.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5699937 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStartJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSID78.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5705093 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallationJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI27EA.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5711890 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEndJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgentJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exeJump to behavior
                              Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgentJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "3205572e-b701-411c-935a-8eefcd863daa" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "e84a63c2-b176-4565-84a8-bf664a770baa" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "0a143a2b-b19b-4fce-bc04-41b81bcbcc4b" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "0a143a2b-b19b-4fce-bc04-41b81bcbcc4b" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "f7c52d87-a697-402f-9ddb-f4bd7930a959" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "34fed5af-6ccf-418e-89e6-f319c0139431" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "16f383b9-4be1-4380-b33c-f4b37a96755f" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
                              Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: msihnd.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cabinet.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cabinet.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cabinet.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cabinet.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net.exeSection loaded: wkscli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net.exeSection loaded: samcli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net.exeSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net1.exeSection loaded: samcli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net1.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net1.exeSection loaded: dsrole.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net1.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net1.exeSection loaded: wkscli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net1.exeSection loaded: logoncli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net1.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: version.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: msasn1.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: riched20.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: usp10.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: msls31.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: gpapi.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptnet.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: winnsi.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: winhttp.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mswsock.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dhcpcsvc6.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dhcpcsvc.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: webio.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dnsapi.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rasadhlp.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: fwpuclnt.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wbemcomn.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: propsys.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: edputil.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: urlmon.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: iertutil.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: srvcli.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: netutils.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: windows.staterepositoryps.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wintypes.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: appresolver.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: bcp47langs.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: slc.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: userenv.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: sppc.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: onecorecommonproxystub.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: onecoreuapcommonproxystub.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rasapi32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rasman.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rtutils.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mswsock.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: winhttp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: iphlpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dhcpcsvc6.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dhcpcsvc.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dnsapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: winnsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rasadhlp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: fwpuclnt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: secur32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: schannel.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mskeyprotect.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ntasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ncrypt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ncryptsslp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: msasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: gpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wbemcomn.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: amsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptnet.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: webio.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: apphelp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: apphelp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wbemcomn.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: amsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: userenv.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasapi32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasman.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rtutils.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mswsock.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winhttp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: iphlpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc6.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dnsapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winnsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasadhlp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: fwpuclnt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: secur32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: schannel.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mskeyprotect.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ntasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncrypt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncryptsslp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: msasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: gpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wbemcomn.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: amsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: userenv.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasapi32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasman.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rtutils.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mswsock.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winhttp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: iphlpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc6.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dnsapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winnsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasadhlp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: fwpuclnt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: secur32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: schannel.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mskeyprotect.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ntasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncrypt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncryptsslp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: msasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: gpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wbemcomn.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: amsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: userenv.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasapi32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasman.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rtutils.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mswsock.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winhttp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: iphlpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc6.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dnsapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winnsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasadhlp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: fwpuclnt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: secur32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: schannel.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mskeyprotect.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ntasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncrypt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncryptsslp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: msasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: gpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wbemcomn.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: amsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: userenv.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasapi32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasman.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rtutils.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mswsock.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winhttp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: iphlpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc6.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dnsapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winnsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasadhlp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: fwpuclnt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: secur32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: schannel.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mskeyprotect.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ntasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncrypt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncryptsslp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: msasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: gpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wbemcomn.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: amsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: userenv.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasapi32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasman.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rtutils.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mswsock.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winhttp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: iphlpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc6.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dnsapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winnsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasadhlp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: fwpuclnt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: secur32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: schannel.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mskeyprotect.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ntasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncrypt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncryptsslp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: msasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: gpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wbemcomn.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: amsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: userenv.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasapi32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasman.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rtutils.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mswsock.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winhttp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: iphlpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc6.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dnsapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winnsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasadhlp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: fwpuclnt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: secur32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: schannel.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mskeyprotect.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ntasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncrypt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncryptsslp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: msasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: gpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wbemcomn.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: amsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: userenv.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasapi32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasman.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rtutils.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mswsock.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winhttp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: iphlpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc6.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dnsapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winnsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasadhlp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: fwpuclnt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: secur32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: schannel.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mskeyprotect.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ntasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncrypt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncryptsslp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: msasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: gpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wbemcomn.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: amsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: userenv.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasapi32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasman.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rtutils.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mswsock.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winhttp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: iphlpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc6.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc.dll
                              Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile written: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.ini
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
                              Source: 2cFFfHDG7D.msiStatic file information: File size 2994176 > 1048576
                              Source: Binary string: D:\a\1\s\AgentPackageAgentInformation\AgentPackageAgentInformation\obj\Release\AgentPackageAgentInformation.pdb source: AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC14E000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000000.1915534412.00000169F6682000.00000002.00000001.01000000.00000016.sdmp
                              Source: Binary string: D:\a\1\s\AlphaControlAgentInstallation\obj\Release\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.16.dr, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.3.dr, AlphaControlAgentInstallation.dll.4.dr
                              Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: AgentPackageAgentInformation.exe, 00000015.00000002.1939963150.0000024C1D90A000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.13.dr
                              Source: Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb source: AteraAgent.exe, 0000000C.00000000.1773587469.000001E1B60C2000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe.1.dr
                              Source: Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb<$ source: AteraAgent.exe, 0000000C.00000000.1773587469.000001E1B60C2000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe.1.dr
                              Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2965349590.00000217FBE22000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1939963150.0000024C1D90A000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.13.dr
                              Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdb source: AgentPackageAgentInformation.exe, 00000015.00000002.1938695669.0000024C04F52000.00000002.00000001.01000000.00000018.sdmp, Atera.AgentPackage.Common.dll.13.dr
                              Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdb source: System.ValueTuple.dll.1.dr
                              Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdbSHA256 source: System.ValueTuple.dll.1.dr
                              Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdbSHA256 source: AteraAgent.exe, 0000000C.00000002.1814443901.000001E1D0672000.00000002.00000001.01000000.00000011.sdmp, Pubnub.dll.1.dr
                              Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdb source: AteraAgent.exe, 0000000C.00000002.1814443901.000001E1D0672000.00000002.00000001.01000000.00000011.sdmp, AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp, Pubnub.dll.1.dr
                              Source: Binary string: C:\agent\_work\66\s\build\ship\x86\SfxCA.pdb source: 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, 56f4b0.msi.1.dr, MSID78.tmp.1.dr, MSI27EA.tmp.1.dr, MSIF924.tmp.1.dr, MSIF644.tmp.1.dr
                              Source: Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, MSIFFB.tmp.1.dr
                              Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdbSHA256mW source: AteraAgent.exe, 0000000D.00000002.2968940245.00000217FC4B2000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.1.dr
                              Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdb source: AteraAgent.exe, 0000000D.00000002.2968940245.00000217FC4B2000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.1.dr
                              Source: Binary string: BouncyCastle.Crypto.pdb source: BouncyCastle.Crypto.dll.1.dr
                              Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA2567 source: rundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2965349590.00000217FBE22000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr
                              Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: rundll32.exe, 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr
                              Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdbPf source: AgentPackageAgentInformation.exe, 00000015.00000002.1938695669.0000024C04F52000.00000002.00000001.01000000.00000018.sdmp, Atera.AgentPackage.Common.dll.13.dr
                              Source: Binary string: BouncyCastle.Crypto.pdbSHA256 source: BouncyCastle.Crypto.dll.1.dr
                              Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: rundll32.exe, 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr
                              Source: BouncyCastle.Crypto.dll.1.drStatic PE information: 0xE49A52B3 [Sun Jul 15 06:22:43 2091 UTC]
                              Source: MSIF924.tmp.1.drStatic PE information: real checksum: 0x32353 should be: 0x88610
                              Source: MSID78.tmp.1.drStatic PE information: real checksum: 0x32353 should be: 0x88610
                              Source: MSIF644.tmp.1.drStatic PE information: real checksum: 0x32353 should be: 0x88610
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_04B857B8 push es; ret 4_3_04B85840
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_04B84E98 push es; ret 4_3_04B84EA0
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_04B86880 push es; ret 4_3_04B86890
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_04B86BF1 push es; ret 4_3_04B86C00
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_04B8D1A1 push es; ret 4_3_04B8D1B0
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_04B8DDC0 push es; ret 4_3_04B8DDD0
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_04B858B0 push es; ret 4_3_04B858C0
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_04B85890 push es; ret 4_3_04B858A0
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_04B858D2 push es; ret 4_3_04B85900
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_04B85870 push es; ret 4_3_04B85880
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_04B85850 push es; ret 4_3_04B85860
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_04B85910 push es; ret 4_3_04B85920
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_06FB84A1 push es; ret 4_3_06FB84B0
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_06FB4ECF push dword ptr [esp+ecx*2-75h]; ret 4_3_06FB4ED3
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B4172BE push esi; retf 13_2_00007FFD9B4173D7
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B40A020 push esi; retf 13_2_00007FFD9B4173D7
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B610F64 push eax; ret 13_2_00007FFD9B610F94
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_3_067457B8 push es; ret 16_3_06745840
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_3_06744E90 push es; ret 16_3_06744EA0
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_3_0674576F push es; ret 16_3_06745840
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_3_06745870 push es; ret 16_3_067458C0
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_3_068284A1 push es; ret 16_3_068284B0
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_3_06824ECF push dword ptr [esp+ecx*2-75h]; ret 16_3_06824ED3
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD9B4000BD pushad ; iretd 20_2_00007FFD9B4000C1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD9B419DA9 push eax; retf 20_2_00007FFD9B419DB9
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD9B415590 push eax; iretd 20_2_00007FFD9B4155DD
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 21_2_00007FFD9B4100BD pushad ; iretd 21_2_00007FFD9B4100C1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 21_2_00007FFD9B4255B6 push eax; iretd 21_2_00007FFD9B4255DD
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 21_2_00007FFD9B429DA9 push eax; retf 21_2_00007FFD9B429DB9
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD9B4155B6 push eax; iretd 24_2_00007FFD9B4155DD
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD9B419DA9 push eax; retf 24_2_00007FFD9B419DB9

                              Persistence and Installation Behavior

                              barindex
                              Creates files in the system32 config directory
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BA74182F76F15A9CF514DEF352303C95
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BA74182F76F15A9CF514DEF352303C95
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1A374813EDB1A6631387E414D3E73232
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1A374813EDB1A6631387E414D3E73232
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\329B6147266C1E26CD774EA22B79EC2E
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\329B6147266C1E26CD774EA22B79EC2E
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID78.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIF644.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIF924.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSID78.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI27EA.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI27EA.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIF924.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI27EA.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIF924.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dllJump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF9D.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSID78.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIF644.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI27EA.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF644.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1116.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIF644.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSID78.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFFB.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIF924.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSID78.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIF644.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF924.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI27EA.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID78.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF644.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIF644.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIF924.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSID78.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI27EA.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI27EA.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIF924.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1116.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI27EA.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIF924.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIF644.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSID78.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF9D.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFFB.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIF924.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSID78.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSID78.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIF644.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF924.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIF644.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI27EA.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI27EA.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\InstallUtil.InstallLogJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLogJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\ApplicationJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey value created or modified: HKEY_USERS.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C Blob
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX

                              Malware Analysis System Evasion

                              barindex
                              Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                              Source: C:\Windows\SysWOW64\rundll32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                              Source: C:\Windows\System32\sc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMemory allocated: 1E1B6420000 memory reserve | memory write watchJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMemory allocated: 1E1CFE10000 memory reserve | memory write watchJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMemory allocated: 217FAE40000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMemory allocated: 217FB4E0000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 169F69D0000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 169F70D0000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 24C04990000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 24C1CFE0000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 24296F40000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 242AF0E0000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 1CE004C0000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 1CE18520000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 238EA460000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 238EAC90000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 1CA8FF10000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 1CAA8650000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 19DB5D10000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 19DCE410000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 213E3AA0000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 213FC250000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWindow / User API: threadDelayed 3752
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWindow / User API: threadDelayed 5933
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID78.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF644.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF924.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSID78.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI27EA.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI27EA.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF924.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI27EA.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF924.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF9D.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSID78.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF644.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI27EA.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF644.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1116.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF644.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSID78.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIFFB.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF924.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSID78.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF644.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF924.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI27EA.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exe TID: 7256Thread sleep time: -30000s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7624Thread sleep time: -60000s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7580Thread sleep time: -922337203685477s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7780Thread sleep count: 3752 > 30
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7780Thread sleep count: 5933 > 30
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7976Thread sleep time: -22136092888451448s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7976Thread sleep time: -30000s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 8004Thread sleep time: -150000s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 8036Thread sleep time: -5534023222112862s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 8000Thread sleep time: -180000s >= -30000s
                              Source: C:\Windows\SysWOW64\rundll32.exe TID: 8068Thread sleep time: -30000s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7392Thread sleep time: -30000s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7344Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7424Thread sleep time: -30000s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7452Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7712Thread sleep time: -30000s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7604Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7944Thread sleep time: -30000s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 8132Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7356Thread sleep time: -30000s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7368Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3164Thread sleep time: -30000s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6568Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6424Thread sleep time: -30000s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1888Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6044Thread sleep time: -30000s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3588Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Windows\SysWOW64\rundll32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                              Source: C:\Windows\System32\sc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                              Source: C:\Windows\SysWOW64\rundll32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                              Source: C:\Windows\System32\sc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 30000
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 90000
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: AgentPackageAgentInformation.exe, 00000014.00000000.1915534412.00000169F6682000.00000002.00000001.01000000.00000016.sdmpBinary or memory string: VIRUSfighterAVMware Carbon Black Cloud Sensor7VMware Carbon Black Defense/VMware Carbon Black EDR9VMware Carbon Black Response
                              Source: AgentPackageAgentInformation.exe, 00000021.00000002.2822736956.0000019DCEB24000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllhh0
                              Source: AteraAgent.exe, 0000000C.00000002.1813166524.000001E1D05BE000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2967800760.00000217FC18E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                              Source: AteraAgent.exe, 0000000C.00000002.1812869872.000001E1D0573000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWpaP
                              Source: AteraAgent.exe, 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: eartbeat ServicevmicheartbeatH
                              Source: rundll32.exe, 00000004.00000003.1746683166.0000000002D30000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1746860726.0000000002D35000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1747243890.0000000002D36000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1870935509.0000000002A1E000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.1941466735.00000169F784A000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.2579606173.00000238EB44D000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.2722001142.000001CAA8F22000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                              Source: AgentPackageAgentInformation.exe, 00000015.00000002.1941843551.0000024C1D961000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllPP
                              Source: AgentPackageAgentInformation.exe, 00000018.00000002.2484656312.00000242AF947000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllUU
                              Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2550356997.000001CE18D0A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll;;
                              Source: AgentPackageAgentInformation.exe, 00000023.00000002.2928905254.00000213FC970000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllpp
                              Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess token adjusted: Debug
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess token adjusted: Debug
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess token adjusted: Debug
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess token adjusted: Debug
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess token adjusted: Debug
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess token adjusted: Debug
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess token adjusted: Debug
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess token adjusted: Debug
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess token adjusted: Debug
                              Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: page read and write | page guardJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="omar.zetawi@polaris-tek.com" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000HarDhIAJ" /AgentId="7d7ca517-f825-4372-8327-c232f61880c4"Jump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgentJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exeJump to behavior
                              Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgentJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "3205572e-b701-411c-935a-8eefcd863daa" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "e84a63c2-b176-4565-84a8-bf664a770baa" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "0a143a2b-b19b-4fce-bc04-41b81bcbcc4b" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "0a143a2b-b19b-4fce-bc04-41b81bcbcc4b" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "f7c52d87-a697-402f-9ddb-f4bd7930a959" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "34fed5af-6ccf-418e-89e6-f319c0139431" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "16f383b9-4be1-4380-b33c-f4b37a96755f" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exeJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "c:\program files (x86)\atera networks\ateraagent\ateraagent.exe" /i /integratorlogin="omar.zetawi@polaris-tek.com" /companyid="1" /integratorloginui="" /companyidui="" /folderid="" /accountid="001q300000hardhiaj" /agentid="7d7ca517-f825-4372-8327-c232f61880c4"
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "3205572e-b701-411c-935a-8eefcd863daa" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000hardhiaj
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "e84a63c2-b176-4565-84a8-bf664a770baa" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000hardhiaj
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "64e30cd7-7773-4e23-a998-f6edaea887a9" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000hardhiaj
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "0a143a2b-b19b-4fce-bc04-41b81bcbcc4b" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000hardhiaj
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "0a143a2b-b19b-4fce-bc04-41b81bcbcc4b" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000hardhiaj
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "f7c52d87-a697-402f-9ddb-f4bd7930a959" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000hardhiaj
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "34fed5af-6ccf-418e-89e6-f319c0139431" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000hardhiaj
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "16f383b9-4be1-4380-b33c-f4b37a96755f" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000hardhiaj
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "c:\program files (x86)\atera networks\ateraagent\ateraagent.exe" /i /integratorlogin="omar.zetawi@polaris-tek.com" /companyid="1" /integratorloginui="" /companyidui="" /folderid="" /accountid="001q300000hardhiaj" /agentid="7d7ca517-f825-4372-8327-c232f61880c4"Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "3205572e-b701-411c-935a-8eefcd863daa" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000hardhiaj
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "e84a63c2-b176-4565-84a8-bf664a770baa" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000hardhiaj
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "0a143a2b-b19b-4fce-bc04-41b81bcbcc4b" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000hardhiaj
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "0a143a2b-b19b-4fce-bc04-41b81bcbcc4b" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000hardhiaj
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "f7c52d87-a697-402f-9ddb-f4bd7930a959" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000hardhiaj
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "34fed5af-6ccf-418e-89e6-f319c0139431" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000hardhiaj
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "16f383b9-4be1-4380-b33c-f4b37a96755f" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000hardhiaj
                              Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIF644.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIF644.tmp-\AlphaControlAgentInstallation.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIF924.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIF924.tmp-\AlphaControlAgentInstallation.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIF924.tmp-\Newtonsoft.Json.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSID78.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSID78.tmp-\AlphaControlAgentInstallation.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll VolumeInformation
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSI27EA.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSI27EA.tmp-\AlphaControlAgentInstallation.dll VolumeInformation
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSI27EA.tmp-\Newtonsoft.Json.dll VolumeInformation
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                              Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 Blob

                              Remote Access Functionality

                              barindex
                              Yara detected AteraAgent
                              Source: Yara matchFile source: 20.0.AgentPackageAgentInformation.exe.169f6680000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 21.2.AgentPackageAgentInformation.exe.24c04f50000.1.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 12.0.AteraAgent.exe.1e1b60c0000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000015.00000002.1938695669.0000024C04F52000.00000002.00000001.01000000.00000018.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000021.00000002.2818020572.0000019DB5D20000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001B.00000002.2551673351.000001CE7F49B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000023.00000002.2908773950.00000213E39E5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.2482169319.0000024296857000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000002.1816073152.00007FFD9B4A4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001B.00000002.2548929719.000001CE005DF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000004.00000002.1748246531.0000000004C64000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001F.00000002.2720357078.000001CA90651000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000023.00000002.2908773950.00000213E399D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000015.00000002.1938810865.0000024C04FE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.2483470135.0000024297127000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001F.00000002.2720357078.000001CA906D3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001F.00000002.2718323397.000001CA8FE18000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000021.00000002.2814840353.0000019DB5AA0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000002.1811465867.000001E1B6311000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000000.1773587469.000001E1B60C2000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000014.00000002.1938735886.00000169F67A0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000021.00000002.2814840353.0000019DB5AA9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2966329034.00000217FC074000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2946215609.0000007EE0BD5000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.2483202493.0000024296B70000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000023.00000002.2925775178.00000213E42D3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001D.00000002.2579606173.00000238EB400000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2950826484.0000021780692000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000015.00000002.1937961302.0000024C049CB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000002.1814707609.000001E1D0810000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001B.00000002.2551673351.000001CE7F4A8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000002.1812098404.000001E1B7F42000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000021.00000002.2814840353.0000019DB5AE3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000014.00000002.1938735886.00000169F677F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2950826484.0000021780422000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000021.00000002.2819989598.0000019DB64CF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2950826484.00000217806B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000002.1811401559.000001E1B62D0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001B.00000002.2551673351.000001CE7F548000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000023.00000002.2925775178.00000213E4297000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000002.1812098404.000001E1B7F8C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001D.00000002.2576271251.00000238EA4AC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001F.00000002.2718323397.000001CA8FE10000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000002.1812869872.000001E1D0540000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000015.00000002.1938810865.0000024C05063000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.2483470135.00000242970E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001D.00000002.2567708299.00000238800BF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2950826484.000002178013E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001B.00000002.2548929719.000001CE005A3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000002.1811465867.000001E1B630E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001D.00000002.2576271251.00000238EA490000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2950826484.00000217809A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000002.1812098404.000001E1B7E9C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000014.00000000.1915534412.00000169F6682000.00000002.00000001.01000000.00000016.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001D.00000002.2567708299.0000023880047000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000002.1813166524.000001E1D05BE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001D.00000002.2567708299.0000023880001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000002.1812098404.000001E1B7ECA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001F.00000002.2718323397.000001CA8FE5C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000014.00000002.1938735886.00000169F6760000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001F.00000002.2718323397.000001CA8FE9B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001B.00000002.2551673351.000001CE7F460000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000004.00000002.1748246531.0000000004BC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000002.1811261269.000001E1B6260000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000021.00000002.2819989598.0000019DB6493000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001D.00000002.2576271251.00000238EA4CC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2966329034.00000217FC08B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000015.00000002.1937961302.0000024C049EC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.2482169319.0000024296819000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2950826484.000002178094C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001B.00000002.2550356997.000001CE18D0A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.2482169319.000002429684D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2961429977.00000217FAB90000.00000004.00000020.00040000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000023.00000002.2925775178.00000213E430F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2950826484.0000021780914000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000023.00000002.2925187633.00000213E3AE0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000023.00000002.2908773950.00000213E3960000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000014.00000002.1937782713.0000016980083000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000015.00000002.1937961302.0000024C049FA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2961466558.00000217FABA0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2950826484.00000217808E4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000021.00000002.2814840353.0000019DB5B26000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000002.1812098404.000001E1B7EC4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000002.1811465867.000001E1B6359000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000002.1812098404.000001E1B7EC2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000010.00000002.1871926707.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.2483470135.0000024297163000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000014.00000002.1938735886.00000169F67AD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000021.00000002.2814840353.0000019DB5ADD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001B.00000002.2548929719.000001CE00521000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000002.1811465867.000001E1B635F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000015.00000002.1937961302.0000024C04A36000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000014.00000002.1939609942.00000169F69F0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2950826484.0000021780232000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001F.00000002.2720357078.000001CA9070F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.2482169319.0000024296896000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000002.1811401559.000001E1B62D6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2950826484.0000021780001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000015.00000002.1938810865.0000024C05027000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000023.00000002.2908773950.00000213E3969000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2961466558.00000217FABA8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000015.00000002.1938810865.0000024C0509F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001B.00000002.2551673351.000001CE7F4E8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000015.00000002.1941843551.0000024C1D961000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001D.00000002.2574330320.00000238EA3F0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001B.00000002.2553023308.000001CE7F7C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000021.00000002.2819989598.0000019DB6411000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.2483470135.000002429719F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2962759137.00000217FADB0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000015.00000002.1937873368.0000024C049B0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2961466558.00000217FABDC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001B.00000002.2551673351.000001CE7F469000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.2482169319.0000024296810000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001F.00000002.2720226579.000001CA90080000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000002.1812098404.000001E1B7ED9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001D.00000002.2576271251.00000238EA4DC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001D.00000002.2576271251.00000238EA499000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000002.1812098404.000001E1B7E99000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001D.00000002.2576271251.00000238EA568000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000002.1811465867.000001E1B62EE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001D.00000002.2567708299.0000023880083000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2950826484.00000217806CE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000015.00000002.1937784076.0000024C04970000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000023.00000002.2908773950.00000213E399F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000021.00000002.2822736956.0000019DCEAD0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000015.00000002.1937873368.0000024C049B8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2950826484.00000217808ED000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000023.00000002.2925775178.00000213E4251000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001F.00000002.2720357078.000001CA90697000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2950826484.000002178006E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2961466558.00000217FAC24000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000021.00000002.2819989598.0000019DB6457000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000021.00000002.2814840353.0000019DB5B61000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001B.00000002.2548929719.000001CE00567000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000014.00000002.1938735886.00000169F67ED000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001D.00000002.2576271251.00000238EA517000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000014.00000002.1937782713.0000016980001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000002.1812098404.000001E1B7E11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000010.00000002.1871926707.0000000004341000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 6904, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 7200, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 7300, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: AteraAgent.exe PID: 7548, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: AteraAgent.exe PID: 7728, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 7932, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: AgentPackageAgentInformation.exe PID: 7264, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: AgentPackageAgentInformation.exe PID: 7284, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: AgentPackageAgentInformation.exe PID: 7848, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: AgentPackageAgentInformation.exe PID: 4180, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: AgentPackageAgentInformation.exe PID: 2076, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: AgentPackageAgentInformation.exe PID: 6904, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: AgentPackageAgentInformation.exe PID: 7304, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: AgentPackageAgentInformation.exe PID: 6128, type: MEMORYSTR
                              Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Temp\~DFEB3FF44FCF811A1A.TMP, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Temp\~DF6A8465F9B84E5905.TMP, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Temp\~DF1D087F7A3E9CA16A.TMP, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Temp\~DF976A0F2522BB20B3.TMP, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Installer\MSID78.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Installer\MSI27EA.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
                              Source: Yara matchFile source: C:\Config.Msi\56f4af.rbs, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Installer\MSIF644.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Temp\~DFB4214A4473B515E6.TMP, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Installer\MSIF9C.tmp, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Installer\inprogressinstallinfo.ipi, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\System32\InstallUtil.InstallLog, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Temp\~DF6E3B0B399A62DDDC.TMP, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Installer\MSIF924.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, type: DROPPED

                              Mitre Att&ck Matrix

                              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                              Gather Victim Identity InformationAcquire Infrastructure1
                              Replication Through Removable Media                              		121
                              Windows Management Instrumentation                              		1
                              DLL Side-Loading                              		1
                              DLL Side-Loading                              		21
                              Disable or Modify Tools                              		OS Credential Dumping11
                              Peripheral Device Discovery                              		Remote Services11
                              Archive Collected Data                              		1
                              Ingress Tool Transfer                              		Exfiltration Over Other Network MediumAbuse Accessibility Features
                              CredentialsDomainsDefault Accounts1
                              Command and Scripting Interpreter                              		21
                              Windows Service                              		21
                              Windows Service                              		1
                              Deobfuscate/Decode Files or Information                              		LSASS Memory2
                              File and Directory Discovery                              		Remote Desktop ProtocolData from Removable Media11
                              Encrypted Channel                              		Exfiltration Over BluetoothNetwork Denial of Service
                              Email AddressesDNS ServerDomain Accounts11
                              Service Execution                              		Logon Script (Windows)11
                              Process Injection                              		21
                              Obfuscated Files or Information                              		Security Account Manager24
                              System Information Discovery                              		SMB/Windows Admin SharesData from Network Shared Drive2
                              Non-Application Layer Protocol                              		Automated ExfiltrationData Encrypted for Impact
                              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                              Timestomp                              		NTDS1
                              Query Registry                              		Distributed Component Object ModelInput Capture3
                              Application Layer Protocol                              		Traffic DuplicationData Destruction
                              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                              DLL Side-Loading                              		LSA Secrets211
                              Security Software Discovery                              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                              File Deletion                              		Cached Domain Credentials1
                              Process Discovery                              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items122
                              Masquerading                              		DCSync141
                              Virtualization/Sandbox Evasion                              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                              Modify Registry                              		Proc Filesystem1
                              Application Window Discovery                              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt141
                              Virtualization/Sandbox Evasion                              		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                              IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron11
                              Process Injection                              		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                              Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
                              Rundll32                              		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                              Behavior Graph

                              Hide Legend

                              Legend:

                              • Process
                              • Signature
                              • Created File
                              • DNS/IP Info
                              • Is Dropped
                              • Is Windows Process
                              • Number of created Registry Values
                              • Number of created Files
                              • Visual Basic
                              • Delphi
                              • Java
                              • .Net C# or VB.NET
                              • C, C++ or other language
                              • Is malicious
                              • Internet
                              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1467118 Sample: 2cFFfHDG7D.msi Startdate: 03/07/2024 Architecture: WINDOWS Score: 88 98 ps.pndsn.com 2->98 100 ps.atera.com 2->100 102 5 other IPs or domains 2->102 110 Multi AV Scanner detection for dropped file 2->110 112 Multi AV Scanner detection for submitted file 2->112 114 Yara detected AteraAgent 2->114 116 3 other signatures 2->116 9 msiexec.exe 82 43 2->9         started        12 AteraAgent.exe 2->12         started        16 msiexec.exe 5 2->16         started        signatures3 process4 dnsIp5 82 C:\Windows\Installer\MSIF924.tmp, PE32 9->82 dropped 84 C:\Windows\Installer\MSIF644.tmp, PE32 9->84 dropped 86 C:\Windows\Installer\MSID78.tmp, PE32 9->86 dropped 96 20 other files (17 malicious) 9->96 dropped 18 msiexec.exe 9->18         started        20 AteraAgent.exe 6 11 9->20         started        24 msiexec.exe 9->24         started        104 d25btwd9wax8gu.cloudfront.net 3.165.136.99, 443, 49756 AMAZON-02US United States 12->104 106 35.157.63.227, 443, 49789, 49790 AMAZON-02US United States 12->106 108 ps.pndsn.com 35.157.63.229, 443, 49743, 49746 AMAZON-02US United States 12->108 88 C:\...88ewtonsoft.Json.dll, PE32 12->88 dropped 90 C:\...\Atera.AgentPackage.Common.dll, PE32 12->90 dropped 92 C:\...\AgentPackageAgentInformation.exe, PE32 12->92 dropped 94 AgentPackageAgentInformation.exe.config, XML 12->94 dropped 128 Creates files in the system32 config directory 12->128 130 Reads the Security eventlog 12->130 132 Reads the System eventlog 12->132 26 sc.exe 12->26         started        28 AgentPackageAgentInformation.exe 12->28         started        30 AgentPackageAgentInformation.exe 12->30         started        32 6 other processes 12->32 file6 signatures7 process8 file9 34 rundll32.exe 8 18->34         started        38 rundll32.exe 15 9 18->38         started        40 rundll32.exe 7 18->40         started        42 rundll32.exe 18->42         started        78 C:\Windows\System32\InstallUtil.InstallLog, Unicode 20->78 dropped 80 C:\...\AteraAgent.InstallLog, Unicode 20->80 dropped 120 Creates files in the system32 config directory 20->120 122 Reads the Security eventlog 20->122 124 Reads the System eventlog 20->124 50 2 other processes 24->50 126 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 26->126 44 conhost.exe 26->44         started        46 conhost.exe 28->46         started        48 conhost.exe 30->48         started        52 6 other processes 32->52 signatures10 process11 file12 60 C:\Windows\Installer\...60ewtonsoft.Json.dll, PE32 34->60 dropped 62 C:\...\AlphaControlAgentInstallation.dll, PE32 34->62 dropped 70 2 other files (none is malicious) 34->70 dropped 118 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 34->118 64 C:\Windows\Installer\...64ewtonsoft.Json.dll, PE32 38->64 dropped 66 C:\...\AlphaControlAgentInstallation.dll, PE32 38->66 dropped 72 2 other files (none is malicious) 38->72 dropped 68 C:\Windows\Installer\...68ewtonsoft.Json.dll, PE32 40->68 dropped 74 3 other files (1 malicious) 40->74 dropped 76 4 other files (2 malicious) 42->76 dropped 54 conhost.exe 50->54         started        56 conhost.exe 50->56         started        58 net1.exe 1 50->58         started        signatures13 process14

                              Screenshots

                              Thumbnails

                              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                              windows-stand

                              Antivirus, Machine Learning and Genetic Malware Detection

                              Initial Sample

                              SourceDetectionScannerLabelLink
                              2cFFfHDG7D.msi24%ReversingLabsWin32.Trojan.Atera

                              Dropped Files

                              SourceDetectionScannerLabelLink
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe18%ReversingLabsWin32.Trojan.Atera
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll0%ReversingLabs
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll0%ReversingLabs
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll0%ReversingLabs
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe0%ReversingLabs
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll0%ReversingLabs
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll0%ReversingLabs
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll0%ReversingLabs
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dll0%ReversingLabs
                              C:\Windows\Installer\MSI1116.tmp0%ReversingLabs
                              C:\Windows\Installer\MSI27EA.tmp0%ReversingLabs
                              C:\Windows\Installer\MSI27EA.tmp-\AlphaControlAgentInstallation.dll0%ReversingLabs
                              C:\Windows\Installer\MSI27EA.tmp-\Microsoft.Deployment.WindowsInstaller.dll0%ReversingLabs
                              C:\Windows\Installer\MSI27EA.tmp-\Newtonsoft.Json.dll0%ReversingLabs
                              C:\Windows\Installer\MSI27EA.tmp-\System.Management.dll0%ReversingLabs
                              C:\Windows\Installer\MSID78.tmp0%ReversingLabs
                              C:\Windows\Installer\MSID78.tmp-\AlphaControlAgentInstallation.dll0%ReversingLabs
                              C:\Windows\Installer\MSID78.tmp-\Microsoft.Deployment.WindowsInstaller.dll0%ReversingLabs
                              C:\Windows\Installer\MSID78.tmp-\Newtonsoft.Json.dll0%ReversingLabs
                              C:\Windows\Installer\MSID78.tmp-\System.Management.dll0%ReversingLabs
                              C:\Windows\Installer\MSIF644.tmp0%ReversingLabs
                              C:\Windows\Installer\MSIF644.tmp-\AlphaControlAgentInstallation.dll0%ReversingLabs
                              C:\Windows\Installer\MSIF644.tmp-\Microsoft.Deployment.WindowsInstaller.dll0%ReversingLabs
                              C:\Windows\Installer\MSIF644.tmp-\Newtonsoft.Json.dll0%ReversingLabs
                              C:\Windows\Installer\MSIF644.tmp-\System.Management.dll0%ReversingLabs
                              C:\Windows\Installer\MSIF924.tmp0%ReversingLabs
                              C:\Windows\Installer\MSIF924.tmp-\AlphaControlAgentInstallation.dll0%ReversingLabs
                              C:\Windows\Installer\MSIF924.tmp-\Microsoft.Deployment.WindowsInstaller.dll0%ReversingLabs
                              C:\Windows\Installer\MSIF924.tmp-\Newtonsoft.Json.dll0%ReversingLabs
                              C:\Windows\Installer\MSIF924.tmp-\System.Management.dll0%ReversingLabs
                              C:\Windows\Installer\MSIF9D.tmp0%ReversingLabs
                              C:\Windows\Installer\MSIFFB.tmp0%ReversingLabs

                              Unpacked PE Files

                              No Antivirus matches

                              Domains

                              No Antivirus matches

                              URLs

                              SourceDetectionScannerLabelLink
                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                              http://microsoft.co$0%Avira URL Cloudsafe
                              https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6108e17e-e70c-47ee-93a9-dff9a3c5dc87&uuid=7d7ca517-f825-4372-8327-c232f61880c40%Avira URL Cloudsafe
                              https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=3223849c-8c48-4b98-a40e-e3dd7f3726a2&tr=43&tt=17200236621884071&uuid=7d7ca517-f825-4372-8327-c232f61880c40%Avira URL Cloudsafe
                              https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=7232c231-fbd8-40c5-9fd4-a6b3ac2c95bc&uuid=7d7ca517-f825-4372-8327-c232f61880c40%Avira URL Cloudsafe
                              https://agent-api.atera.com/Production/Agent/GetCommands)0%Avira URL Cloudsafe
                              https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=04b28964-6ef0-4a42-97e9-de0d1f8969f6&uuid=7d7ca517-f825-4372-8327-c232f61880c40%Avira URL Cloudsafe
                              https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=644afada-5df7-4de5-b444-b1d3402ba380&tr=43&tt=17200237221481014&uuid=7d7ca517-f825-4372-8327-c232f61880c40%Avira URL Cloudsafe
                              https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=580032ce-f9f4-4e21-acd4-6e1ccc5802000%Avira URL Cloudsafe
                              http://schemas.datacontract.org0%Avira URL Cloudsafe
                              https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=8c864d9a-ab98-41ba-aa3b-cc8bfbb46040&tt=0&uuid=7d7ca517-f825-4372-8327-c232f61880c40%Avira URL Cloudsafe
                              http://ocsp.digicert.c0%Avira URL Cloudsafe
                              http://dl.google.com/googletalk/googletalk-setup.exe0%Avira URL Cloudsafe
                              https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=357c8023-d06f-43c6-af75-ff9276fa6312&tr=43&tt=17200236682775915&uuid=7d7ca517-f825-4372-8327-c232f61880c40%Avira URL Cloudsafe
                              https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.1/AgentPackageAg0%Avira URL Cloudsafe
                              https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=59ddd6fa-ec59-4c28-92e6-b21af451dd77&tt=0&uuid=7d7ca517-f825-4372-8327-c232f61880c40%Avira URL Cloudsafe
                              https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ceac7b8a-d06f-46f6-b40d-723d7f8ecc6e&uuid=7d7ca517-f825-4372-8327-c232f61880c40%Avira URL Cloudsafe
                              https://agent-api.atera.com/Production/Agent/track-event0%Avira URL Cloudsafe
                              https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=4268a400-66a4-4a60-8ada-3d40a293c400&uuid=7d7ca517-f825-4372-8327-c232f61880c40%Avira URL Cloudsafe
                              https://ps.atera.com/agentpackageswin/AgentPackageAgentI0%Avira URL Cloudsafe
                              https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=31d30483-1276-494b-8626-3e162b57285f0%Avira URL Cloudsafe
                              https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6e72782c-04f9-4b3f-b04c-e2bcfd8dec880%Avira URL Cloudsafe
                              https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e3c1bb87-134a-4b79-9350-4fcf40025dd10%Avira URL Cloudsafe
                              https://agent-api.atera.com/Production/Agent/0%Avira URL Cloudsafe
                              https://agent-api.atera.com/Production/Agent/GetCommandsFallback)0%Avira URL Cloudsafe
                              https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=272b312b-8cbb-4ed4-bd82-1f2dd3cf8d11&uuid=7d7ca517-f825-4372-8327-c232f61880c40%Avira URL Cloudsafe
                              http://wixtoolset.org0%Avira URL Cloudsafe
                              https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9d6606e1-8f57-49c5-9ab0-2ca887e76ed8&uuid=7d7ca517-f825-4372-8327-c232f61880c40%Avira URL Cloudsafe
                              http://schemas.datacontract.org/2004/07/System.ServiceProcess0%Avira URL Cloudsafe
                              https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=01817154-5258-48a3-85c0-e83f589a219b&uuid=7d7ca517-f825-4372-8327-c232f61880c40%Avira URL Cloudsafe
                              https://agent-api.atera.com/Production0%Avira URL Cloudsafe
                              https://ps.atera.com/agentpackagesnet45/Agent.Package.Watchdog/1.5/Agent.Package.Watchdog.zip0%Avira URL Cloudsafe
                              https://ps.atera.com/agentpackagesnet45/AgentPackageProgramManagement/22.9/AgentPackageProgramManage0%Avira URL Cloudsafe
                              https://ps.atera.com/agentpackageswin/AgentPackageRuntimeInstaller/13.0/AgentPackageRuntimeInstaller0%Avira URL Cloudsafe
                              http://acontrol.atera.com/0%Avira URL Cloudsafe
                              https://agent-api.atera.com/Production/Agent/track-event;0%Avira URL Cloudsafe
                              https://agent-api.atera.com/Production/Agent/AgentStarting)0%Avira URL Cloudsafe
                              https://ps.pndsn.com0%Avira URL Cloudsafe
                              https://ps.atera.com/agentpackagesmac/Agent0%Avira URL Cloudsafe
                              https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=dbb4b35f-5f78-4ab4-bdd1-d6b922caff40&uuid=7d7ca517-f825-4372-8327-c232f61880c40%Avira URL Cloudsafe
                              https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=c089a5f6-aacc-464d-ba59-69fd86253ba9&uuid=7d7ca517-f825-4372-8327-c232f61880c40%Avira URL Cloudsafe
                              https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=139b731a-b591-4698-bfee-48cc028559cd&uuid=7d7ca517-f825-4372-8327-c232f61880c40%Avira URL Cloudsafe
                              https://ps.atera.com/agentpackagesnet45/AgentPackageADRemote/6.0/AgentPackageADRemote.zip0%Avira URL Cloudsafe
                              http://agent-api.atera.com0%Avira URL Cloudsafe
                              https://ps.atera.com/agentpackagesnet45/AgentPackageNetworkDiscovery/23.9/AgentPackageNetworkDiscove0%Avira URL Cloudsafe
                              https://ps.pndsn.com/v2/presence/sub_key/sub-c0%Avira URL Cloudsafe
                              https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=49462288-5478-4372-9693-b47681abf7af&uuid=7d7ca517-f825-4372-8327-c232f61880c40%Avira URL Cloudsafe
                              http://schemas.datacontract.org/2004/07/0%Avira URL Cloudsafe
                              http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/v0%Avira URL Cloudsafe
                              https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=01dd44b0-5151-4864-a34b-b47d9fe010290%Avira URL Cloudsafe
                              https://agent-api.atera.com/Production/Agent/Acknowl0%Avira URL Cloudsafe
                              https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e6094e12-9fa8-4d26-aa06-4e8fb7a4009c&uuid=7d7ca517-f825-4372-8327-c232f61880c40%Avira URL Cloudsafe
                              https://github.com/icsharpcode/SharpZipLib0%Avira URL Cloudsafe
                              https://agent-api.atera.com0%Avira URL Cloudsafe
                              https://ps.atera.com/agentpackagesnet45/AgentPackageTaskScheduler/17.2/AgentPackageTaskScheduler.zip0%Avira URL Cloudsafe
                              https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0f6a6f9e-92dd-416b-bb7d-5bf345e8ea10&uuid=7d7ca517-f825-4372-8327-c232f61880c40%Avira URL Cloudsafe
                              https://agent-api.atera.com/Production/Agent/AgentStarting0%Avira URL Cloudsafe
                              https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=712442ef-230d-4277-b641-1839d4d8d808&uuid=7d7ca517-f825-4372-8327-c232f61880c40%Avira URL Cloudsafe
                              https://agent-api.atera.com/Production/Agent/GetCommands0%Avira URL Cloudsafe
                              http://www.w3.oh0%Avira URL Cloudsafe
                              https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ad2ddba0-edbb-429e-9340-5807bd34a581&uuid=7d7ca517-f825-4372-8327-c232f61880c40%Avira URL Cloudsafe
                              http://schemas.datacontract.org/2004/07/System.ServiceProcess00%Avira URL Cloudsafe
                              https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=02fdafa7-0cbf-4d21-9e7c-2644b1b8a69d&uuid=7d7ca517-f825-4372-8327-c232f61880c40%Avira URL Cloudsafe
                              https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ccd8b767-ce84-425a-a6fc-e1d295ece179&uuid=7d7ca517-f825-4372-8327-c232f61880c40%Avira URL Cloudsafe
                              https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9adb2664-b18c-43f3-856f-5709e73f6369&uuid=7d7ca517-f825-4372-8327-c232f61880c40%Avira URL Cloudsafe
                              https://agent-api.atera.com/0%Avira URL Cloudsafe
                              https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=22cf76d8-ac1d-4e8c-a645-ddf02c4a5363&uuid=7d7ca517-f825-4372-8327-c232f61880c40%Avira URL Cloudsafe
                              https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6108e17e-e70c-47ee-93a9-dff9a3c5dc870%Avira URL Cloudsafe
                              https://agent-api.atera.com/Production/Agent/GetRecurringPackages0%Avira URL Cloudsafe
                              https://ps.atera.com/agentpackageswin/Agent.Package.Availability/13.0/Agent.Package.Availability.zip0%Avira URL Cloudsafe
                              https://www.newtonsoft.com/jsonschema0%Avira URL Cloudsafe
                              https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/36.7/AgentPackageAgentInformati0%Avira URL Cloudsafe
                              https://ps.atera.com/agentpackagesmac/AgentPackageRuntimeInstaller/1.5/AgentPackageRuntimeInstaller.0%Avira URL Cloudsafe
                              https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6d71671f-ff3a-4b21-bbc6-dec364cbbb66&uuid=7d7ca517-f825-4372-8327-c232f61880c40%Avira URL Cloudsafe
                              https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=272b312b-8cbb-4ed4-bd82-1f2dd3cf8d110%Avira URL Cloudsafe
                              https://ps.atera.com/agentpackageswin/Agent.Package.Watchdog/13.0/Agent.Package.Watchdog.zip0%Avira URL Cloudsafe
                              https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e3c1bb87-134a-4b79-9350-4fcf40025dd1&uuid=7d7ca517-f825-4372-8327-c232f61880c40%Avira URL Cloudsafe
                              https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=24efe0cb-37e4-4030-8040-96cc03619cbf&uuid=7d7ca517-f825-4372-8327-c232f61880c40%Avira URL Cloudsafe
                              https://ps.atera.com/agentpackagesnet45/Agent.Package.Availability/0.16/Agent.Package.Availability.z0%Avira URL Cloudsafe
                              https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=28c02dc8-fc10-46f4-9892-4dca60ee91e7&uuid=7d7ca517-f825-4372-8327-c232f61880c40%Avira URL Cloudsafe
                              https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=f70c64fb-bd8c-4b68-8d78-3a86a80f0fd6&uuid=7d7ca517-f825-4372-8327-c232f61880c40%Avira URL Cloudsafe
                              https://ps.atera.com/agentpackagesnet45/AgentPackageSTRemote/21.6/AgentPackageSTRemote.zip0%Avira URL Cloudsafe
                              https://ps.atera.com/agentpackagesnet45/AgentPackageTicketing/27.5/AgentPackageTicketing.zip0%Avira URL Cloudsafe
                              https://ps.atera.com/agentpackagesmac/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zip0%Avira URL Cloudsafe
                              https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=800f1992-a163-4e95-be3a-8d7dd58c0f05&uuid=7d7ca517-f825-4372-8327-c232f61880c40%Avira URL Cloudsafe
                              https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8ca60d9f-75c2-4d80-a8a7-b05f671b9e42&uuid=7d7ca517-f825-4372-8327-c232f61880c40%Avira URL Cloudsafe
                              https://ps.atera.com/agentpackagesnet45/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zip0%Avira URL Cloudsafe
                              https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=28c02dc8-fc10-46f4-9892-4dca60ee91e70%Avira URL Cloudsafe
                              https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8ca60d9f-75c2-4d80-a8a7-b05f671b9e420%Avira URL Cloudsafe
                              https://ps.atera.com/agentpackagesnet45/AgentPackageSystemTools/26.6/AgentPackageSystemTools.zip0%Avira URL Cloudsafe
                              https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca5170%Avira URL Cloudsafe
                              https://www.newtonsoft.com/json0%Avira URL Cloudsafe
                              https://agent-api.atera.com/Production/Agent/Age0%Avira URL Cloudsafe
                              https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=3da9111c-aaa7-4e08-ba06-01a1cd672c2b&uuid=7d7ca517-f825-4372-8327-c232f61880c40%Avira URL Cloudsafe
                              https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=4268a400-66a4-4a60-8ada-3d40a293c4000%Avira URL Cloudsafe
                              https://ps.pndsn.com/v2/subscribe/sub-c-a02cec0%Avira URL Cloudsafe
                              https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=f70c64fb-bd8c-4b68-8d78-3a86a80f0fd60%Avira URL Cloudsafe
                              https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=c2080080-bc76-4491-ab59-0a0eabfe07a8&uuid=7d7ca517-f825-4372-8327-c232f61880c40%Avira URL Cloudsafe
                              http://wixtoolset.org/news/0%Avira URL Cloudsafe
                              https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf0%Avira URL Cloudsafe

                              Domains and IPs

                              Contacted Domains

                              NameIPActiveMaliciousAntivirus DetectionReputation
                              ps.pndsn.com
                              		35.157.63.229
                              		truefalse
                                		unknown
                                bg.microsoft.map.fastly.net
                                		199.232.214.172
                                		truefalse
                                  		unknown
                                  d25btwd9wax8gu.cloudfront.net
                                  		3.165.136.99
                                  		truefalse
                                    		unknown
                                    fp2e7a.wpc.phicdn.net
                                    		192.229.221.95
                                    		truefalse
                                      		unknown
                                      ps.atera.com
                                      		unknown
                                      		unknownfalse
                                        		unknown
                                        agent-api.atera.com
                                        		unknown
                                        		unknownfalse
                                          		unknown

                                          Contacted URLs

                                          NameMaliciousAntivirus DetectionReputation
                                          https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=04b28964-6ef0-4a42-97e9-de0d1f8969f6&uuid=7d7ca517-f825-4372-8327-c232f61880c4false
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=7232c231-fbd8-40c5-9fd4-a6b3ac2c95bc&uuid=7d7ca517-f825-4372-8327-c232f61880c4false
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6108e17e-e70c-47ee-93a9-dff9a3c5dc87&uuid=7d7ca517-f825-4372-8327-c232f61880c4false
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=644afada-5df7-4de5-b444-b1d3402ba380&tr=43&tt=17200237221481014&uuid=7d7ca517-f825-4372-8327-c232f61880c4false
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=8c864d9a-ab98-41ba-aa3b-cc8bfbb46040&tt=0&uuid=7d7ca517-f825-4372-8327-c232f61880c4false
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=3223849c-8c48-4b98-a40e-e3dd7f3726a2&tr=43&tt=17200236621884071&uuid=7d7ca517-f825-4372-8327-c232f61880c4false
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=59ddd6fa-ec59-4c28-92e6-b21af451dd77&tt=0&uuid=7d7ca517-f825-4372-8327-c232f61880c4false
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ceac7b8a-d06f-46f6-b40d-723d7f8ecc6e&uuid=7d7ca517-f825-4372-8327-c232f61880c4false
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=4268a400-66a4-4a60-8ada-3d40a293c400&uuid=7d7ca517-f825-4372-8327-c232f61880c4false
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=357c8023-d06f-43c6-af75-ff9276fa6312&tr=43&tt=17200236682775915&uuid=7d7ca517-f825-4372-8327-c232f61880c4false
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=01817154-5258-48a3-85c0-e83f589a219b&uuid=7d7ca517-f825-4372-8327-c232f61880c4false
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=272b312b-8cbb-4ed4-bd82-1f2dd3cf8d11&uuid=7d7ca517-f825-4372-8327-c232f61880c4false
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9d6606e1-8f57-49c5-9ab0-2ca887e76ed8&uuid=7d7ca517-f825-4372-8327-c232f61880c4false
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=dbb4b35f-5f78-4ab4-bdd1-d6b922caff40&uuid=7d7ca517-f825-4372-8327-c232f61880c4false
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=c089a5f6-aacc-464d-ba59-69fd86253ba9&uuid=7d7ca517-f825-4372-8327-c232f61880c4false
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=139b731a-b591-4698-bfee-48cc028559cd&uuid=7d7ca517-f825-4372-8327-c232f61880c4false
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=49462288-5478-4372-9693-b47681abf7af&uuid=7d7ca517-f825-4372-8327-c232f61880c4false
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e6094e12-9fa8-4d26-aa06-4e8fb7a4009c&uuid=7d7ca517-f825-4372-8327-c232f61880c4false
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0f6a6f9e-92dd-416b-bb7d-5bf345e8ea10&uuid=7d7ca517-f825-4372-8327-c232f61880c4false
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=712442ef-230d-4277-b641-1839d4d8d808&uuid=7d7ca517-f825-4372-8327-c232f61880c4false
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ad2ddba0-edbb-429e-9340-5807bd34a581&uuid=7d7ca517-f825-4372-8327-c232f61880c4false
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9adb2664-b18c-43f3-856f-5709e73f6369&uuid=7d7ca517-f825-4372-8327-c232f61880c4false
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=02fdafa7-0cbf-4d21-9e7c-2644b1b8a69d&uuid=7d7ca517-f825-4372-8327-c232f61880c4false
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ccd8b767-ce84-425a-a6fc-e1d295ece179&uuid=7d7ca517-f825-4372-8327-c232f61880c4false
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=22cf76d8-ac1d-4e8c-a645-ddf02c4a5363&uuid=7d7ca517-f825-4372-8327-c232f61880c4false
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6d71671f-ff3a-4b21-bbc6-dec364cbbb66&uuid=7d7ca517-f825-4372-8327-c232f61880c4false
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=24efe0cb-37e4-4030-8040-96cc03619cbf&uuid=7d7ca517-f825-4372-8327-c232f61880c4false
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e3c1bb87-134a-4b79-9350-4fcf40025dd1&uuid=7d7ca517-f825-4372-8327-c232f61880c4false
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=f70c64fb-bd8c-4b68-8d78-3a86a80f0fd6&uuid=7d7ca517-f825-4372-8327-c232f61880c4false
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=28c02dc8-fc10-46f4-9892-4dca60ee91e7&uuid=7d7ca517-f825-4372-8327-c232f61880c4false
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=800f1992-a163-4e95-be3a-8d7dd58c0f05&uuid=7d7ca517-f825-4372-8327-c232f61880c4false
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8ca60d9f-75c2-4d80-a8a7-b05f671b9e42&uuid=7d7ca517-f825-4372-8327-c232f61880c4false
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=3da9111c-aaa7-4e08-ba06-01a1cd672c2b&uuid=7d7ca517-f825-4372-8327-c232f61880c4false
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=c2080080-bc76-4491-ab59-0a0eabfe07a8&uuid=7d7ca517-f825-4372-8327-c232f61880c4false
                                          • Avira URL Cloud: safe
                                          		unknown

                                          URLs from Memory and Binaries

                                          NameSourceMaliciousAntivirus DetectionReputation
                                          http://microsoft.co$AgentPackageAgentInformation.exe, 0000001F.00000002.2722001142.000001CAA8F84000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=580032ce-f9f4-4e21-acd4-6e1ccc580200AteraAgent.exe, 0000000D.00000002.2950826484.0000021780422000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://schemas.datacontract.orgAteraAgent.exe, 0000000C.00000002.1812098404.000001E1B7ED9000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://agent-api.atera.com/Production/Agent/GetCommands)AteraAgent.exe, 0000000D.00000002.2950826484.00000217808E4000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://ocsp.digicert.cAteraAgent.exe, 0000000C.00000002.1812869872.000001E1D04D0000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://agent-api.atera.com/Production/Agent/track-eventrundll32.exe, 00000004.00000002.1748246531.0000000004C64000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1748246531.0000000004BC1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.0000000004341000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://dl.google.com/googletalk/googletalk-setup.exeAgentPackageAgentInformation.exe, 00000014.00000000.1915534412.00000169F6682000.00000002.00000001.01000000.00000016.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.1/AgentPackageAgAteraAgent.exe, 0000000D.00000002.2950826484.0000021780232000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.atera.com/agentpackageswin/AgentPackageAgentIAteraAgent.exe, 0000000D.00000002.2950826484.0000021780934000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=31d30483-1276-494b-8626-3e162b57285fAteraAgent.exe, 0000000D.00000002.2950826484.0000021780232000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6e72782c-04f9-4b3f-b04c-e2bcfd8dec88AteraAgent.exe, 0000000D.00000002.2950826484.0000021780232000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e3c1bb87-134a-4b79-9350-4fcf40025dd1AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://agent-api.atera.com/Production/Agent/rundll32.exe, 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1748246531.0000000004C64000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1748246531.0000000004BC1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.000002178094C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.0000000004341000.00000004.00000800.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.16.dr, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.3.dr, AlphaControlAgentInstallation.dll.4.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://schemas.datacontract.org/2004/07/System.ServiceProcessAteraAgent.exe, 0000000C.00000002.1812098404.000001E1B7ED9000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://agent-api.atera.com/Production/Agent/GetCommandsFallback)AteraAgent.exe, 0000000D.00000002.2950826484.0000021780692000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://wixtoolset.orgrundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, 2cFFfHDG7D.msi, 56f4ae.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSIF9C.tmp.1.dr, 56f4b0.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSIFFB.tmp.1.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://agent-api.atera.com/ProductionAgentPackageAgentInformation.exe, 00000014.00000002.1937782713.0000016980083000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1938810865.0000024C0509F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2483470135.000002429719F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2548929719.000001CE005DF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.2567708299.00000238800BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.2720357078.000001CA9070F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.2819989598.0000019DB64CF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.2925775178.00000213E430F000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.atera.com/agentpackagesnet45/AgentPackageProgramManagement/22.9/AgentPackageProgramManageAteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.atera.com/agentpackagesnet45/Agent.Package.Watchdog/1.5/Agent.Package.Watchdog.zipAteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://agent-api.atera.com/Production/Agent/track-event;rundll32.exe, 00000004.00000002.1748246531.0000000004CA6000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.0000000004426000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.atera.com/agentpackageswin/AgentPackageRuntimeInstaller/13.0/AgentPackageRuntimeInstallerAteraAgent.exe, 0000000D.00000002.2950826484.00000217800C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://acontrol.atera.com/AteraAgent.exe, 0000000C.00000000.1773587469.000001E1B60C2000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780001000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe.1.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.atera.com/agentpackagesmac/AgentAteraAgent.exe, 0000000D.00000002.2950826484.0000021780934000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://agent-api.atera.com/Production/Agent/AgentStarting)AteraAgent.exe, 0000000D.00000002.2950826484.00000217808E4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217808ED000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.comAteraAgent.exe, 0000000D.00000002.2950826484.00000217806E4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780908000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217806B0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217809A0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.000002178008C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217806DC000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.atera.com/agentpackagesnet45/AgentPackageADRemote/6.0/AgentPackageADRemote.zipAteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namerundll32.exe, 00000004.00000002.1748246531.0000000004C64000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1748246531.0000000004BC1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780001000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.0000000004341000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.1937782713.0000016980083000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1938810865.0000024C0509F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2483470135.000002429719F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2548929719.000001CE005DF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.2567708299.00000238800BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.2720357078.000001CA9070F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.2819989598.0000019DB64CF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.2925775178.00000213E430F000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://ps.atera.com/agentpackagesnet45/AgentPackageNetworkDiscovery/23.9/AgentPackageNetworkDiscoveAteraAgent.exe, 0000000D.00000002.2950826484.00000217800C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://agent-api.atera.comrundll32.exe, 00000004.00000002.1748246531.0000000004C85000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780682000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780692000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217809A0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217808CD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.000002178094C000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.0000000004405000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.1937782713.000001698012F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1938810865.0000024C0510F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2483470135.000002429720F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2548929719.000001CE0064F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.2567708299.000002388012F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.2720357078.000001CA9077F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.2819989598.0000019DB653F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.2925775178.00000213E437F000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/v2/presence/sub_key/sub-cAteraAgent.exe, 0000000D.00000002.2950826484.0000021780422000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://schemas.datacontract.org/2004/07/AteraAgent.exe, 0000000C.00000002.1812098404.000001E1B7ED9000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://github.com/icsharpcode/SharpZipLibAteraAgent.exe, 0000000D.00000002.2968940245.00000217FC4B2000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.1.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=01dd44b0-5151-4864-a34b-b47d9fe01029AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/vrundll32.exe, 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.16.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://agent-api.atera.com/Production/Agent/AcknowlAteraAgent.exe, 0000000D.00000002.2950826484.000002178094C000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.atera.com/agentpackagesnet45/AgentPackageTaskScheduler/17.2/AgentPackageTaskScheduler.zipAteraAgent.exe, 0000000D.00000002.2950826484.00000217800C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://agent-api.atera.comrundll32.exe, 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1748246531.0000000004C64000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1748246531.0000000004BC1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780682000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780692000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780001000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.0000000004341000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.1937782713.0000016980083000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1938810865.0000024C0509F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2483470135.000002429719F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2548929719.000001CE005DF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.2567708299.00000238800BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.2720357078.000001CA9070F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.2819989598.0000019DB64CF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.2925775178.00000213E430F000.00000004.00000800.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.16.dr, AlphaControlAgentInstallation.dll.5.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://agent-api.atera.com/Production/Agent/AgentStartingAteraAgent.exe, 0000000D.00000002.2950826484.0000021780682000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780422000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.000002178008C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780232000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217808ED000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217803F7000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.w3.ohAteraAgent.exe, 0000000C.00000002.1812098404.000001E1B7ED9000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://schemas.datacontract.org/2004/07/System.ServiceProcess0AteraAgent.exe, 0000000C.00000002.1812098404.000001E1B7ED9000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://agent-api.atera.com/Production/Agent/GetCommandsAteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780232000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://agent-api.atera.com/rundll32.exe, 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1748246531.0000000004C64000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1748246531.0000000004BC1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1871926707.0000000004341000.00000004.00000800.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.16.dr, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.3.dr, AlphaControlAgentInstallation.dll.4.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6108e17e-e70c-47ee-93a9-dff9a3c5dc87AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://agent-api.atera.com/Production/Agent/GetRecurringPackagesAteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.atera.com/agentpackageswin/Agent.Package.Availability/13.0/Agent.Package.Availability.zipAteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://www.newtonsoft.com/jsonschemaNewtonsoft.Json.dll.13.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/36.7/AgentPackageAgentInformatiAteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800D3000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=272b312b-8cbb-4ed4-bd82-1f2dd3cf8d11AteraAgent.exe, 0000000D.00000002.2950826484.0000021780232000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.atera.com/agentpackagesmac/AgentPackageRuntimeInstaller/1.5/AgentPackageRuntimeInstaller.AteraAgent.exe, 0000000D.00000002.2950826484.00000217800C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.atera.com/agentpackageswin/Agent.Package.Watchdog/13.0/Agent.Package.Watchdog.zipAteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.atera.com/agentpackagesnet45/Agent.Package.Availability/0.16/Agent.Package.Availability.zAteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.atera.com/agentpackagesnet45/AgentPackageSTRemote/21.6/AgentPackageSTRemote.zipAteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.atera.com/agentpackagesnet45/AgentPackageTicketing/27.5/AgentPackageTicketing.zipAteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.atera.com/agentpackagesmac/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zipAteraAgent.exe, 0000000D.00000002.2950826484.00000217800C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.atera.com/agentpackagesnet45/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zipAteraAgent.exe, 0000000D.00000002.2950826484.00000217800C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217800E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=28c02dc8-fc10-46f4-9892-4dca60ee91e7AteraAgent.exe, 0000000D.00000002.2950826484.0000021780232000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8ca60d9f-75c2-4d80-a8a7-b05f671b9e42AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.atera.com/agentpackagesnet45/AgentPackageSystemTools/26.6/AgentPackageSystemTools.zipAteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517AteraAgent.exe, 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/v2/subscribe/sub-c-a02cecAteraAgent.exe, 0000000D.00000002.2950826484.00000217806C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://www.newtonsoft.com/jsonrundll32.exe, 00000003.00000003.1693003449.00000000041C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.000000000495A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.000000000442C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://agent-api.atera.com/Production/Agent/AgeAteraAgent.exe, 0000000D.00000002.2950826484.00000217808ED000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=f70c64fb-bd8c-4b68-8d78-3a86a80f0fd6AteraAgent.exe, 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=4268a400-66a4-4a60-8ada-3d40a293c400AteraAgent.exe, 0000000D.00000002.2950826484.000002178008C000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://wixtoolset.org/news/rundll32.exe, 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.16.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbfSystem.ValueTuple.dll.1.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown

                                          World Map of Contacted IPs

                                          • No. of IPs < 25%
                                          • 25% < No. of IPs < 50%
                                          • 50% < No. of IPs < 75%
                                          • 75% < No. of IPs

                                          Public IPs

                                          IPDomainCountryFlagASNASN NameMalicious
                                          35.157.63.227
                                          		unknownUnited States
                                          		16509AMAZON-02USfalse
                                          35.157.63.229
                                          		ps.pndsn.comUnited States
                                          		16509AMAZON-02USfalse
                                          3.165.136.99
                                          		d25btwd9wax8gu.cloudfront.netUnited States
                                          		16509AMAZON-02USfalse

                                          General Information

                                          Joe Sandbox version:40.0.0 Tourmaline
                                          Analysis ID:1467118
                                          Start date and time:2024-07-03 18:19:52 +02:00
                                          Joe Sandbox product:CloudBasic
                                          Overall analysis duration:0h 11m 2s
                                          Hypervisor based Inspection enabled:false
                                          Report type:full
                                          Cookbook file name:default.jbs
                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                          Number of analysed new started processes analysed:37
                                          Number of new started drivers analysed:0
                                          Number of existing processes analysed:0
                                          Number of existing drivers analysed:0
                                          Number of injected processes analysed:0
                                          Technologies:
                                          • HCA enabled
                                          • EGA enabled
                                          • AMSI enabled
                                          Analysis Mode:default
                                          Analysis stop reason:Timeout
                                          Sample name:2cFFfHDG7D.msi
                                          renamed because original name is a hash value
                                          Original Sample Name:af6d4ffcaf5d3dab814d16429cb76754.msi
                                          Detection:MAL
                                          Classification:mal88.troj.spyw.evad.winMSI@52/91@12/3
                                          EGA Information:Failed
                                          HCA Information:
                                          • Successful, ratio: 78%
                                          • Number of executed functions: 403
                                          • Number of non-executed functions: 2
                                          Cookbook Comments:
                                          • Found application associated with file extension: .msi

                                          Warnings

                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                          • Excluded IPs from analysis (whitelisted): 40.119.152.241, 173.222.108.243, 173.222.108.147, 192.229.221.95, 199.232.214.172, 93.184.221.240
                                          • Excluded domains from analysis (whitelisted): crl.edge.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, cacerts.digicert.com, agentsapi.trafficmanager.net, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, ocsp.digicert.com, atera-agent-api-eu.westeurope.cloudapp.azure.com, ocsp.edge.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, crl3.digicert.com, crl4.digicert.com, wu-b-net.trafficmanager.net
                                          • Execution Graph export aborted for target AgentPackageAgentInformation.exe, PID 2076 because it is empty
                                          • Execution Graph export aborted for target AgentPackageAgentInformation.exe, PID 4180 because it is empty
                                          • Execution Graph export aborted for target AgentPackageAgentInformation.exe, PID 6128 because it is empty
                                          • Execution Graph export aborted for target AgentPackageAgentInformation.exe, PID 6904 because it is empty
                                          • Execution Graph export aborted for target AgentPackageAgentInformation.exe, PID 7264 because it is empty
                                          • Execution Graph export aborted for target AgentPackageAgentInformation.exe, PID 7284 because it is empty
                                          • Execution Graph export aborted for target AgentPackageAgentInformation.exe, PID 7304 because it is empty
                                          • Execution Graph export aborted for target AgentPackageAgentInformation.exe, PID 7848 because it is empty
                                          • Execution Graph export aborted for target AteraAgent.exe, PID 7548 because it is empty
                                          • Execution Graph export aborted for target AteraAgent.exe, PID 7728 because it is empty
                                          • Execution Graph export aborted for target rundll32.exe, PID 6904 because there are no executed function
                                          • Execution Graph export aborted for target rundll32.exe, PID 7200 because it is empty
                                          • Execution Graph export aborted for target rundll32.exe, PID 7300 because it is empty
                                          • Execution Graph export aborted for target rundll32.exe, PID 7932 because it is empty
                                          • Not all processes where analyzed, report is missing behavior information
                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                          • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                                          • Report size getting too big, too many NtSetInformationFile calls found.
                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                          • VT rate limit hit for: 2cFFfHDG7D.msi

                                          Simulations

                                          Behavior and APIs

                                          TimeTypeDescription
                                          12:20:50API Interceptor2x Sleep call for process: rundll32.exe modified
                                          12:20:55API Interceptor1682238x Sleep call for process: AteraAgent.exe modified
                                          12:21:09API Interceptor8x Sleep call for process: AgentPackageAgentInformation.exe modified

                                          Joe Sandbox View / Context

                                          IPs

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          35.157.63.227SecuriteInfo.com.Program.RemoteAdminNET.1.29844.msiGet hashmaliciousGhostRatBrowse
                                            setup.msiGet hashmaliciousUnknownBrowse
                                              1.msiGet hashmaliciousUnknownBrowse
                                                XLS_Confirmer.msiGet hashmaliciousUnknownBrowse
                                                  35.157.63.229SecuriteInfo.com.Program.RemoteAdminNET.1.29844.msiGet hashmaliciousGhostRatBrowse
                                                    VirginMediaBill26012020.msiGet hashmaliciousGhostRatBrowse
                                                      cqIMFiGPGW.msiGet hashmaliciousUnknownBrowse
                                                        setup.msiGet hashmaliciousUnknownBrowse
                                                          1.msiGet hashmaliciousUnknownBrowse
                                                            XLS_Confirmer.msiGet hashmaliciousUnknownBrowse

                                                              Domains

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              ps.pndsn.com2503.msiGet hashmaliciousAteraAgentBrowse
                                                              • 54.175.191.204
                                                              Salary.msiGet hashmaliciousAteraAgentBrowse
                                                              • 54.175.191.203
                                                              https://kinneretacil.egnyte.com/fl/gRykrFURtEGet hashmaliciousAteraAgentBrowse
                                                              • 54.175.191.203
                                                              Tejasnetworks.com.webinar.msiGet hashmaliciousUnknownBrowse
                                                              • 54.175.191.203
                                                              Polaristek.msiGet hashmaliciousUnknownBrowse
                                                              • 54.175.191.204
                                                              comviva.com.webinar.msiGet hashmaliciousUnknownBrowse
                                                              • 54.175.191.204
                                                              SecuriteInfo.com.Program.RemoteAdminNET.1.22760.30121.msiGet hashmaliciousUnknownBrowse
                                                              • 54.175.191.203
                                                              DaiyBD0ATV.exeGet hashmaliciousUnknownBrowse
                                                              • 35.157.63.227
                                                              https://www.hctc.app/2ff42844-f75c-416d-b7ab-3d4167f2c303Get hashmaliciousHTMLPhisherBrowse
                                                              • 35.157.63.228
                                                              bg.microsoft.map.fastly.netBL Draft.exeGet hashmaliciousFormBookBrowse
                                                              • 199.232.210.172
                                                              Products inquiryJULY ORDER2024.PDF.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                              • 199.232.210.172
                                                              SOA-Al Daleel.exeGet hashmaliciousAgentTeslaBrowse
                                                              • 199.232.214.172
                                                              Invoices AMM Consol 020-04860612.exeGet hashmaliciousUnknownBrowse
                                                              • 199.232.214.172
                                                              Invoices AMM Consol 020-04860612.exeGet hashmaliciousUnknownBrowse
                                                              • 199.232.214.172
                                                              http://beetrootculture.comGet hashmaliciousUnknownBrowse
                                                              • 199.232.210.172
                                                              https://isothermcx-my.sharepoint.com/:o:/p/m_chiasson/EldSmlva1OBFixvWpubo0mgB0DZQ4Do42riWb9YO1XmP-g?e=5%3av4rvfI&at=9Get hashmaliciousHTMLPhisherBrowse
                                                              • 199.232.210.172
                                                              https://www.filemail.com/t/RuKZYfeBGet hashmaliciousHTMLPhisherBrowse
                                                              • 199.232.210.172
                                                              kZa81nzREg.exeGet hashmaliciousAgentTeslaBrowse
                                                              • 199.232.214.172
                                                              SecuriteInfo.com.TrojanLoader.MSIL.DaVinci.Heur.6737.3783.exeGet hashmaliciousAgentTeslaBrowse
                                                              • 199.232.210.172

                                                              ASNs

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              AMAZON-02USYour file name without extension goes here.exeGet hashmaliciousFormBookBrowse
                                                              • 18.155.129.121
                                                              SecuriteInfo.com.Win32.MalwareX-gen.14314.27670.exeGet hashmaliciousPoverty StealerBrowse
                                                              • 104.192.141.1
                                                              AWB NO. 077-57676135055.exeGet hashmaliciousFormBookBrowse
                                                              • 44.227.65.245
                                                              MKCC-MEC-RFQ-115-2024.exeGet hashmaliciousFormBookBrowse
                                                              • 3.64.163.50
                                                              https://mail.pfl.fyi/v1/messages/0190749a-2f6a-7c9f-b37a-88f0ae969ede/click?link_id=0190749a-2ffa-7f41-ad16-3ecda235df51&signature=3e892faf1c0137166fda82e5ff5c6a3150c2cec9Get hashmaliciousHTMLPhisherBrowse
                                                              • 108.156.39.22
                                                              https://link.mail.beehiiv.com/ls/click?upn=u001.DTQiLe1mLQCNek4IXPrb3cd8am3-2BtbSaRRShUhZCbhF1FE2NDum-2B9YeqhMivZ-2FcIJGKdOjfqgyCSTZimAiOiNKkJG3N5vgYBNDNlk5YkmOU2XPb-2FKTFlF-2Fc7jFH7Nb8Q0JW6uJclJabjCcGs0cWdzdydwDpcxzScPZQBex7SofyQj6MGdYzEG8hbxGGqYt2bpR0NjPAx6JIYz6GJiSrQNg-3D-3DNN1n_VW5ZEdFpCuXmC2nf4fwMfiBmdui0O95PSMmp4s-2F2oS3jvSHISWr6XQl8RtHpD7TWmHpRBlT8NsCamUZaroeFibjayeskXeuNnFhPFOon1-2FD6SmbcpIEUC7jghzzXsggajKIODB16RJEeGNz4SFHe6mT-2Bn59v08ju13fD9NtKJQcr97qiQNjiGiaoQJcvN3gUurUBqLZp9I4f9bNW54ZUVVCzpwaogbLaWcL9oScbt8r4Ku34t9zOqlF27gTqXVf6T2MbNMKkoCYnb-2BuL8kIZdyoRM3EFOIuktrG5gMH3OTa1K2klBhmxFOQ2d7plqd5asAi8Ofl9YcYOh-2FL4f45riCQtSdd7jru06EkHcBuJahi-2BD3xm-2F7PbjpIpmn-2Bu7KYdjQeOSKE-2FSiD6UNxc7JQNRWkdnK1RTC7eoEMZms82uCa8fJQIoMgqBt91NrcdZIDONaGhhpHXRhQ1VbYp5h6Cow-3D-3D#?email=dmFsZXJpZS5jaHJ1c2NpZWxAb3Zlcmxha2Vob3NwaXRhbC5vcmc=Get hashmaliciousHTMLPhisherBrowse
                                                              • 108.156.39.60
                                                              7sAylAXBOb.exeGet hashmaliciousUnknownBrowse
                                                              • 3.64.163.50
                                                              http://booking.extnnehotteir.com/admin/o2shi1bka89Get hashmaliciousUnknownBrowse
                                                              • 18.239.36.121
                                                              7sAylAXBOb.exeGet hashmaliciousUnknownBrowse
                                                              • 3.64.163.50
                                                              5a5O0c0oJP.exeGet hashmaliciousUnknownBrowse
                                                              • 3.64.163.50
                                                              AMAZON-02USYour file name without extension goes here.exeGet hashmaliciousFormBookBrowse
                                                              • 18.155.129.121
                                                              SecuriteInfo.com.Win32.MalwareX-gen.14314.27670.exeGet hashmaliciousPoverty StealerBrowse
                                                              • 104.192.141.1
                                                              AWB NO. 077-57676135055.exeGet hashmaliciousFormBookBrowse
                                                              • 44.227.65.245
                                                              MKCC-MEC-RFQ-115-2024.exeGet hashmaliciousFormBookBrowse
                                                              • 3.64.163.50
                                                              https://mail.pfl.fyi/v1/messages/0190749a-2f6a-7c9f-b37a-88f0ae969ede/click?link_id=0190749a-2ffa-7f41-ad16-3ecda235df51&signature=3e892faf1c0137166fda82e5ff5c6a3150c2cec9Get hashmaliciousHTMLPhisherBrowse
                                                              • 108.156.39.22
                                                              https://link.mail.beehiiv.com/ls/click?upn=u001.DTQiLe1mLQCNek4IXPrb3cd8am3-2BtbSaRRShUhZCbhF1FE2NDum-2B9YeqhMivZ-2FcIJGKdOjfqgyCSTZimAiOiNKkJG3N5vgYBNDNlk5YkmOU2XPb-2FKTFlF-2Fc7jFH7Nb8Q0JW6uJclJabjCcGs0cWdzdydwDpcxzScPZQBex7SofyQj6MGdYzEG8hbxGGqYt2bpR0NjPAx6JIYz6GJiSrQNg-3D-3DNN1n_VW5ZEdFpCuXmC2nf4fwMfiBmdui0O95PSMmp4s-2F2oS3jvSHISWr6XQl8RtHpD7TWmHpRBlT8NsCamUZaroeFibjayeskXeuNnFhPFOon1-2FD6SmbcpIEUC7jghzzXsggajKIODB16RJEeGNz4SFHe6mT-2Bn59v08ju13fD9NtKJQcr97qiQNjiGiaoQJcvN3gUurUBqLZp9I4f9bNW54ZUVVCzpwaogbLaWcL9oScbt8r4Ku34t9zOqlF27gTqXVf6T2MbNMKkoCYnb-2BuL8kIZdyoRM3EFOIuktrG5gMH3OTa1K2klBhmxFOQ2d7plqd5asAi8Ofl9YcYOh-2FL4f45riCQtSdd7jru06EkHcBuJahi-2BD3xm-2F7PbjpIpmn-2Bu7KYdjQeOSKE-2FSiD6UNxc7JQNRWkdnK1RTC7eoEMZms82uCa8fJQIoMgqBt91NrcdZIDONaGhhpHXRhQ1VbYp5h6Cow-3D-3D#?email=dmFsZXJpZS5jaHJ1c2NpZWxAb3Zlcmxha2Vob3NwaXRhbC5vcmc=Get hashmaliciousHTMLPhisherBrowse
                                                              • 108.156.39.60
                                                              7sAylAXBOb.exeGet hashmaliciousUnknownBrowse
                                                              • 3.64.163.50
                                                              http://booking.extnnehotteir.com/admin/o2shi1bka89Get hashmaliciousUnknownBrowse
                                                              • 18.239.36.121
                                                              7sAylAXBOb.exeGet hashmaliciousUnknownBrowse
                                                              • 3.64.163.50
                                                              5a5O0c0oJP.exeGet hashmaliciousUnknownBrowse
                                                              • 3.64.163.50
                                                              AMAZON-02USYour file name without extension goes here.exeGet hashmaliciousFormBookBrowse
                                                              • 18.155.129.121
                                                              SecuriteInfo.com.Win32.MalwareX-gen.14314.27670.exeGet hashmaliciousPoverty StealerBrowse
                                                              • 104.192.141.1
                                                              AWB NO. 077-57676135055.exeGet hashmaliciousFormBookBrowse
                                                              • 44.227.65.245
                                                              MKCC-MEC-RFQ-115-2024.exeGet hashmaliciousFormBookBrowse
                                                              • 3.64.163.50
                                                              https://mail.pfl.fyi/v1/messages/0190749a-2f6a-7c9f-b37a-88f0ae969ede/click?link_id=0190749a-2ffa-7f41-ad16-3ecda235df51&signature=3e892faf1c0137166fda82e5ff5c6a3150c2cec9Get hashmaliciousHTMLPhisherBrowse
                                                              • 108.156.39.22
                                                              https://link.mail.beehiiv.com/ls/click?upn=u001.DTQiLe1mLQCNek4IXPrb3cd8am3-2BtbSaRRShUhZCbhF1FE2NDum-2B9YeqhMivZ-2FcIJGKdOjfqgyCSTZimAiOiNKkJG3N5vgYBNDNlk5YkmOU2XPb-2FKTFlF-2Fc7jFH7Nb8Q0JW6uJclJabjCcGs0cWdzdydwDpcxzScPZQBex7SofyQj6MGdYzEG8hbxGGqYt2bpR0NjPAx6JIYz6GJiSrQNg-3D-3DNN1n_VW5ZEdFpCuXmC2nf4fwMfiBmdui0O95PSMmp4s-2F2oS3jvSHISWr6XQl8RtHpD7TWmHpRBlT8NsCamUZaroeFibjayeskXeuNnFhPFOon1-2FD6SmbcpIEUC7jghzzXsggajKIODB16RJEeGNz4SFHe6mT-2Bn59v08ju13fD9NtKJQcr97qiQNjiGiaoQJcvN3gUurUBqLZp9I4f9bNW54ZUVVCzpwaogbLaWcL9oScbt8r4Ku34t9zOqlF27gTqXVf6T2MbNMKkoCYnb-2BuL8kIZdyoRM3EFOIuktrG5gMH3OTa1K2klBhmxFOQ2d7plqd5asAi8Ofl9YcYOh-2FL4f45riCQtSdd7jru06EkHcBuJahi-2BD3xm-2F7PbjpIpmn-2Bu7KYdjQeOSKE-2FSiD6UNxc7JQNRWkdnK1RTC7eoEMZms82uCa8fJQIoMgqBt91NrcdZIDONaGhhpHXRhQ1VbYp5h6Cow-3D-3D#?email=dmFsZXJpZS5jaHJ1c2NpZWxAb3Zlcmxha2Vob3NwaXRhbC5vcmc=Get hashmaliciousHTMLPhisherBrowse
                                                              • 108.156.39.60
                                                              7sAylAXBOb.exeGet hashmaliciousUnknownBrowse
                                                              • 3.64.163.50
                                                              http://booking.extnnehotteir.com/admin/o2shi1bka89Get hashmaliciousUnknownBrowse
                                                              • 18.239.36.121
                                                              7sAylAXBOb.exeGet hashmaliciousUnknownBrowse
                                                              • 3.64.163.50
                                                              5a5O0c0oJP.exeGet hashmaliciousUnknownBrowse
                                                              • 3.64.163.50

                                                              JA3 Fingerprints

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              3b5074b1b5d032e5620f69f9f700ff0ePurchase Order No.P7696#U00faPDF.scr.exeGet hashmaliciousUnknownBrowse
                                                              • 35.157.63.227
                                                              • 35.157.63.229
                                                              • 3.165.136.99
                                                              #Uc804#Uc790(#Uc138#Uae08)#Uacc4#Uc0b0#Uc11c 2024-06-20.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                              • 35.157.63.227
                                                              • 35.157.63.229
                                                              • 3.165.136.99
                                                              Nichiden Viet Nam - Products List & Specification.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                              • 35.157.63.227
                                                              • 35.157.63.229
                                                              • 3.165.136.99
                                                              Purchase Order No.P7696#U00faPDF.scr.exeGet hashmaliciousUnknownBrowse
                                                              • 35.157.63.227
                                                              • 35.157.63.229
                                                              • 3.165.136.99
                                                              thegreatestexecutor.batGet hashmaliciousUnknownBrowse
                                                              • 35.157.63.227
                                                              • 35.157.63.229
                                                              • 3.165.136.99
                                                              Products inquiryJULY ORDER2024.PDF.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                              • 35.157.63.227
                                                              • 35.157.63.229
                                                              • 3.165.136.99
                                                              QUOTATION_JULQTRA071244#U00faPDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                              • 35.157.63.227
                                                              • 35.157.63.229
                                                              • 3.165.136.99
                                                              http://ferjex.comGet hashmaliciousUnknownBrowse
                                                              • 35.157.63.227
                                                              • 35.157.63.229
                                                              • 3.165.136.99
                                                              Service Desk - Please verify your Account!.emlGet hashmaliciousHTMLPhisherBrowse
                                                              • 35.157.63.227
                                                              • 35.157.63.229
                                                              • 3.165.136.99
                                                              q86onx3LvU.exeGet hashmaliciousPureLog StealerBrowse
                                                              • 35.157.63.227
                                                              • 35.157.63.229
                                                              • 3.165.136.99

                                                              Dropped Files

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll2503.msiGet hashmaliciousAteraAgentBrowse
                                                                AdobeAcrobat2.1.2.msiGet hashmaliciousAteraAgentBrowse
                                                                  440e4d.msiGet hashmaliciousAteraAgentBrowse
                                                                    digitalform.msiGet hashmaliciousAteraAgentBrowse
                                                                      Setupx64.msiGet hashmaliciousAteraAgentBrowse
                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe2503.msiGet hashmaliciousAteraAgentBrowse
                                                                          AdobeAcrobat2.1.2.msiGet hashmaliciousAteraAgentBrowse
                                                                            440e4d.msiGet hashmaliciousAteraAgentBrowse
                                                                              digitalform.msiGet hashmaliciousAteraAgentBrowse
                                                                                Setupx64.msiGet hashmaliciousAteraAgentBrowse
                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll2503.msiGet hashmaliciousAteraAgentBrowse
                                                                                    AdobeAcrobat2.1.2.msiGet hashmaliciousAteraAgentBrowse
                                                                                      440e4d.msiGet hashmaliciousAteraAgentBrowse
                                                                                        digitalform.msiGet hashmaliciousAteraAgentBrowse
                                                                                          Setupx64.msiGet hashmaliciousAteraAgentBrowse

                                                                                            Created / dropped Files

                                                                                            C:\Config.Msi\56f4af.rbs

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):8813
                                                                                            Entropy (8bit):5.662063401882384
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:Hj7xz1ccbTOOeMeIu61W7r6IHfW7r6kAVv70HVotBVeZEmzmYpLAV777XpY92r:HnD2gipitiB2iv
                                                                                            MD5:F7A352D50982B924663C281E9D1ECDA8
                                                                                            SHA1:89A82B1235A7DD7A72073227AA19D7C8F08F6CF6
                                                                                            SHA-256:53B7956EEAC1C9912950F3C62E0A86802ABB90F2F144DE2D75675B16A6281A3C
                                                                                            SHA-512:FF70F59CCA4E97CFEB10935460A2F47C5DAAD3C71F9E1963FB8A222EE81D711F9B31028493C1A1598D1DEF2C9BF7B95F828AB0A638AB26A1FBBDC12C6BA488C1
                                                                                            Malicious:true
                                                                                            Yara Hits:
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Config.Msi\56f4af.rbs, Author: Joe Security
                                                                                            Preview:...@IXOS.@.....@.b.X.@.....@.....@.....@.....@.....@......&.{E732A0D7-A2F2-4657-AC41-B19742648E45}..AteraAgent..2cFFfHDG7D.msi.@.....@.....@.....@........&.{721AD955-79FD-4019-BBF5-9DCC4C1175BB}.....@.....@.....@.....@.......@.....@.....@.......@......AteraAgent......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....StopAteraServiceQuiet....KillAteraTaskQuiet....ProcessComponents..Updating component registration..&.{F7DFE9BA-9FAD-11DA-9578-00E08161165F}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{C8C868DC-3A5E-4180-A7BB-03D6282966CB}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{0EC8B23C-C723-41E1-9105-4B9C2CDAD47A}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{F1B1B9D1-F1B0-420C-9D93-F04E9BD4795D}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{5F95F700-DCA4-4880-B2D2-891AE0D6E1A3}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{F62C52BA-15C7-4C3D-AAB2-DE65004F9665}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{38F01010-E31

                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog

                                                                                            Download File
                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):753
                                                                                            Entropy (8bit):4.853078320826549
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:qLLYem7haYNem7hcomf3em7hUQLtygXnC9xkKxeCsx/Yem7haYNem7hcomf3em7B:qLUVhzVhM3VhdLtXXIxkKxeCsOVhzVhY
                                                                                            MD5:8298451E4DEE214334DD2E22B8996BDC
                                                                                            SHA1:BC429029CC6B42C59C417773EA5DF8AE54DBB971
                                                                                            SHA-256:6FBF5845A6738E2DC2AA67DD5F78DA2C8F8CB41D866BBBA10E5336787C731B25
                                                                                            SHA-512:CDA4FFD7D6C6DFF90521C6A67A3DBA27BF172CC87CEE2986AE46DCCD02F771D7E784DCAD8AEA0AD10DECF46A1C8AE1041C184206EC2796E54756E49B9217D7BA
                                                                                            Malicious:true
                                                                                            Yara Hits:
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog, Author: Joe Security
                                                                                            Preview:.Installing assembly 'C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe'...Affected parameters are:.. logtoconsole = .. assemblypath = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.. logfile = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog..Installing service AteraAgent.....Service AteraAgent has been successfully installed...Creating EventLog source AteraAgent in log Application.....Committing assembly 'C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe'...Affected parameters are:.. logtoconsole = .. assemblypath = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.. logfile = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog..

                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallState

                                                                                            Download File
                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (7463), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):7466
                                                                                            Entropy (8bit):5.1606801095705865
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:R3DrP/zatgCnNjn1x62muDr9aHmzcv/65m7JDcm0BefnanGEkn56vT4ZvR++JDr+:NexdYX7OSRjXsaA0Ndhi
                                                                                            MD5:362CE475F5D1E84641BAD999C16727A0
                                                                                            SHA1:6B613C73ACB58D259C6379BD820CCA6F785CC812
                                                                                            SHA-256:1F78F1056761C6EBD8965ED2C06295BAFA704B253AFF56C492B93151AB642899
                                                                                            SHA-512:7630E1629CF4ABECD9D3DDEA58227B232D5C775CB480967762A6A6466BE872E1D57123B08A6179FE1CFBC09403117D0F81BC13724F259A1D25C1325F1EAC645B
                                                                                            Malicious:false
                                                                                            Preview:.<?xml version="1.0" encoding="utf-8"?><ArrayOfKeyValueOfanyTypeanyType xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns:x="http://www.w3.org/2001/XMLSchema" z:Id="1" z:Type="System.Collections.Hashtable" z:Assembly="0" xmlns:z="http://schemas.microsoft.com/2003/10/Serialization/" xmlns="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><LoadFactor z:Id="2" z:Type="System.Single" z:Assembly="0" xmlns="">0.72</LoadFactor><Version z:Id="3" z:Type="System.Int32" z:Assembly="0" xmlns="">2</Version><Comparer i:nil="true" xmlns="" /><HashCodeProvider i:nil="true" xmlns="" /><HashSize z:Id="4" z:Type="System.Int32" z:Assembly="0" xmlns="">3</HashSize><Keys z:Id="5" z:Type="System.Object[]" z:Assembly="0" z:Size="2" xmlns=""><anyType z:Id="6" z:Type="System.String" z:Assembly="0" xmlns="http://schemas.microsoft.com/2003/10/Serialization/Arrays">_reserved_nestedSavedStates</anyType><anyType z:Id="7" z:Type="System.String" z:Assembly="0" xmlns="http://schemas.microsoft.com/20

                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):145968
                                                                                            Entropy (8bit):5.874150428357998
                                                                                            Encrypted:false
                                                                                            SSDEEP:3072:bk/SImWggsVz8TzihTmmrG/GOXYsqRK3ybTXzpUTQM9/FMp:ISWB/YrRK3yb37
                                                                                            MD5:477293F80461713D51A98A24023D45E8
                                                                                            SHA1:E9AA4E6C514EE951665A7CD6F0B4A4C49146241D
                                                                                            SHA-256:A96A0BA7998A6956C8073B6EFF9306398CC03FB9866E4CABF0810A69BB2A43B2
                                                                                            SHA-512:23F3BD44A5FB66BE7FEA3F7D6440742B657E4050B565C1F8F4684722502D46B68C9E54DCC2486E7DE441482FCC6AA4AD54E94B1D73992EB5D070E2A17F35DE2F
                                                                                            Malicious:true
                                                                                            Yara Hits:
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, Author: Joe Security
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 18%
                                                                                            Joe Sandbox View:
                                                                                            • Filename: 2503.msi, Detection: malicious, Browse
                                                                                            • Filename: AdobeAcrobat2.1.2.msi, Detection: malicious, Browse
                                                                                            • Filename: 440e4d.msi, Detection: malicious, Browse
                                                                                            • Filename: digitalform.msi, Detection: malicious, Browse
                                                                                            • Filename: Setupx64.msi, Detection: malicious, Browse
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...O..e.........."...0.............f$... ...@....@.. ...............................1....`..................................$..O....@..,...............0(...`......."............................................... ............... ..H............text...|.... ...................... ..`.rsrc...,....@......................@..@.reloc.......`......................@..B................H$......H.......(...D4..........l!..p.............................................{....*.0..N........~......,.~.....+:(.......~....(........(....#.......@....,.(.....+.~.....+..*...0..;........(.......(.....1.(.......(........+....,.~.....+.~.....+..*..0..6........~....%-.&~..........s....%.....s ......o!.....o"....*...0..O........(...........~#...r...po$..........,..rG..ps%...z.rO..p.....(&....~.....o'....*..0..>........~#...r...po(............,'.~#...r...po$............,.rG..ps%...

                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1442
                                                                                            Entropy (8bit):5.076953226383825
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:JdfrdB2nk3Jc3J4YH33Jy34OqsJ+J4YHKJy34OOAPF7NhOXrRH2/d9r:3frf2nKS4YHJyILsJ+J4YHKJyIv47O7w
                                                                                            MD5:B3BB71F9BB4DE4236C26578A8FAE2DCD
                                                                                            SHA1:1AD6A034CCFDCE5E3A3CED93068AA216BD0C6E0E
                                                                                            SHA-256:E505B08308622AD12D98E1C7A07E5DC619A2A00BCD4A5CBE04FE8B078BCF94A2
                                                                                            SHA-512:FB6A46708D048A8F964839A514315B9C76659C8E1AB2CD8C5C5D8F312AA4FB628AB3CE5D23A793C41C13A2AA6A95106A47964DAD72A5ECB8D035106FC5B7BA71
                                                                                            Malicious:true
                                                                                            Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" /></startup>.... <appSettings>.. .. .. .. <add key="ClientSettingsProvider.ServiceUri" value="" />.. </appSettings>.. .. .. <system.web>.. <membership defaultProvider="ClientAuthenticationMembershipProvider">.. <providers>.. <add name="ClientAuthenticationMembershipProvider" type="System.Web.ClientServices.Providers.ClientFormsAuthenticationMembershipProvider, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" />.. </providers>.. </membership>.. <roleManager defaultProvider="ClientRoleProvider" enabled="true">.. <providers>.. <add name="ClientRoleProvider" type="System.Web.ClientServices.Providers.ClientRoleProvider, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" cacheTimeout="86

                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):3318832
                                                                                            Entropy (8bit):6.534876879948643
                                                                                            Encrypted:false
                                                                                            SSDEEP:49152:yIBbo0WIgmjljFtXCdRLRBcJd+KaGxHIkMNqzP56O8lZ7qXUqi9p:DBbBWIgWljGxRB/LLp
                                                                                            MD5:11CC798BAFA45BE12D27C68D6B59BA27
                                                                                            SHA1:4D1CA0C0F1BC3691F5F852CC8D3ED88605B70434
                                                                                            SHA-256:443A1C088E62810A954FFE9F0136F7A8D5E44928425D23B5284D936270D9837A
                                                                                            SHA-512:FA0AEAF5309FD1593DB8AF774F18AA9CDA9B7ABD3F32D34CFD1B615EE68CECA0155DFB0AB7351E182B1B9D872BF41B19E66D2B597D2BA6300AF332A0F525C75A
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Joe Sandbox View:
                                                                                            • Filename: 2503.msi, Detection: malicious, Browse
                                                                                            • Filename: AdobeAcrobat2.1.2.msi, Detection: malicious, Browse
                                                                                            • Filename: 440e4d.msi, Detection: malicious, Browse
                                                                                            • Filename: digitalform.msi, Detection: malicious, Browse
                                                                                            • Filename: Setupx64.msi, Detection: malicious, Browse
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....R............" ..0..r2..........&1.. ....2...... ........................2.....i.3...@.................................G&1.O.....2..............|2.0(....2.....X.(.p............................................ ............... ..H............text....p2.. ...r2................. ..`.rsrc.........2......t2.............@..@.reloc........2......z2.............@..B................{&1.....H...........$....................(.....................................V!........s.........*.~....-*(....o....o....o.........~....-.~.........~....*..( ...*...0..G.......(!....o"....s.1....s*,..%..(.... ....o.....o 0...Zo....t....o8(..(....*..0..$..........(.....(....o.....(!.......io#...*z...(....(!....o"...o....(....*..0............T....r...p.(O....o$....(....*..0..I.......sG...sB)..s.(..s.(...(....s6(....,..o%....2...(....sV(....+.....%..ox...*..( ...*V.(&.....}......}..

                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):215088
                                                                                            Entropy (8bit):6.030864151731967
                                                                                            Encrypted:false
                                                                                            SSDEEP:6144:r1uYsjrFIzmuxpOI/1MvCdRbpSISC8j7s/k:mIzm6pOIgvr7ok
                                                                                            MD5:C106DF1B5B43AF3B937ACE19D92B42F3
                                                                                            SHA1:7670FC4B6369E3FB705200050618ACAA5213637F
                                                                                            SHA-256:2B5B7A2AFBC88A4F674E1D7836119B57E65FAE6863F4BE6832C38E08341F2D68
                                                                                            SHA-512:616E45E1F15486787418A2B2B8ECA50CACAC6145D353FF66BF2C13839CD3DB6592953BF6FEED1469DB7DDF2F223416D5651CD013FB32F64DC6C72561AB2449AE
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Joe Sandbox View:
                                                                                            • Filename: 2503.msi, Detection: malicious, Browse
                                                                                            • Filename: AdobeAcrobat2.1.2.msi, Detection: malicious, Browse
                                                                                            • Filename: 440e4d.msi, Detection: malicious, Browse
                                                                                            • Filename: digitalform.msi, Detection: malicious, Browse
                                                                                            • Filename: Setupx64.msi, Detection: malicious, Browse
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....*............" ..0..............'... ...@....... ....................................`..................................'..O....@..t............ ..0(...`.......&..T............................................ ............... ..H............text........ ...................... ..`.rsrc...t....@......................@..@.reloc.......`......................@..B.................'......H........... ...................$&........................................( ...*"..(!...*&...("...*&...(#...*2.r...p(....*"..(....*&...(....*&...(....*2.rE..p(....*"..(....*&...(....*&...(....*2.r...p(....*"..(....*&...(....*&...(....*J..r...p($...(....*v....(%.....(%.....(%...(....*....L...%...%.r...p.%...%.r...p.%....%.r+..p.%...(&...(....*..(....*&...(....*&...(....*.0..)........{.........('...t......|......(...+...3.*....0..)........{.........()...t......|......(...+...3.

                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):710192
                                                                                            Entropy (8bit):5.96048066969898
                                                                                            Encrypted:false
                                                                                            SSDEEP:12288:3BARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTUU:3BA/ZTvQD0XY0AJBSjRlXP36RMGV
                                                                                            MD5:2C4D25B7FBD1ADFD4471052FA482AF72
                                                                                            SHA1:FD6CD773D241B581E3C856F9E6CD06CB31A01407
                                                                                            SHA-256:2A7A84768CC09A15362878B270371DAAD9872CAACBBEEBE7F30C4A7ED6C03CA7
                                                                                            SHA-512:F7F94EC00435466DB2FB535A490162B906D60A3CFA531A36C4C552183D62D58CCC9A6BB8BBFE39815844B0C3A861D3E1F1178E29DBCB6C09FA2E6EBBB7AB943A
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ......J.....`.....................................O.......................0(.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation.zip

                                                                                            Download File
                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                            Category:dropped
                                                                                            Size (bytes):380877
                                                                                            Entropy (8bit):7.999357094329912
                                                                                            Encrypted:true
                                                                                            SSDEEP:6144:VQqF6VnV0xJn81+xJOeOZltEVPH9eoJKmQrhdZRzBPLfYxEt/fUtnlEIZoh63DSd:/F6VV0nC+xJO3ZlOV/RJKLrhpz1UxEhp
                                                                                            MD5:8844AD4567462D59CEB8FB25E9FAAFE1
                                                                                            SHA1:EE69E4F600AE46C28950F4ECD4C99AD17897F164
                                                                                            SHA-256:661800031D7F3CC0EE628150AED3D32772231B6CC0853DF96A8CA8D0F7C2F920
                                                                                            SHA-512:D6E0C176AACB7D35A6601C9BE322E5B1F5D697B1C6585F6B094431D4E957EF030D038FB6830A6A6458F478F77648BF01F00128405343369CB31CB980A7A79612
                                                                                            Malicious:false
                                                                                            Preview:PK..-......N.X#...........=...AgentPackageAgentInformation/AgentPackageAgentInformation.exe....0.................A#~3.\...X...y......F.Rm..i.Y.......)...a..m..M...V">}HH....5..O....i~c.`.X.........^.3|....Rx./."{...........`Pi...3..:.....%._.ab../' .X.#...@.....3.Io.n....6..w...P.n.;FT...[Q.J.?...8.%Y`.4...Y..O6.7].n..H..v.....*....OT..6..n.Q....$..._..O...L.N.."..3^.Jbe.M...!.[..Z#P.f.1.....1.L%q.)Y....h.^.....Z..^.<...., .i.].y..O$..O\......;v...g..}'.....IU.eC...r....g.!.$....is.Q...M..B..N..q.....3.....G..,.Z.$....4...s..........J.F..<C..6'."..V0Y.<..v\e..f......d,.....0.aD*..'.37wP.&....R%..1.........@.w,..... ...4..J..+.u.....{|..>.~."F.IqN.1..a...^.m..|5m../<*~.pP..U.X..'."...~}l.6....,....U.u.ZY. {.<,.y....7^:.V50=N'.n..dJn.gg.v.S@v.K.|}lK^'..CnM.(.,.....k.-.@.D.:.dw|.i.D-6.\.EcO..X')A..4Z.H.BR[&..%....N!.....n..P..w...j.....z.J...u.....T...8+(..vq..}.j.9.j\.G.Q.TL........Yv..x...`.G....I.I.G.X...x.^.(8..|...n.%.........W....,/...W#..

                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe

                                                                                            Download File
                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):166960
                                                                                            Entropy (8bit):5.787000700091396
                                                                                            Encrypted:false
                                                                                            SSDEEP:1536:x2WU7LsQFNCxod3LfMtOgxMkRMPGCeKFUCsp7mGZtywis2rNxOEtt231KIC7wfOG:1yfMIC06hp7mmzl2ZoEtt28ICAcX5E9
                                                                                            MD5:47709084FF7F796AAE3D6430AB076793
                                                                                            SHA1:E6F01090BF0455B5BABDC98E113147A937C90C9C
                                                                                            SHA-256:F8C3D344F1A64816B8953D1575BFB476F9008797A9E6954BDB39095750F69616
                                                                                            SHA-512:8D8B34728013354E8BB30B9A6C899A2591FF3D69A5EDC0F960D8F7F7F8F109A36BDE1F9A79905DEDDABB85083D1B0D518D3D2F47C190219354DB1E9EF2202D07
                                                                                            Malicious:true
                                                                                            Yara Hits:
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, Author: Joe Security
                                                                                            • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, Author: Joe Security
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...8..f.........."...0..X...........u... ........@.. ..............................I.....`..................................u..O....................d..0(..........Pt............................................... ............... ..H............text...(V... ...X.................. ..`.rsrc................Z..............@..@.reloc...............b..............@..B.................u......H...........P.......,....................................................0..........r...p... .....r...p.(.....o......(.....o......(.....o...........s......[o .....s!...%.o".......o#.....s$..........s%...%......io&...%o'.....o(.......o)...o).....(*...*..0..........r...p... .....r...p.(.....o......(.....o.......(+..........s......[o .....s!...%.o".......o,.......s-..........s%......i.j.....%......io........o)...o)...(.........o/...*..(0...*..{....*"..}....*..{....*"..}....*..{.

                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config

                                                                                            Download File
                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):546
                                                                                            Entropy (8bit):5.048902065665432
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:MMHdG3VSQg9LNFF7ap+5v5OXrRf/2//FicYo4xm:JdASPF7NhOXrRH2/d9r
                                                                                            MD5:158FB7D9323C6CE69D4FCE11486A40A1
                                                                                            SHA1:29AB26F5728F6BA6F0E5636BF47149BD9851F532
                                                                                            SHA-256:5E38EF232F42F9B0474F8CE937A478200F7A8926B90E45CB375FFDA339EC3C21
                                                                                            SHA-512:7EEFCC5E65AB4110655E71BC282587E88242C15292D9C670885F0DAAE30FA19A4B059390EB8E934607B8B14105E3E25D7C5C1B926B6F93BDD40CBD284AAA3CEB
                                                                                            Malicious:true
                                                                                            Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>...<supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>..</configuration>..

                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.ini

                                                                                            Download File
                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):12
                                                                                            Entropy (8bit):3.584962500721156
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:WhWy:Wz
                                                                                            MD5:979F2117D3C6FA45764F95478460326D
                                                                                            SHA1:1A92E45313A57F93FEB6975409467C516EF1EEA7
                                                                                            SHA-256:AF2A2E305B26A046D7876B8ACFA9FC0EB633D03F2F1D2237CBE6088E7FF7E15E
                                                                                            SHA-512:F29EE1C531FA89125B94A519F4C7D1243C95C9006E4B722BB134A1C4270708B250FD6988BE52358280FA097AEA5BFC973B0424D09FEE8AEAE48275D3341A6F1D
                                                                                            Malicious:false
                                                                                            Preview:version=36.7

                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll

                                                                                            Download File
                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):96816
                                                                                            Entropy (8bit):6.180663524011645
                                                                                            Encrypted:false
                                                                                            SSDEEP:1536:bJt7dqUlizL21LDdeOKTfLz2L506wFj/XxFoKjhJG/50vks00UfgfgvC7Hxww:bQUm2H5KTfOLgxFJjE50vksVUfPvCB
                                                                                            MD5:4D69AE8A42E6577448B14AFB6417031D
                                                                                            SHA1:CF92A236E33CCFD6007D58C1D60F3CDCA5C4DF02
                                                                                            SHA-256:4041DDD297A1F41B7449227321C51A0E0F013CDD87BB783196233B9CED772E9E
                                                                                            SHA-512:9AEEFA1DF5C34B7C7DE0347623A8219EA29D85D61EA56738C569D6416CC7B130CA14C363832E9EA64508CB35C5CD5A0D5F6AB698E671721CE5D44EA405B0F795
                                                                                            Malicious:true
                                                                                            Yara Hits:
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll, Author: Joe Security
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....0.d.........." ..0..H..........zf... ........... ..............................C3....`.................................(f..O.......8............R..0(...........d............................................... ............... ..H............text....F... ...H.................. ..`.rsrc...8............J..............@..@.reloc...............P..............@..B................\f......H........k..D............................................................0..>.......~........o....~......(....&.s.......&...~....(....,..(....&..*...........$...........'........(....*.......*.0..4.......(....o....r...p(....r...p(..........(....(......&..*........00......:.(......}....*..0..Z............( ...,......(!...*~..........("........( ...-..(....s#...........,..($.........(!...*..........&E.......0..G........{....,.(......5~%...r'..po&...rm..pr...po'...tR...r...p((..

                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll

                                                                                            Download File
                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):704560
                                                                                            Entropy (8bit):5.954042737600605
                                                                                            Encrypted:false
                                                                                            SSDEEP:12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3c:U8m657w6ZBLmkitKqBCjC0PDgM5s
                                                                                            MD5:3953CD33C8B3320F544868CE26EAC77E
                                                                                            SHA1:92EF75C2BCF7EEC34C20176C62F9CDF8553A7B84
                                                                                            SHA-256:CA1E1C297CCC9315A91A8C5A81F772F5A743235972D987ACBAFCF08852C160F5
                                                                                            SHA-512:AA11957E9C8F46E8C89BE01454219BD174CA05DA34669B17E613981A16ACF4C5A53C988DE155C74065396D9916922752E28635A032FCD8C5402BF7BC06D378B7
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ..............................-.....`.....................................O.......................0(.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........{...,..................d.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{^....3...{]......(....,...{]...*..{_.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):602672
                                                                                            Entropy (8bit):6.145404526272746
                                                                                            Encrypted:false
                                                                                            SSDEEP:6144:UShQrHBJEwJiIJJ8TihsEWdzs29glRleqn4uRTJgwhVHhoNw0r17K7DDaiC3KM+9:gHDxJGihsEKwSuTuwvOWgFA
                                                                                            MD5:17D74C03B6BCBCD88B46FCC58FC79A0D
                                                                                            SHA1:BC0316E11C119806907C058D62513EB8CE32288C
                                                                                            SHA-256:13774CC16C1254752EA801538BFB9A9D1328F8B4DD3FF41760AC492A245FBB15
                                                                                            SHA-512:F1457A8596A4D4F9B98A7DCB79F79885FA28BD7FC09A606AD3CD6F37D732EC7E334A64458E51E65D839DDFCDF20B8B5676267AA8CED0080E8CF81A1B2291F030
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X............." ..0............." ... ...@....... ....................................`.....................................O....@..|...............0(...`..........T............................................ ............... ..H............text...(.... ...................... ..`.rsrc...|....@......................@..@.reloc.......`......................@..B................. ......H............{..................x.......................................r.(......}......}......}....*....0..,........-..{.....o...+.+..{.....{....s.....o...+..*V.(......}......}....*...0...................-..+..o....s"........o$......o,....,..o....,...,....o(........,...oH...,...o......+.......9......o....,..{......o....o....o......s..........o&...8.....{......o....o........9e.....o.....?X.....r...po....9G.....r...po....o....r...p.( ...9&.....r...po....9......r...po....o.....

                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dll

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):73264
                                                                                            Entropy (8bit):5.954475034553661
                                                                                            Encrypted:false
                                                                                            SSDEEP:1536:6784YWac+abptsy5VyYc/9n1RcGxzeeUVn9KyQgHo0JuresehaAR7HxRq:67N1r9KGI04CCARLq
                                                                                            MD5:F4D9D65581BD82AF6108CFA3DD265A9A
                                                                                            SHA1:A926695B1E5D3842D8345C56C087E58845307A16
                                                                                            SHA-256:A3219CD30420EBCF7507C9C9F92FD551AE19999BE247CAA861A8A22D265BE379
                                                                                            SHA-512:144C1195A440907592B22FC947F4284CA36869BDAE495EC8CA5212AF4F63E8E8492FB0EC3B37BF66DB912AF30864C69588D0E35ED9B3D24D36DF3B09DDB5B6C3
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.Z.........." ..0.................. ... ....... .......................`.......f....@.....................................O.... ..P...............0(...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...P.... ......................@..@.reloc.......@......................@..B........................H.......$...h...........................................................6..o.........*f..o...........o.........*...o...........o...........o.........*...o...........o ..........o!...........o"........*...o#..........o$..........o%...........o&...........o'........*....0..L.........o(..........o)..........o*...........o+...........o,...........o-........*.0..Y.........o...........o/..........o0...........o1...........o2...........o3...........o4.... ...*....0..k.........o5....

                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt

                                                                                            Download File
                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            File Type:ASCII text, with CRLF, LF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):218
                                                                                            Entropy (8bit):5.20209467293455
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:ALt/T89w3pKFSQmbNGQY9cTH5tRE7x1DX:CMSQjcFtkx9X
                                                                                            MD5:F95EE0DB2BEE561E0DB52E0BDAA4DBC1
                                                                                            SHA1:4D8E811EC0B3F2A60B08838BB92A3B42EAB8A92C
                                                                                            SHA-256:3F7E11407C5888A7187347D914CB381F4DC7EBBFAF1747A0B580E868AF054230
                                                                                            SHA-512:34B71F4DBC82788B8DE8DCBABC0A2C0C631BC20FCF72130981704C7E16C0D41222D3DBC15B10C4CB9D62C3414339A5ABAE430EC7126A7921408D70CCB168C071
                                                                                            Malicious:false
                                                                                            Preview:/i /IntegratorLogin=omar.zetawi@polaris-tek.com /CompanyId=1 /IntegratorLoginUI= /CompanyIdUI= /FolderId= /AccountId=001Q300000HarDhIAJ /AgentId=7d7ca517-f825-4372-8327-c232f61880c4.03/07/2024 12:20:57 Trace Starting..

                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AteraAgent.exe.log

                                                                                            Download File
                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            File Type:CSV text
                                                                                            Category:dropped
                                                                                            Size (bytes):2402
                                                                                            Entropy (8bit):5.362731083469072
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:MxHKQg8mHDp684IHTQ06YHKGSI6oPtHTHhAHKKk+HKlT4v1qHGIs0HKaHKmTHlH7:iqzCIzQ06YqGSI6oPtzHeqKk+qZ4vwme
                                                                                            MD5:28B4BFE9130A35038BD57B2F89847BAE
                                                                                            SHA1:8DBF9D2800AB08CCA18B4BA00549513282B774A9
                                                                                            SHA-256:19F498CAE589207075B8C82D7DACEAE23997D61B93A971A4F049DC14C8A3D514
                                                                                            SHA-512:02100FD4059C4D32FBAAA9CEAACB14C50A4359E4217203B2F7A40E298AD819ED5469F2442291F12852527A2B7109CC5F7BFF7FDAD53BA5ABF75FC5F0474E984F
                                                                                            Malicious:false
                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.ServiceProcess, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Serv759bfb78#\e2ca4e2ddffdc0d0bda3f2ca65249790\System.ServiceProcess.ni.dll",0..3,"System.Configuration.Install, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Confe64a9051#\434f871c532673e1359654ad68a1c225\System.Configuration.Install.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\a

                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                            File Type:CSV text
                                                                                            Category:dropped
                                                                                            Size (bytes):651
                                                                                            Entropy (8bit):5.343677015075984
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhaOK9eDLI4MNJK9P/JNTK9yiv:ML9E4KlKDE4KhKiKhPKIE4oKNzKoM
                                                                                            MD5:7EEF860682F76EC7D541A8C1A3494E3D
                                                                                            SHA1:58D759A845D2D961A5430E429EF777E60C48C87E
                                                                                            SHA-256:65E958955AC5DBB7D7AD573EB4BB36BFF4A1DC52DD16CF79A5F7A0FA347727F1
                                                                                            SHA-512:BF7767D55F624B8404240953A726AA616D0CE60EC1B3027710B919D6838EFF7281A79B49B22AB8B065D8CA921EF4D09017A0991CB4A21DAF09B3B43E6698CB04
                                                                                            Malicious:false
                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..

                                                                                            C:\Windows\Installer\56f4ae.msi

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AteraAgent, Author: Atera networks, Keywords: Installer, Comments: This installer database contains the logic and data required to install AteraAgent., Template: Intel;1033, Revision Number: {721AD955-79FD-4019-BBF5-9DCC4C1175BB}, Create Time/Date: Wed Feb 28 10:52:02 2024, Last Saved Time/Date: Wed Feb 28 10:52:02 2024, Number of Pages: 200, Number of Words: 6, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                                                            Category:dropped
                                                                                            Size (bytes):2994176
                                                                                            Entropy (8bit):7.878670109152467
                                                                                            Encrypted:false
                                                                                            SSDEEP:49152:Y+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:Y+lUlz9FKbsodq0YaH7ZPxMb8tT
                                                                                            MD5:AF6D4FFCAF5D3DAB814D16429CB76754
                                                                                            SHA1:04224AB9DA82D078D5B9E48589C56E9BDE707FCF
                                                                                            SHA-256:55AF6A90AC8863F27B3FCAA416A0F1E4FF02FB42AA46A7274C6B76AA000AACC2
                                                                                            SHA-512:2D5CCDC482852A48597AB3C4FDF150CF4552C3BFAF0B3EC8779745E7C5EF7496BD9A8CC87E9DF8AF89762DFC4586BE6797211983FB2B08E16B5C403C7600A171
                                                                                            Malicious:false
                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Windows\Installer\56f4b0.msi

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AteraAgent, Author: Atera networks, Keywords: Installer, Comments: This installer database contains the logic and data required to install AteraAgent., Template: Intel;1033, Revision Number: {721AD955-79FD-4019-BBF5-9DCC4C1175BB}, Create Time/Date: Wed Feb 28 10:52:02 2024, Last Saved Time/Date: Wed Feb 28 10:52:02 2024, Number of Pages: 200, Number of Words: 6, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                                                            Category:dropped
                                                                                            Size (bytes):2994176
                                                                                            Entropy (8bit):7.878670109152467
                                                                                            Encrypted:false
                                                                                            SSDEEP:49152:Y+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:Y+lUlz9FKbsodq0YaH7ZPxMb8tT
                                                                                            MD5:AF6D4FFCAF5D3DAB814D16429CB76754
                                                                                            SHA1:04224AB9DA82D078D5B9E48589C56E9BDE707FCF
                                                                                            SHA-256:55AF6A90AC8863F27B3FCAA416A0F1E4FF02FB42AA46A7274C6B76AA000AACC2
                                                                                            SHA-512:2D5CCDC482852A48597AB3C4FDF150CF4552C3BFAF0B3EC8779745E7C5EF7496BD9A8CC87E9DF8AF89762DFC4586BE6797211983FB2B08E16B5C403C7600A171
                                                                                            Malicious:false
                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Windows\Installer\MSI1116.tmp

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):216496
                                                                                            Entropy (8bit):6.646208142644182
                                                                                            Encrypted:false
                                                                                            SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                            MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                            SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                            SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                            SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                            C:\Windows\Installer\MSI27EA.tmp

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                            Category:modified
                                                                                            Size (bytes):521954
                                                                                            Entropy (8bit):7.356225107100806
                                                                                            Encrypted:false
                                                                                            SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                            MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                            SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                            SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                            SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                            C:\Windows\Installer\MSI27EA.tmp-\AlphaControlAgentInstallation.dll

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):25600
                                                                                            Entropy (8bit):5.009968638752024
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:akuS4rIWmFo967HkYc/4CmvZqVZa9VSlkfO2IROklJhwaHr1LpvTVi:RuVs3bXCmvZqu3u9OiNL1LpvTs
                                                                                            MD5:AA1B9C5C685173FAD2DABEBEB3171F01
                                                                                            SHA1:ED756B1760E563CE888276FF248C734B7DD851FB
                                                                                            SHA-256:E44A6582CD3F84F4255D3C230E0A2C284E0CFFA0CA5E62E4D749E089555494C7
                                                                                            SHA-512:D3BFB4BD7E7FDB7159FBFC14056067C813CE52CDD91E885BDAAC36820B5385FB70077BF58EC434D31A5A48245EB62B6794794618C73FE7953F79A4FC26592334
                                                                                            Malicious:true
                                                                                            Yara Hits:
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSI27EA.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R..e.........." ..0..Z..........Bx... ........... ....................................`..................................w..O....................................v............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B................$x......H........5...A............................................................(....r...p(.....s....o....,.r;..p(....(.... ....*r...p(.....*..0..M........(....r...p(.....s@...oA...,$(H...-..s'...r...pr;..p.o(.....o....r[..p(.....*....0..N........(....r...p(.....o....r...p..o....,..,..~.....o....,..*.s+...o,...r...p(.....*..(....r...p(.....s>...o?...rE..p(.....*..(....rm..p(.....s'...r...p..o(...r...p(.....*..(....r...p(.....s'...r...p..o(...r;..p(.....*..(....r]..p(.....s'...r...p

                                                                                            C:\Windows\Installer\MSI27EA.tmp-\CustomAction.config

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1538
                                                                                            Entropy (8bit):4.735670966653348
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB+aZtG9jDqRp:c0nd5t7q7WsFD7t3tG96n
                                                                                            MD5:BC17E956CDE8DD5425F2B2A68ED919F8
                                                                                            SHA1:5E3736331E9E2F6BF851E3355F31006CCD8CAA99
                                                                                            SHA-256:E4FF538599C2D8E898D7F90CCF74081192D5AFA8040E6B6C180F3AA0F46AD2C5
                                                                                            SHA-512:02090DAF1D5226B33EDAAE80263431A7A5B35A2ECE97F74F494CC138002211E71498D42C260395ED40AEE8E4A40474B395690B8B24E4AEE19F0231DA7377A940
                                                                                            Malicious:false
                                                                                            Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                            C:\Windows\Installer\MSI27EA.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):184240
                                                                                            Entropy (8bit):5.876033362692288
                                                                                            Encrypted:false
                                                                                            SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                            MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                            SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                            SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                            SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Windows\Installer\MSI27EA.tmp-\Newtonsoft.Json.dll

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):711952
                                                                                            Entropy (8bit):5.96669864901384
                                                                                            Encrypted:false
                                                                                            SSDEEP:12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7
                                                                                            MD5:715A1FBEE4665E99E859EDA667FE8034
                                                                                            SHA1:E13C6E4210043C4976DCDC447EA2B32854F70CC6
                                                                                            SHA-256:C5C83BBC1741BE6FF4C490C0AEE34C162945423EC577C646538B2D21CE13199E
                                                                                            SHA-512:BF9744CCB20F8205B2DE39DBE79D34497B4D5C19B353D0F95E87EA7EF7FA1784AEA87E10EFCEF11E4C90451EAA47A379204EB0533AA3018E378DD3511CE0E8AD
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ............`.....................................O......................../.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                            C:\Windows\Installer\MSI27EA.tmp-\System.Management.dll

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):61448
                                                                                            Entropy (8bit):6.332072334718381
                                                                                            Encrypted:false
                                                                                            SSDEEP:768:xieZDWtg+ESsRTgCayrMkp6SEI9016UJKdi1diF55U/h:xwg+ESsVgCayY/pYgwkd0Eh
                                                                                            MD5:878E361C41C05C0519BFC72C7D6E141C
                                                                                            SHA1:432EF61862D3C7A95AB42DF36A7CAF27D08DC98F
                                                                                            SHA-256:24DE61B5CAB2E3495FE8D817FB6E80094662846F976CF38997987270F8BBAE40
                                                                                            SHA-512:59A7CBB9224EE28A0F3D88E5F0C518B248768FF0013189C954A3012463E5C0BA63A7297497131C9C0306332646AF935DD3A1ACF0D3E4E449351C28EC9F1BE1FA
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bP.........." ..................... .........c. ....................... ......>.....`.....................................O.......\................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...\...........................@..@.reloc..............................@..B........................H........"..`...........D....".......................................................................................0...............0.......................................................................0...............................................................................................................................................0...............0...................................................0...............0..............................................

                                                                                            C:\Windows\Installer\MSID78.tmp

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                            Category:dropped
                                                                                            Size (bytes):521954
                                                                                            Entropy (8bit):7.356225107100806
                                                                                            Encrypted:false
                                                                                            SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                            MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                            SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                            SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                            SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                            C:\Windows\Installer\MSID78.tmp-\AlphaControlAgentInstallation.dll

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):25600
                                                                                            Entropy (8bit):5.009968638752024
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:akuS4rIWmFo967HkYc/4CmvZqVZa9VSlkfO2IROklJhwaHr1LpvTVi:RuVs3bXCmvZqu3u9OiNL1LpvTs
                                                                                            MD5:AA1B9C5C685173FAD2DABEBEB3171F01
                                                                                            SHA1:ED756B1760E563CE888276FF248C734B7DD851FB
                                                                                            SHA-256:E44A6582CD3F84F4255D3C230E0A2C284E0CFFA0CA5E62E4D749E089555494C7
                                                                                            SHA-512:D3BFB4BD7E7FDB7159FBFC14056067C813CE52CDD91E885BDAAC36820B5385FB70077BF58EC434D31A5A48245EB62B6794794618C73FE7953F79A4FC26592334
                                                                                            Malicious:true
                                                                                            Yara Hits:
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSID78.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R..e.........." ..0..Z..........Bx... ........... ....................................`..................................w..O....................................v............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B................$x......H........5...A............................................................(....r...p(.....s....o....,.r;..p(....(.... ....*r...p(.....*..0..M........(....r...p(.....s@...oA...,$(H...-..s'...r...pr;..p.o(.....o....r[..p(.....*....0..N........(....r...p(.....o....r...p..o....,..,..~.....o....,..*.s+...o,...r...p(.....*..(....r...p(.....s>...o?...rE..p(.....*..(....rm..p(.....s'...r...p..o(...r...p(.....*..(....r...p(.....s'...r...p..o(...r;..p(.....*..(....r]..p(.....s'...r...p

                                                                                            C:\Windows\Installer\MSID78.tmp-\CustomAction.config

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1538
                                                                                            Entropy (8bit):4.735670966653348
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB+aZtG9jDqRp:c0nd5t7q7WsFD7t3tG96n
                                                                                            MD5:BC17E956CDE8DD5425F2B2A68ED919F8
                                                                                            SHA1:5E3736331E9E2F6BF851E3355F31006CCD8CAA99
                                                                                            SHA-256:E4FF538599C2D8E898D7F90CCF74081192D5AFA8040E6B6C180F3AA0F46AD2C5
                                                                                            SHA-512:02090DAF1D5226B33EDAAE80263431A7A5B35A2ECE97F74F494CC138002211E71498D42C260395ED40AEE8E4A40474B395690B8B24E4AEE19F0231DA7377A940
                                                                                            Malicious:false
                                                                                            Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                            C:\Windows\Installer\MSID78.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):184240
                                                                                            Entropy (8bit):5.876033362692288
                                                                                            Encrypted:false
                                                                                            SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                            MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                            SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                            SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                            SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Windows\Installer\MSID78.tmp-\Newtonsoft.Json.dll

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):711952
                                                                                            Entropy (8bit):5.96669864901384
                                                                                            Encrypted:false
                                                                                            SSDEEP:12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7
                                                                                            MD5:715A1FBEE4665E99E859EDA667FE8034
                                                                                            SHA1:E13C6E4210043C4976DCDC447EA2B32854F70CC6
                                                                                            SHA-256:C5C83BBC1741BE6FF4C490C0AEE34C162945423EC577C646538B2D21CE13199E
                                                                                            SHA-512:BF9744CCB20F8205B2DE39DBE79D34497B4D5C19B353D0F95E87EA7EF7FA1784AEA87E10EFCEF11E4C90451EAA47A379204EB0533AA3018E378DD3511CE0E8AD
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ............`.....................................O......................../.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                            C:\Windows\Installer\MSID78.tmp-\System.Management.dll

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):61448
                                                                                            Entropy (8bit):6.332072334718381
                                                                                            Encrypted:false
                                                                                            SSDEEP:768:xieZDWtg+ESsRTgCayrMkp6SEI9016UJKdi1diF55U/h:xwg+ESsVgCayY/pYgwkd0Eh
                                                                                            MD5:878E361C41C05C0519BFC72C7D6E141C
                                                                                            SHA1:432EF61862D3C7A95AB42DF36A7CAF27D08DC98F
                                                                                            SHA-256:24DE61B5CAB2E3495FE8D817FB6E80094662846F976CF38997987270F8BBAE40
                                                                                            SHA-512:59A7CBB9224EE28A0F3D88E5F0C518B248768FF0013189C954A3012463E5C0BA63A7297497131C9C0306332646AF935DD3A1ACF0D3E4E449351C28EC9F1BE1FA
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bP.........." ..................... .........c. ....................... ......>.....`.....................................O.......\................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...\...........................@..@.reloc..............................@..B........................H........"..`...........D....".......................................................................................0...............0.......................................................................0...............................................................................................................................................0...............0...................................................0...............0..............................................

                                                                                            C:\Windows\Installer\MSIF644.tmp

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                            Category:dropped
                                                                                            Size (bytes):521954
                                                                                            Entropy (8bit):7.356225107100806
                                                                                            Encrypted:false
                                                                                            SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                            MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                            SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                            SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                            SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                            C:\Windows\Installer\MSIF644.tmp-\AlphaControlAgentInstallation.dll

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):25600
                                                                                            Entropy (8bit):5.009968638752024
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:akuS4rIWmFo967HkYc/4CmvZqVZa9VSlkfO2IROklJhwaHr1LpvTVi:RuVs3bXCmvZqu3u9OiNL1LpvTs
                                                                                            MD5:AA1B9C5C685173FAD2DABEBEB3171F01
                                                                                            SHA1:ED756B1760E563CE888276FF248C734B7DD851FB
                                                                                            SHA-256:E44A6582CD3F84F4255D3C230E0A2C284E0CFFA0CA5E62E4D749E089555494C7
                                                                                            SHA-512:D3BFB4BD7E7FDB7159FBFC14056067C813CE52CDD91E885BDAAC36820B5385FB70077BF58EC434D31A5A48245EB62B6794794618C73FE7953F79A4FC26592334
                                                                                            Malicious:true
                                                                                            Yara Hits:
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSIF644.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R..e.........." ..0..Z..........Bx... ........... ....................................`..................................w..O....................................v............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B................$x......H........5...A............................................................(....r...p(.....s....o....,.r;..p(....(.... ....*r...p(.....*..0..M........(....r...p(.....s@...oA...,$(H...-..s'...r...pr;..p.o(.....o....r[..p(.....*....0..N........(....r...p(.....o....r...p..o....,..,..~.....o....,..*.s+...o,...r...p(.....*..(....r...p(.....s>...o?...rE..p(.....*..(....rm..p(.....s'...r...p..o(...r...p(.....*..(....r...p(.....s'...r...p..o(...r;..p(.....*..(....r]..p(.....s'...r...p

                                                                                            C:\Windows\Installer\MSIF644.tmp-\CustomAction.config

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1538
                                                                                            Entropy (8bit):4.735670966653348
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB+aZtG9jDqRp:c0nd5t7q7WsFD7t3tG96n
                                                                                            MD5:BC17E956CDE8DD5425F2B2A68ED919F8
                                                                                            SHA1:5E3736331E9E2F6BF851E3355F31006CCD8CAA99
                                                                                            SHA-256:E4FF538599C2D8E898D7F90CCF74081192D5AFA8040E6B6C180F3AA0F46AD2C5
                                                                                            SHA-512:02090DAF1D5226B33EDAAE80263431A7A5B35A2ECE97F74F494CC138002211E71498D42C260395ED40AEE8E4A40474B395690B8B24E4AEE19F0231DA7377A940
                                                                                            Malicious:false
                                                                                            Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                            C:\Windows\Installer\MSIF644.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):184240
                                                                                            Entropy (8bit):5.876033362692288
                                                                                            Encrypted:false
                                                                                            SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                            MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                            SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                            SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                            SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Windows\Installer\MSIF644.tmp-\Newtonsoft.Json.dll

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):711952
                                                                                            Entropy (8bit):5.96669864901384
                                                                                            Encrypted:false
                                                                                            SSDEEP:12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7
                                                                                            MD5:715A1FBEE4665E99E859EDA667FE8034
                                                                                            SHA1:E13C6E4210043C4976DCDC447EA2B32854F70CC6
                                                                                            SHA-256:C5C83BBC1741BE6FF4C490C0AEE34C162945423EC577C646538B2D21CE13199E
                                                                                            SHA-512:BF9744CCB20F8205B2DE39DBE79D34497B4D5C19B353D0F95E87EA7EF7FA1784AEA87E10EFCEF11E4C90451EAA47A379204EB0533AA3018E378DD3511CE0E8AD
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ............`.....................................O......................../.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                            C:\Windows\Installer\MSIF644.tmp-\System.Management.dll

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):61448
                                                                                            Entropy (8bit):6.332072334718381
                                                                                            Encrypted:false
                                                                                            SSDEEP:768:xieZDWtg+ESsRTgCayrMkp6SEI9016UJKdi1diF55U/h:xwg+ESsVgCayY/pYgwkd0Eh
                                                                                            MD5:878E361C41C05C0519BFC72C7D6E141C
                                                                                            SHA1:432EF61862D3C7A95AB42DF36A7CAF27D08DC98F
                                                                                            SHA-256:24DE61B5CAB2E3495FE8D817FB6E80094662846F976CF38997987270F8BBAE40
                                                                                            SHA-512:59A7CBB9224EE28A0F3D88E5F0C518B248768FF0013189C954A3012463E5C0BA63A7297497131C9C0306332646AF935DD3A1ACF0D3E4E449351C28EC9F1BE1FA
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bP.........." ..................... .........c. ....................... ......>.....`.....................................O.......\................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...\...........................@..@.reloc..............................@..B........................H........"..`...........D....".......................................................................................0...............0.......................................................................0...............................................................................................................................................0...............0...................................................0...............0..............................................

                                                                                            C:\Windows\Installer\MSIF924.tmp

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                            Category:dropped
                                                                                            Size (bytes):521954
                                                                                            Entropy (8bit):7.356225107100806
                                                                                            Encrypted:false
                                                                                            SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                            MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                            SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                            SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                            SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                            C:\Windows\Installer\MSIF924.tmp-\AlphaControlAgentInstallation.dll

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):25600
                                                                                            Entropy (8bit):5.009968638752024
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:akuS4rIWmFo967HkYc/4CmvZqVZa9VSlkfO2IROklJhwaHr1LpvTVi:RuVs3bXCmvZqu3u9OiNL1LpvTs
                                                                                            MD5:AA1B9C5C685173FAD2DABEBEB3171F01
                                                                                            SHA1:ED756B1760E563CE888276FF248C734B7DD851FB
                                                                                            SHA-256:E44A6582CD3F84F4255D3C230E0A2C284E0CFFA0CA5E62E4D749E089555494C7
                                                                                            SHA-512:D3BFB4BD7E7FDB7159FBFC14056067C813CE52CDD91E885BDAAC36820B5385FB70077BF58EC434D31A5A48245EB62B6794794618C73FE7953F79A4FC26592334
                                                                                            Malicious:true
                                                                                            Yara Hits:
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSIF924.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R..e.........." ..0..Z..........Bx... ........... ....................................`..................................w..O....................................v............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B................$x......H........5...A............................................................(....r...p(.....s....o....,.r;..p(....(.... ....*r...p(.....*..0..M........(....r...p(.....s@...oA...,$(H...-..s'...r...pr;..p.o(.....o....r[..p(.....*....0..N........(....r...p(.....o....r...p..o....,..,..~.....o....,..*.s+...o,...r...p(.....*..(....r...p(.....s>...o?...rE..p(.....*..(....rm..p(.....s'...r...p..o(...r...p(.....*..(....r...p(.....s'...r...p..o(...r;..p(.....*..(....r]..p(.....s'...r...p

                                                                                            C:\Windows\Installer\MSIF924.tmp-\CustomAction.config

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1538
                                                                                            Entropy (8bit):4.735670966653348
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB+aZtG9jDqRp:c0nd5t7q7WsFD7t3tG96n
                                                                                            MD5:BC17E956CDE8DD5425F2B2A68ED919F8
                                                                                            SHA1:5E3736331E9E2F6BF851E3355F31006CCD8CAA99
                                                                                            SHA-256:E4FF538599C2D8E898D7F90CCF74081192D5AFA8040E6B6C180F3AA0F46AD2C5
                                                                                            SHA-512:02090DAF1D5226B33EDAAE80263431A7A5B35A2ECE97F74F494CC138002211E71498D42C260395ED40AEE8E4A40474B395690B8B24E4AEE19F0231DA7377A940
                                                                                            Malicious:false
                                                                                            Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                            C:\Windows\Installer\MSIF924.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):184240
                                                                                            Entropy (8bit):5.876033362692288
                                                                                            Encrypted:false
                                                                                            SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                            MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                            SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                            SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                            SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Windows\Installer\MSIF924.tmp-\Newtonsoft.Json.dll

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):711952
                                                                                            Entropy (8bit):5.96669864901384
                                                                                            Encrypted:false
                                                                                            SSDEEP:12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7
                                                                                            MD5:715A1FBEE4665E99E859EDA667FE8034
                                                                                            SHA1:E13C6E4210043C4976DCDC447EA2B32854F70CC6
                                                                                            SHA-256:C5C83BBC1741BE6FF4C490C0AEE34C162945423EC577C646538B2D21CE13199E
                                                                                            SHA-512:BF9744CCB20F8205B2DE39DBE79D34497B4D5C19B353D0F95E87EA7EF7FA1784AEA87E10EFCEF11E4C90451EAA47A379204EB0533AA3018E378DD3511CE0E8AD
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ............`.....................................O......................../.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                            C:\Windows\Installer\MSIF924.tmp-\System.Management.dll

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):61448
                                                                                            Entropy (8bit):6.332072334718381
                                                                                            Encrypted:false
                                                                                            SSDEEP:768:xieZDWtg+ESsRTgCayrMkp6SEI9016UJKdi1diF55U/h:xwg+ESsVgCayY/pYgwkd0Eh
                                                                                            MD5:878E361C41C05C0519BFC72C7D6E141C
                                                                                            SHA1:432EF61862D3C7A95AB42DF36A7CAF27D08DC98F
                                                                                            SHA-256:24DE61B5CAB2E3495FE8D817FB6E80094662846F976CF38997987270F8BBAE40
                                                                                            SHA-512:59A7CBB9224EE28A0F3D88E5F0C518B248768FF0013189C954A3012463E5C0BA63A7297497131C9C0306332646AF935DD3A1ACF0D3E4E449351C28EC9F1BE1FA
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bP.........." ..................... .........c. ....................... ......>.....`.....................................O.......\................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...\...........................@..@.reloc..............................@..B........................H........"..`...........D....".......................................................................................0...............0.......................................................................0...............................................................................................................................................0...............0...................................................0...............0..............................................

                                                                                            C:\Windows\Installer\MSIF9C.tmp

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):437319
                                                                                            Entropy (8bit):6.648119033576934
                                                                                            Encrypted:false
                                                                                            SSDEEP:12288:Nt3jOZy2KsGU6a4Ksht3jOZy2KsGU6a4KsX:zzOE2Z34KGzOE2Z34Kg
                                                                                            MD5:206779220464ED9E23B35E7CE3A69CA4
                                                                                            SHA1:1FFFA66DB4AD570A1F0E3325B27BEBA6503BF0F6
                                                                                            SHA-256:57CD0A36BD051DD24C119F968EC7FBB369F53647CD3878E9E2E22E5E6BCD7BC1
                                                                                            SHA-512:0120A90550C7E7CBDAC51148649C281E48BEB2B2856A82ECCC2B3914EFEF797C3802F127B52B79F12B820967F4D383265A7A84FB54FE2E1522CB60A71F1CC17F
                                                                                            Malicious:true
                                                                                            Yara Hits:
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSIF9C.tmp, Author: Joe Security
                                                                                            Preview:...@IXOS.@.....@.b.X.@.....@.....@.....@.....@.....@......&.{E732A0D7-A2F2-4657-AC41-B19742648E45}..AteraAgent..2cFFfHDG7D.msi.@.....@.....@.....@........&.{721AD955-79FD-4019-BBF5-9DCC4C1175BB}.....@.....@.....@.....@.......@.....@.....@.......@......AteraAgent......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........StopAteraServiceQuiet....J...StopAteraServiceQuiet.@A......M..MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[...................

                                                                                            C:\Windows\Installer\MSIF9D.tmp

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):216496
                                                                                            Entropy (8bit):6.646208142644182
                                                                                            Encrypted:false
                                                                                            SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                            MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                            SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                            SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                            SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                            C:\Windows\Installer\MSIFFB.tmp

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):216496
                                                                                            Entropy (8bit):6.646208142644182
                                                                                            Encrypted:false
                                                                                            SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                            MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                            SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                            SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                            SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                            C:\Windows\Installer\SourceHash{E732A0D7-A2F2-4657-AC41-B19742648E45}

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                            Category:dropped
                                                                                            Size (bytes):20480
                                                                                            Entropy (8bit):1.1643850790119985
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:JSbX72FjnliAGiLIlHVRpZh/7777777777777777777777777vDHFEn8Shit/l0G:JeQI5tinSiF
                                                                                            MD5:0BC89FDFC73513D75E2AF58AF6958503
                                                                                            SHA1:C55323CE3D5D7D4BD881FBA9B6A0D69B783F17AF
                                                                                            SHA-256:2203ECB8E4CF1C3BAB2E9C359294762D0D07BA985F58DCAB2757FF527475CBF3
                                                                                            SHA-512:927C1207BD7192A55E7180C7107F548765A25F1206B94C7BCC3FC2D0C1A2C4F4A94B9A7AB5E3C074469CDF4AE962753A043AFC89331F290A570CDF643124769F
                                                                                            Malicious:false
                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                            Category:dropped
                                                                                            Size (bytes):20480
                                                                                            Entropy (8bit):1.5613760373599046
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:E8PhluRc06WXJ0FT5eyydUCqISoedGPdGfozrCStedGPdGRub1n:bhl13FTAu3I0ox
                                                                                            MD5:9BB5C44B0AAC561A51ABAFBB635D3EE9
                                                                                            SHA1:AFC0AEC050E887B13874505EA03ABCAB099491F7
                                                                                            SHA-256:D0229AF7BF5912057715224D85896959BDF9C4CF65DA6A522E6E071B9E82EDC8
                                                                                            SHA-512:73A79472A63C52908CC33F21AE145B8BEE55FF4E0DE1F06C1A6315026B9A86B9FF651ADE81F57185CE477229AEFCA903AD64F4195AB69B4E731185C653520703
                                                                                            Malicious:true
                                                                                            Yara Hits:
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\inprogressinstallinfo.ipi, Author: Joe Security
                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):432221
                                                                                            Entropy (8bit):5.375163660293222
                                                                                            Encrypted:false
                                                                                            SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26KgauC:zTtbmkExhMJCIpEr/
                                                                                            MD5:D3EC72A13534DDFC8C01DA68D8E67540
                                                                                            SHA1:605073CFF18F3F8D4FC1FC459807C6D437F81EF6
                                                                                            SHA-256:6AD22E1471F465FAF02A9D1B445E875F88C602E47735FD1F0E360B58E1C6A4CD
                                                                                            SHA-512:B59C4F7050A4F72A378F5171740D936B246FB0473636F2650C9197B922E2FB292373068CC09D4D8C36CAF784C65B99BDD1D9E374A5E2589BC91528CBCBBB68F3
                                                                                            Malicious:false
                                                                                            Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                            C:\Windows\System32\InstallUtil.InstallLog

                                                                                            Download File
                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):704
                                                                                            Entropy (8bit):4.805280550692434
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:tIDRFK4mAX7RBem7hccD+PRem7hUhiiGNGNdg6MhgRBem7hccD+PRem7hUGNGNkm:Us43XVBVhcmMRVhMipNVeBVhcmMRVhro
                                                                                            MD5:EF51E16A5B81AB912F2478FE0A0379D6
                                                                                            SHA1:B0F9E2EE284DD1590EA31B2D3AD736D77B9FC6A7
                                                                                            SHA-256:2C5D5397CEDF66DB724FED7FB4515B026A894F517A0DFBE8AE8ADF52DB61AA22
                                                                                            SHA-512:296A11DB55BFEE7D87897BB63BC9E2C05786D3FD73A894DA5AF76F7A756495C6CCC0959C88844DFB5560DE2374A257201D960E004EC09D8C9DFB50952C5EF2D2
                                                                                            Malicious:true
                                                                                            Yara Hits:
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\System32\InstallUtil.InstallLog, Author: Joe Security
                                                                                            Preview:...Running a transacted installation.....Beginning the Install phase of the installation...See the contents of the log file for the C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe assembly's progress...The file is located at C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog.....The Install phase completed successfully, and the Commit phase is beginning...See the contents of the log file for the C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe assembly's progress...The file is located at C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog.....The Commit phase completed successfully.....The transacted install has completed...

                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1A374813EDB1A6631387E414D3E73232

                                                                                            Download File
                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):94860
                                                                                            Entropy (8bit):6.438301430688042
                                                                                            Encrypted:false
                                                                                            SSDEEP:1536:HbDSCM42Iq/PkFPZ3t0zfIagnbSLDII+D61J:H3S742fXwZ3+gbE8pD61J
                                                                                            MD5:CFEF40CE747B5CA4AF203FE0D89460B1
                                                                                            SHA1:3796130C8DE4300614CECE31E93152E3F56A104B
                                                                                            SHA-256:AB277CB5CFE00CD64480CA4AA6551941E68B74E06B476E29EBE0C6439EFB3831
                                                                                            SHA-512:E1F3E57231AA5E975FE6941277340DFFEA8FE1CF6FBCAC976DC43C6F3D41194F283914F851650E4A15D136A1841191A5DE47285E4DCE5B407FF1ED57AF11BBE0
                                                                                            Malicious:false
                                                                                            Preview:0..r.0..pn...0...*.H........0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1..240703121133Z..240710121133Z0..o.0!.......0.E....[0...210531000001Z0!...7g...(..^`.x.l...210531000001Z0!...\./M.8..>.f.....210531000001Z0!...*B.Sh...f...s.0..210531000001Z0!..../n...h..7....>..210601000001Z0!....0..>5..aN.u{D..210601000001Z0!...-...qpWa.!n.....210601000001Z0!..."f...\..N.....X..210601000001Z0!...{..e..i......=..210602000001Z0!......S....fNj'.wy..210602000001Z0!......C.lm..B.*.....210602000001Z0!...in.H...[u...]....210602000001Z0!......`......._.]...210602000001Z0!... .}...|.,dk...+..210603000001Z0!...U.K....o.".Rj..210603000001Z0!.....A...K.ZpK..'h..210603000001Z0!.....&}{ ......l..210603000001Z0!...:.m...I.p.;..v..210604000001Z0!...1"uw3..Gou.qg.q..210607000001Z0!...1.o}...c/...-R}..210608000001Z0!................210608000001Z0!...[.N.d............210609000001Z0!......x..i........210610000001Z0!...(... (..#.^.f...210

                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\329B6147266C1E26CD774EA22B79EC2E

                                                                                            Download File
                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):94860
                                                                                            Entropy (8bit):6.438301430688042
                                                                                            Encrypted:false
                                                                                            SSDEEP:1536:HbDSCM42Iq/PkFPZ3t0zfIagnbSLDII+D61J:H3S742fXwZ3+gbE8pD61J
                                                                                            MD5:CFEF40CE747B5CA4AF203FE0D89460B1
                                                                                            SHA1:3796130C8DE4300614CECE31E93152E3F56A104B
                                                                                            SHA-256:AB277CB5CFE00CD64480CA4AA6551941E68B74E06B476E29EBE0C6439EFB3831
                                                                                            SHA-512:E1F3E57231AA5E975FE6941277340DFFEA8FE1CF6FBCAC976DC43C6F3D41194F283914F851650E4A15D136A1841191A5DE47285E4DCE5B407FF1ED57AF11BBE0
                                                                                            Malicious:false
                                                                                            Preview:0..r.0..pn...0...*.H........0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1..240703121133Z..240710121133Z0..o.0!.......0.E....[0...210531000001Z0!...7g...(..^`.x.l...210531000001Z0!...\./M.8..>.f.....210531000001Z0!...*B.Sh...f...s.0..210531000001Z0!..../n...h..7....>..210601000001Z0!....0..>5..aN.u{D..210601000001Z0!...-...qpWa.!n.....210601000001Z0!..."f...\..N.....X..210601000001Z0!...{..e..i......=..210602000001Z0!......S....fNj'.wy..210602000001Z0!......C.lm..B.*.....210602000001Z0!...in.H...[u...]....210602000001Z0!......`......._.]...210602000001Z0!... .}...|.,dk...+..210603000001Z0!...U.K....o.".Rj..210603000001Z0!.....A...K.ZpK..'h..210603000001Z0!.....&}{ ......l..210603000001Z0!...:.m...I.p.;..v..210604000001Z0!...1"uw3..Gou.qg.q..210607000001Z0!...1.o}...c/...-R}..210608000001Z0!................210608000001Z0!...[.N.d............210609000001Z0!......x..i........210610000001Z0!...(... (..#.^.f...210

                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

                                                                                            Download File
                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):471
                                                                                            Entropy (8bit):7.212604137336142
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:JyYOTt5GLsH3QT5VFGrJ0d6TLhx099UlJfY:JROTtILsXQTq0sNlJfY
                                                                                            MD5:64E9B719F91EE5EC4C9A4D46DBC301D3
                                                                                            SHA1:4CB977130B456E3B3D640EAAF19FB5846F0BC934
                                                                                            SHA-256:305E299B7514419E3115EE39208D123934FAD018BA7B8AF7D9DBDB23E55F41F1
                                                                                            SHA-512:1990BECC463C81459E0A199F8BE538B2DE511D3595BD3E02FDA17C9E96BAFACE44B2A07486515185C4FFFBC78A99475B9989970D82CC1E6E6059757F7BA9BB0F
                                                                                            Malicious:false
                                                                                            Preview:0..........0.....+.....0......0...0......E....1-Q...!..m....20240702165849Z0s0q0I0...+...........@..D3=?..Mn8...Q..E....1-Q...!..m..........-...P..@.Z....20240702165849Z....20240709165849Z0...*.H.................5.(. ....R...OXF.gx.I..".....:.....7.+VY..Z.a......".vv.C..U....B.C..^..O.......X........QP.jo.Bk......6..I.....7z.....4..~...LC..<..../9......M.C.$.[.B..A;..PH..!.<.c.QC...lu<.)(nN...si.;.xF&l..7.L.....&.!q....T..IM .~i...n.g.B.W..M....E

                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944

                                                                                            Download File
                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):727
                                                                                            Entropy (8bit):7.553437302262235
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:5o6Tq92CfSt5h44TUqoH2ZTh4RiHqueidqPmbsvnDkHTJXwUDW106MudNB0LsS1N:5yStoqLbIW4iD1HTZwIW+6dl0vyq
                                                                                            MD5:872F3A8CE6F9A333F44E8734F61CFA01
                                                                                            SHA1:06B62239017B5E1E2C2C1A527F4DF09EFABCD8DF
                                                                                            SHA-256:8C3909F6745D5BDBD3EC9A7F9BAB5B6F8A998C7EF47D8B96BB7DEDD1DF73CA5F
                                                                                            SHA-512:DDEF283AE78DA2232EF72DFF745E1C23793050654D1A6C0B56CA5A02401EC39A68FED0EC1BB21E41F7A296628313324E948735CD37F0799820C48AFCBC59CC3B
                                                                                            Malicious:false
                                                                                            Preview:0..........0.....+.....0......0...0......h7..;._....a{..e.NB..20240702203646Z0s0q0I0...+.........]....^Idk...NG.X....h7..;._....a{..e.NB...(I.x...#...R....20240702202101Z....20240709192101Z0...*.H.............g........b4.>.\N].&...7.p...........G.>5..D.p...'9.+...%.zCu.TI....WG....[..N.....&.....v...`s..n)P..e.>J0....zI..._e.Kl[..{0.Sf...s....wS..M.]..ZVE..,.x...v.Hy..5......w..c.<..L".....X~P.....!.g..}.e.[.3.a.7y..1)D...I..:u..M.B..'.(.^A.2~a?..{1[d.Oe.9+U...v...?......w....5.....o].v.GA.....7V..5.;./...:..d...J..;...mY...e..i.Y..R...`.q^.M.`..y%...=..GY.5nC.......[............%Zzg`....JB..+...j\.Z/...yo.n.!....HB[.=~p./.:...(.8`$..uo..r.x6...Q....y.....I..vT..d.K...h...+X.Z%?.u.W...#...Z....W..

                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BA74182F76F15A9CF514DEF352303C95

                                                                                            Download File
                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):737
                                                                                            Entropy (8bit):7.570489873749807
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:yeRLaWQMnFQlRDGFfBgj7OInRTM8DXejhU0CNRKK58o1Jflcs:y2GWnSStsRTM8DXSewKd1Jflcs
                                                                                            MD5:94E0CE8BA3CD07E51405B559D4DEAB81
                                                                                            SHA1:E019A56D3AE9DA446402AE1A0BDF8F9B8C1C87DF
                                                                                            SHA-256:A37FE58BE198E2E87B378FE1325FB13944FF9CBE80CFBA92C2CC3F61FECA5F24
                                                                                            SHA-512:47931C96C079221BB85AE3EC29A726C880E393B14E762DF268BB15B4AACEA5C901D1F35672CB1AE974A46636552FFE4AAB88A29E9F2D9EEF2C84026841EB28D8
                                                                                            Malicious:false
                                                                                            Preview:0...0.....0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G4..240702194648Z..240723194648Z.00.0...U.#..0.......q]dL..g?....O0...U........0...*.H............._|....s...U..l.~t..&.m..k*..c..j.(..9.y@....?...4....._.>+.:t.M.."?b.Fu..t0.-h....C...t..frH.W.qj..........N&.q.s~..1SY.X....:.a.Z...-.g..ru.ae}R...B{..x......Q..h.<r.h....~.....R.`.)...B.S...w.0..R.....}QJD..l...Vi.)V....z?>...g....Q.....9nTZ...D.1,.........,.p}..9.-..X.6.E.......E..N..F..yYa...sX(.){.LY...]3..`-4...ll...2......5Vo...+..f)...c...$z9R....}.]..I.T.....*.%.L...d......D.\.........../Y.V.N.....T....aI.i+..[..u....H..y....O 9.Z...0..Ck........hVuGU..u&...../e.5#..F..i4.

                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1

                                                                                            Download File
                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            File Type:Certificate, Version=3
                                                                                            Category:dropped
                                                                                            Size (bytes):1716
                                                                                            Entropy (8bit):7.596259519827648
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:GL3d+gG48zmf8grQcPJ27AcYG7i47V28Tl4JZG0FWk8ZHJ:GTd0PmfrrQG28cYG28CEJ
                                                                                            MD5:D91299E84355CD8D5A86795A0118B6E9
                                                                                            SHA1:7B0F360B775F76C94A12CA48445AA2D2A875701C
                                                                                            SHA-256:46011EDE1C147EB2BC731A539B7C047B7EE93E48B9D3C3BA710CE132BBDFAC6B
                                                                                            SHA-512:6D11D03F2DF2D931FAC9F47CEDA70D81D51A9116C1EF362D67B7874F91BF20915006F7AF8ECEBAEA59D2DC144536B25EA091CC33C04C9A3808EEFDC69C90E816
                                                                                            Malicious:false
                                                                                            Preview:0...0............@.`.L.^.....0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40...210429000000Z..360428235959Z0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA10.."0...*.H.............0........./B.(.x.].9Y...B.3..=..p..&0...h.\..4$..KO.xC........g.RO..W.......>Mp$d....}4}L.W.kC....;....GZ..L.. %............e....I5.=Q..!xE...,.......IpB2......eh..ML..HRh....W]...e...O.,H.V.5........7.....|...2........t..9..`.....1.......#GG...n..m.....jg-.D......;...2Z..j`T.I....\.o.&....8........o.a4\..E(.6*f(_.s.&%....\...L.b.^3........+..6y.....u.e..HP.w....P.F.aX..|..<.(.9....S..G.u0..0.v..[K]taM?..v.X.r.)A...m&vh.A.X..&+..MY.x.J>@G_.Ps..#!Y`.dT..!..8.|f..x8E0.O.cOL....SA|X=G....2...l<.V.........Y0..U0...U.......0.......0...U......h7..;._....a{..e.NB0...U.#..0.......q]dL..g?....O0...U...........0...U.%..0...+.......0w..+........k0i0$..+.....0...http:/

                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

                                                                                            Download File
                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):727
                                                                                            Entropy (8bit):7.627671835133159
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:5onfZfc5RlRtBfQdb5/sH5ftEuMip9MxO3ngKhQoBLbxy2q9r3Rtmsgkx3:5ipcdZWb5/wtEudrXGwy5F3Rssgkx3
                                                                                            MD5:9093557AF82822C4D8BE88D36ADE0CCD
                                                                                            SHA1:1C744E36086EEDC8A44C6D8935E05AF08B5A9072
                                                                                            SHA-256:854BECA7C05496F3289740D8F02F4E399FCD3217026098EF888BEE4F9C5CDB38
                                                                                            SHA-512:4F943E5E5B8FF9DFA398838D2E1BD5070A47B4D1E49043139CB4CE20A7BCE2BAB131419712EECF00BA5ECB82318116EA62031FF947086B6756B48BBDB894DAE8
                                                                                            Malicious:false
                                                                                            Preview:0..........0.....+.....0......0...0..........q]dL..g?....O..20240701184215Z0s0q0I0...+........."..;F..=\@ua..........q]dL..g?....O....@.`.L.^........20240701184215Z....20240708184215Z0...*.H.............".z..b.{....`v.......I..!...n|LTf.>.,.-.5a../....eUz.Z..N...K.....j..:.......5..kk-....yv?....Z..8....1s.....D.*...}.G1.(...._bP.q.....O&..?G.3.......]......$|.J.p..hr...H...p....,...&E.o..y..V.e...Y...S~.Bk#p..:......+Bp.....z{O.._)....;..%n=.u./.IM....<.AFyC..Nk.J.....E*W}X...qk.:..f.w.........J)g.]<e$..G...5._.y....4R.....r.T.:.).......i...s8..h.%Zc...Q.@.BvU.....W)....qZ.Xj.%U...NdF.&e=.......Q...gEd4.......xY-.......:T.Yg-.AP.f..gy.l.2j..0......w..C..Y.[....Y..x....8...c.i..a.=.X..)\

                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4

                                                                                            Download File
                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            File Type:Certificate, Version=3
                                                                                            Category:dropped
                                                                                            Size (bytes):1428
                                                                                            Entropy (8bit):7.688784034406474
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:nIGWnSIGWnSGc9VIyy0KuiUQ+7n0TCDZJCCAyuIqwmCFUZnPQ1LSdT:nIL7LJSRQ+QgAyuxwfynPQmR
                                                                                            MD5:78F2FCAA601F2FB4EBC937BA532E7549
                                                                                            SHA1:DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
                                                                                            SHA-256:552F7BDCF1A7AF9E6CE672017F4F12ABF77240C78E761AC203D1D9D20AC89988
                                                                                            SHA-512:BCAD73A7A5AFB7120549DD54BA1F15C551AE24C7181F008392065D1ED006E6FA4FA5A60538D52461B15A12F5292049E929CFFDE15CC400DEC9CDFCA0B36A68DD
                                                                                            Malicious:false
                                                                                            Preview:0...0..x..........W..!2.9...wu\0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40...130801120000Z..380115120000Z0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40.."0...*.H.............0..........sh..]J<0"0i3..%..!=..Y..).=X.v..{....0....8..V.m...y....._..<R.R....~...W.YUr.h.p..u.js2...D.......t;mq.-... .. .c)-..^N..!a.4...^.[......4@_.zf.w.H.fWW.TX..+.O.0.V..{]..O^.5.1..^......@.y.x...j.8.....7...}...>..p.U.A2...s*n..|!L....u]xf.:1D.3@...ZI...g.'..O9..X..$\F.d..i.v.v=Y]Bv...izH....f.t..K...c....:.=...E%...D.+~....am.3...K...}....!........p,A`..c.D..vb~.....d.3....C....w.....!..T)%.l..RQGt.&..Au.z._.?..A..[..P.1..r."..|Lu?c.!_. Qko....O..E_. ........~.&...i/..-............B0@0...U.......0....0...U...........0...U..........q]dL..g?....O0...*.H..............a.}.l.........dh.V.w.p...J...x\.._...)V.6I]Dc...f.#.=y.mk.T..<.C@..P.R..;...ik.

                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1A374813EDB1A6631387E414D3E73232

                                                                                            Download File
                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):306
                                                                                            Entropy (8bit):3.238870903157391
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:kkFkl+SbkVXfllXlE/QsNiM5/lClNLD8WXdA31y+NW0y1YboOai2WelVJUTMVDXL:kK7Sk2MlFAUSW0P3PeXJUwh8lmi3Crp/
                                                                                            MD5:37428AE12E65379C9B46DCCF028AAE95
                                                                                            SHA1:A56FFEF825760407FBB9C1EACE790449C6F94094
                                                                                            SHA-256:5363D43CDBE8E163DE625A59F1E90E4B70973394B19B589F16CA3C394B33A8D8
                                                                                            SHA-512:1BB021BC50EE068A90CAAEA656DBCC5AC65AEE8DD0687C48AC202B34438BEEC44C33EF45F3373B1BA6A11FFE343FF456196491587D0DCCB1966EE6E975B4AD47
                                                                                            Malicious:false
                                                                                            Preview:p...... ........:...+%..(....................................................... ...........B... ..."............r..h.t.t.p.:././.c.r.l.3...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.G.4.C.o.d.e.S.i.g.n.i.n.g.R.S.A.4.0.9.6.S.H.A.3.8.4.2.0.2.1.C.A.1...c.r.l...".6.6.8.5.4.0.d.2.-.1.7.2.8.c."...

                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\329B6147266C1E26CD774EA22B79EC2E

                                                                                            Download File
                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):306
                                                                                            Entropy (8bit):3.2283503771806794
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:kKRA/uMlNOAUSW0P3PeXJUwh8lmi3Crp/:yXlAxSW0P3PeXJUZWx
                                                                                            MD5:8A4B6DBA825A2557EB8DB5B13BF7DC49
                                                                                            SHA1:388CC0F0598EE368832786EB5FE173A3C8308129
                                                                                            SHA-256:6D384DCEC9776DED9E6F263BCA25AFD375270E9DC8994DB577B727B56A77C000
                                                                                            SHA-512:85E5B2E7D5DC05495DF200B0CF3B534836B3312330F20EF0C02B17BCF62BA07D371F5368E4AF82EDAB4AEC6C0695FEEE9879821743B5BFEE986E96E667FB4BD4
                                                                                            Malicious:false
                                                                                            Preview:p...... ..........L..2..(....................................................... ...........B... ..."............r..h.t.t.p.:././.c.r.l.4...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.G.4.C.o.d.e.S.i.g.n.i.n.g.R.S.A.4.0.9.6.S.H.A.3.8.4.2.0.2.1.C.A.1...c.r.l...".6.6.8.5.4.0.d.2.-.1.7.2.8.c."...

                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                                                                                            Download File
                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):338
                                                                                            Entropy (8bit):3.4620383296566426
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:kK0K8AN/EJFN+SkQlPlEGYRMY9z+s3Ql2DUevat:MKtXkPlE99SCQl2DUevat
                                                                                            MD5:38FCEE56753985E79EC479FE70A0687F
                                                                                            SHA1:06669BF973F8CAD356DAE9B7569A33C27A6C58A4
                                                                                            SHA-256:F5FB2AA6CB301309C6F16F3A81942020FF18386C81BBBF8460EE01C8EB3645FF
                                                                                            SHA-512:B2B0E4E7087C882624B6099A6E4EEF22F5688D5D97710ECF927030381AFA5C0B1BB33F32AF484A8C4626E4E87851E81326ADE11059511BE4749512EABCDD017A
                                                                                            Malicious:false
                                                                                            Preview:p...... ........._.6.5..(...................................................... .........p.........$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.d.i.s.a.l.l.o.w.e.d.c.e.r.t.s.t.l...c.a.b...".7.4.6.7.8.7.a.3.f.0.d.9.1.:.0."...

                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

                                                                                            Download File
                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):400
                                                                                            Entropy (8bit):3.9917352505941777
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:kKPEEl5uU1ij8ipXlRNfOAUMivhClroFzCJCgO3lwuqDnlyQ4hY5isIlQhZgJn:W86vmxMiv8sFzD3quqDkPh8Y2ZM
                                                                                            MD5:7DF907A66319163BF21ED68D9EF6BE07
                                                                                            SHA1:0A0BE082E601DBB30E1D943F8738DD065EC8C191
                                                                                            SHA-256:2C617E0B1669EC9CA592694921BDD9DA765D8A70E100EDF1364066BC789375E8
                                                                                            SHA-512:DAA708C2E0729E73A257945CE796A22DCD2F53B85784EBDC205F8E2838F8BEA3044AACCFAD5B3F104F0D25D56474B03C0D3159DA6E053F086CFE4FCF54D84868
                                                                                            Malicious:false
                                                                                            Preview:p...... ........8..e...(................*.......j.D!....................j.D!... .........<.c... ...................h.t.t.p.:././.o.c.s.p...d.i.g.i.c.e.r.t...c.o.m./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.T.3.x.L.4.L.Q.L.X.D.R.D.M.9.P.6.6.5.T.W.4.4.2.v.r.s.U.Q.Q.U.R.e.u.i.r.%.2.F.S.S.y.4.I.x.L.V.G.L.p.6.c.h.n.f.N.t.y.A.8.C.E.A.6.b.G.I.7.5.0.C.3.n.7.9.t.Q.4.g.h.A.G.F.o.%.3.D...

                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944

                                                                                            Download File
                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            File Type:data
                                                                                            Category:modified
                                                                                            Size (bytes):404
                                                                                            Entropy (8bit):3.54773408092316
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:kK3Pvp/lTbfOAUMivhClroFHXHDZA6liyZlSlMul0bg3PWovy28lhl+KscSikKY3:B/dmxMiv8sF3HtllJZIvOP205scn8
                                                                                            MD5:77B5A07112BC4B3F5C4186AC3492DC8B
                                                                                            SHA1:369C512BDEF91D83D381DF8F11CFBBF6B56BC59B
                                                                                            SHA-256:70E4D330591D2AA2899136F17D8CF8C9CEAB3CC5B521B3201025F8B6B8A4008A
                                                                                            SHA-512:3774B62961FC441BA01A43436C4A514953BE080C3B49A778ED917FB69AE3E478BCA0CBEC90AD9B088818FEFA7C7DEC784CC9B814F3853DFB7D1869430C5B39D8
                                                                                            Malicious:false
                                                                                            Preview:p...... .... ...Y..<nJ..(....................................................... .........P.V... ...................h.t.t.p.:././.o.c.s.p...d.i.g.i.c.e.r.t...c.o.m./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.S.R.X.e.r.F.0.e.F.e.S.W.R.r.i.p.T.g.T.k.c.J.W.M.m.7.i.Q.Q.U.a.D.f.g.6.7.Y.7.%.2.B.F.8.R.h.v.v.%.2.B.Y.X.s.I.i.G.X.0.T.k.I.C.E.A.o.o.S.Z.l.4.5.Y.m.N.9.A.o.j.j.r.i.l.U.u.g.%.3.D...

                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BA74182F76F15A9CF514DEF352303C95

                                                                                            Download File
                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):248
                                                                                            Entropy (8bit):3.221977312337751
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:kkFklWmkfll0cykUll/+CtINRR8WXdA31y+NW0y1YbXKw+l1M7HlDpTMvWlll:kKQcyk8AFAUSW0PTKDXM0a
                                                                                            MD5:8BD32A5159D4E2466F8B5A6D012E9CAD
                                                                                            SHA1:F71399080194447B2EDFABD63632682DA45375A7
                                                                                            SHA-256:1E5DAB90E52536DE7AA25E7798554BB90DFBFDC85C497604ADAE748901DE8456
                                                                                            SHA-512:00E9BA20FE78AD2FCC1DAE93721FCDEFB48D91F0672737156E9245B21AC72071097C3E33122C46E561B3F4FD3B7392CD8FE7ED8C41D4F78FBF0D44781374ECF9
                                                                                            Malicious:false
                                                                                            Preview:p...... ....f.....T..C..(................................................D..9... ............... ...................h.t.t.p.:././.c.r.l.3...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.R.o.o.t.G.4...c.r.l...".6.6.8.4.6.d.d.e.-.2.e.1."...

                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1

                                                                                            Download File
                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):308
                                                                                            Entropy (8bit):3.2103692687586523
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:kKuMnzNcalgRAOAUSW0P3PeXJUwh8lmi3Y:GtWOxSW0P3PeXJUZY
                                                                                            MD5:8A118AE38D9D7D64C4E26B32B934EADC
                                                                                            SHA1:29E73CF65CF0EAE654BDF2231BC9910F331FC3F3
                                                                                            SHA-256:4E154781752BCAAE0631B830105A728776C07BD91CAF18510E99C983E0410E95
                                                                                            SHA-512:189C10AE191063DC8F7DFA597327FC3D7FE9B2607629F024DD9B3E51ECD8C1E09C5D281BC9C4EF11099FC642C23A19F221908286141393FC8EAFF0E38D629EEA
                                                                                            Malicious:false
                                                                                            Preview:p...... ...........zg...(....................................................... ........}.-@@......................h.t.t.p.:././.c.a.c.e.r.t.s...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.G.4.C.o.d.e.S.i.g.n.i.n.g.R.S.A.4.0.9.6.S.H.A.3.8.4.2.0.2.1.C.A.1...c.r.t...".6.0.9.0.3.0.2.2.-.6.b.4."...

                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

                                                                                            Download File
                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):412
                                                                                            Entropy (8bit):3.53702251579051
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:kKCl/dyfOAUMivhClroFfJSUm2SQwItJqB3UgPSgakZdPolRMnOlAkrn:eymxMiv8sFBSfamB3rbFURMOlAkr
                                                                                            MD5:3ABA3CC1154DD413A81537F70A399963
                                                                                            SHA1:D9806BC9A7919D31BBFF729203BBA490CA20D22A
                                                                                            SHA-256:55DCCE21ADF30E0BE79C9EE636B6C466D5F045DE81100E40B223F1B6E38A36A7
                                                                                            SHA-512:00A9D0FC5EB84D42E9AD77143C07999667FF4AD26D31A166A3BCB89D78969ECF1143316027183D051D7B7FD477BAC08877399FBF8FBC255E5A18CF050959B441
                                                                                            Malicious:false
                                                                                            Preview:p...... ....(....l.Rh@..(....................................................... ...........^... ...................h.t.t.p.:././.o.c.s.p...d.i.g.i.c.e.r.t...c.o.m./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.T.f.I.s.%.2.B.L.j.D.t.G.w.Q.0.9.X.E.B.1.Y.e.q.%.2.B.t.X.%.2.B.B.g.Q.Q.U.7.N.f.j.g.t.J.x.X.W.R.M.3.y.5.n.P.%.2.B.e.6.m.K.4.c.D.0.8.C.E.A.i.t.Q.L.J.g.0.p.x.M.n.1.7.N.q.b.2.T.r.t.k.%.3.D...

                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4

                                                                                            Download File
                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):254
                                                                                            Entropy (8bit):3.0499268689312147
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:kKf/4LDcJgjcalgRAOAUSW0PTKDXMOXISKlUp:P4LYS4tWOxSW0PAMsZp
                                                                                            MD5:70664A068ACB0AB2D48702F5E13B7339
                                                                                            SHA1:2B3ABE6CCD6F379151AA7D0C361BE8E5A3230592
                                                                                            SHA-256:4DFADAA683C1073F1BD9A5CDBE7DF7CA45F84463128F172ADEC887C12CA6FDDA
                                                                                            SHA-512:360AFA596B64B9E5D58A700B5985AB25E5F5964FE8B09BAED6747E1BED384D6AA31DFEFFCC2A4868FD174EAFB76ABB68B486ABC0FC345CAADEE2CF5CD77338D4
                                                                                            Malicious:false
                                                                                            Preview:p...... ....l...T}.g...(....................................................... ............n......................h.t.t.p.:././.c.a.c.e.r.t.s...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.R.o.o.t.G.4...c.r.t...".5.a.2.8.6.4.1.7.-.5.9.4."...

                                                                                            C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log

                                                                                            Download File
                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                            File Type:CSV text
                                                                                            Category:dropped
                                                                                            Size (bytes):1944
                                                                                            Entropy (8bit):5.343420056309075
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:MxHKQg8mHDp684YHKGSI6oPtHTHhAHKKkhHNpaHKlT44HKmHKe60:iqzCYqGSI6oPtzHeqKkhtpaqZ44qmq10
                                                                                            MD5:437E4DCFC04CB727093C5232EA15F856
                                                                                            SHA1:81B949390201F3B70AE2375518A0FFD329310837
                                                                                            SHA-256:5EADB9774A50B6AD20D588FDA58F5A42B2E257A0AA26832B41F8EA008C1EB96B
                                                                                            SHA-512:0332C7E5205CF9221172473A841284487ACC111780A58557231FCDE72A5EDB7E7E3EF6C87AB9682A688BC24992A74027F930267B541039BD8757EEF4E2F51A0E
                                                                                            Malicious:false
                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.ServiceProcess, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Serv759bfb78#\e2ca4e2ddffdc0d0bda3f2ca65249790\System.ServiceProcess.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.

                                                                                            C:\Windows\Temp\~DF14163CA0B260B1E9.TMP

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):32768
                                                                                            Entropy (8bit):0.0716168336156784
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOoQ8yO8IDTMtgVky6lit/:2F0i8n0itFzDHFEn8SMZit/
                                                                                            MD5:12E7C047F40483AC2669050AEFC09C37
                                                                                            SHA1:005DCAE4C4044DD55B79E1BE89FD796CA6B1F97D
                                                                                            SHA-256:91E9AAF2A72C036EC91AC8C067C0B90A747A5137B64BC49FA8E10AE6C124A15B
                                                                                            SHA-512:7ADE8D6DA6B5CD9F345CAFB2297ECFD1C96E5418369C9BC14AE47270C484828FE530EA95A59D9188AABDECDFED7CDB8D64E61EBE23FAB3EE847E0CCC8191626F
                                                                                            Malicious:false
                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Windows\Temp\~DF1D087F7A3E9CA16A.TMP

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                            Category:dropped
                                                                                            Size (bytes):32768
                                                                                            Entropy (8bit):1.2507852009408302
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:ZHJgduksPveFXJpT5eyydUCqISoedGPdGfozrCStedGPdGRub1n:8drRTAu3I0ox
                                                                                            MD5:4F669DD97E788549977EA37FBA0775E9
                                                                                            SHA1:199DAA28CCD4A81021963A3E2F783BA1C14DD79B
                                                                                            SHA-256:1C4CA091685C51B8A032FA015967C548059E6B512D95B8E5730127C6689F424C
                                                                                            SHA-512:AD87330983BDEB549B42EFE9404608E1809135F5E84C225AAF344B14F7731996A49A28AD1169CD5AAEA34A37213B918C9A6F2A52AB364F09357E71BF18F2321C
                                                                                            Malicious:true
                                                                                            Yara Hits:
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF1D087F7A3E9CA16A.TMP, Author: Joe Security
                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Windows\Temp\~DF24E6A300EFCABCAA.TMP

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):512
                                                                                            Entropy (8bit):0.0
                                                                                            Encrypted:false
                                                                                            SSDEEP:3::
                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                            Malicious:false
                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Windows\Temp\~DF6A8465F9B84E5905.TMP

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                            Category:dropped
                                                                                            Size (bytes):32768
                                                                                            Entropy (8bit):1.2507852009408302
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:ZHJgduksPveFXJpT5eyydUCqISoedGPdGfozrCStedGPdGRub1n:8drRTAu3I0ox
                                                                                            MD5:4F669DD97E788549977EA37FBA0775E9
                                                                                            SHA1:199DAA28CCD4A81021963A3E2F783BA1C14DD79B
                                                                                            SHA-256:1C4CA091685C51B8A032FA015967C548059E6B512D95B8E5730127C6689F424C
                                                                                            SHA-512:AD87330983BDEB549B42EFE9404608E1809135F5E84C225AAF344B14F7731996A49A28AD1169CD5AAEA34A37213B918C9A6F2A52AB364F09357E71BF18F2321C
                                                                                            Malicious:true
                                                                                            Yara Hits:
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF6A8465F9B84E5905.TMP, Author: Joe Security
                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Windows\Temp\~DF6E3B0B399A62DDDC.TMP

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                            Category:dropped
                                                                                            Size (bytes):20480
                                                                                            Entropy (8bit):1.5613760373599046
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:E8PhluRc06WXJ0FT5eyydUCqISoedGPdGfozrCStedGPdGRub1n:bhl13FTAu3I0ox
                                                                                            MD5:9BB5C44B0AAC561A51ABAFBB635D3EE9
                                                                                            SHA1:AFC0AEC050E887B13874505EA03ABCAB099491F7
                                                                                            SHA-256:D0229AF7BF5912057715224D85896959BDF9C4CF65DA6A522E6E071B9E82EDC8
                                                                                            SHA-512:73A79472A63C52908CC33F21AE145B8BEE55FF4E0DE1F06C1A6315026B9A86B9FF651ADE81F57185CE477229AEFCA903AD64F4195AB69B4E731185C653520703
                                                                                            Malicious:true
                                                                                            Yara Hits:
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF6E3B0B399A62DDDC.TMP, Author: Joe Security
                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Windows\Temp\~DF976A0F2522BB20B3.TMP

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                            Category:dropped
                                                                                            Size (bytes):20480
                                                                                            Entropy (8bit):1.5613760373599046
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:E8PhluRc06WXJ0FT5eyydUCqISoedGPdGfozrCStedGPdGRub1n:bhl13FTAu3I0ox
                                                                                            MD5:9BB5C44B0AAC561A51ABAFBB635D3EE9
                                                                                            SHA1:AFC0AEC050E887B13874505EA03ABCAB099491F7
                                                                                            SHA-256:D0229AF7BF5912057715224D85896959BDF9C4CF65DA6A522E6E071B9E82EDC8
                                                                                            SHA-512:73A79472A63C52908CC33F21AE145B8BEE55FF4E0DE1F06C1A6315026B9A86B9FF651ADE81F57185CE477229AEFCA903AD64F4195AB69B4E731185C653520703
                                                                                            Malicious:true
                                                                                            Yara Hits:
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF976A0F2522BB20B3.TMP, Author: Joe Security
                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Windows\Temp\~DFA1DF50E87199E3FA.TMP

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):512
                                                                                            Entropy (8bit):0.0
                                                                                            Encrypted:false
                                                                                            SSDEEP:3::
                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                            Malicious:false
                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Windows\Temp\~DFA7DEFBF093EFC4B6.TMP

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):512
                                                                                            Entropy (8bit):0.0
                                                                                            Encrypted:false
                                                                                            SSDEEP:3::
                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                            Malicious:false
                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Windows\Temp\~DFB4214A4473B515E6.TMP

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                            Category:dropped
                                                                                            Size (bytes):32768
                                                                                            Entropy (8bit):1.2507852009408302
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:ZHJgduksPveFXJpT5eyydUCqISoedGPdGfozrCStedGPdGRub1n:8drRTAu3I0ox
                                                                                            MD5:4F669DD97E788549977EA37FBA0775E9
                                                                                            SHA1:199DAA28CCD4A81021963A3E2F783BA1C14DD79B
                                                                                            SHA-256:1C4CA091685C51B8A032FA015967C548059E6B512D95B8E5730127C6689F424C
                                                                                            SHA-512:AD87330983BDEB549B42EFE9404608E1809135F5E84C225AAF344B14F7731996A49A28AD1169CD5AAEA34A37213B918C9A6F2A52AB364F09357E71BF18F2321C
                                                                                            Malicious:true
                                                                                            Yara Hits:
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFB4214A4473B515E6.TMP, Author: Joe Security
                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Windows\Temp\~DFC1A00F68BCA0E010.TMP

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):512
                                                                                            Entropy (8bit):0.0
                                                                                            Encrypted:false
                                                                                            SSDEEP:3::
                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                            Malicious:false
                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Windows\Temp\~DFEB3FF44FCF811A1A.TMP

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):69632
                                                                                            Entropy (8bit):0.14147213603090517
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:CnVubmStedGPdGeqISoedGPdGfozradUJz:icyLIgu
                                                                                            MD5:0E4E37D6F0B1861BF7823B21851B05C4
                                                                                            SHA1:3DA4AA1F90608BAD68E67DD116AD866CDC1439DF
                                                                                            SHA-256:65CEE01EDAF9871614386E9CBA12E289469378BB33B0BF71B68DD796CA5CB65B
                                                                                            SHA-512:207CCE81660BD433ADC40B7E2CF458BBA02770F662511EC560F0EA31E026DBFD0794234870B6D9D892F56977A1B03EDA30B7F9D517EC34A2023B7E73265868F9
                                                                                            Malicious:true
                                                                                            Yara Hits:
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFEB3FF44FCF811A1A.TMP, Author: Joe Security
                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Windows\Temp\~DFF5DEE46F6D57FE24.TMP

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):512
                                                                                            Entropy (8bit):0.0
                                                                                            Encrypted:false
                                                                                            SSDEEP:3::
                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                            Malicious:false
                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            \Device\ConDrv

                                                                                            Download File
                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                            File Type:JSON data
                                                                                            Category:dropped
                                                                                            Size (bytes):459
                                                                                            Entropy (8bit):5.409975598638343
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:Y0rsShlOS0+3dYMV2xOipbpMdfh3rTPT4GcH:Y0rBBt1KpNMNhXPcGcH
                                                                                            MD5:9F20C43C3B40BA495FD64963B5F1B1E3
                                                                                            SHA1:7F285C8E6BF5BB142B0AF6E8B81CC855CED645AA
                                                                                            SHA-256:2AF85BE66F16F022527453F94770A0D86FD839AB5AC86D2B02845D14DC800960
                                                                                            SHA-512:0169DE342374A706CE8E872FFC83106FC31D3FF95263EF8567C873305EB73B6B6B1F42A8820F88CD9EBADC9E38D3DD8AB52EC7C8C33A7B777A70A6534221E6A4
                                                                                            Malicious:false
                                                                                            Preview:{"PackageName":"AgentPackageAgentInformation","ExecutableCommandArgs":["minimalIdentification"],"Data":{"AccountId":"001Q300000HarDhIAJ","UserLogin":"omar.zetawi@polaris-tek.com","MachineName":"035347","CustomerId":"1","FolderId":"","IsMinimalIdentification":true,"UniqueMachineIdentifier":"HZdg+vX9f0eg4XLaV7l/zIv75ScsIpQR1qHCXpg/bP8=","OsType":"Windows"},"CommandId":"16f383b9-4be1-4380-b33c-f4b37a96755f","AgentId":"7d7ca517-f825-4372-8327-c232f61880c4"}..

                                                                                            Static File Info

                                                                                            General

                                                                                            File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AteraAgent, Author: Atera networks, Keywords: Installer, Comments: This installer database contains the logic and data required to install AteraAgent., Template: Intel;1033, Revision Number: {721AD955-79FD-4019-BBF5-9DCC4C1175BB}, Create Time/Date: Wed Feb 28 10:52:02 2024, Last Saved Time/Date: Wed Feb 28 10:52:02 2024, Number of Pages: 200, Number of Words: 6, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                                                            Entropy (8bit):7.878670109152467
                                                                                            TrID:
                                                                                            • Microsoft Windows Installer (60509/1) 57.88%
                                                                                            • ClickyMouse macro set (36024/1) 34.46%
                                                                                            • Generic OLE2 / Multistream Compound File (8008/1) 7.66%
                                                                                            File name:2cFFfHDG7D.msi
                                                                                            File size:2'994'176 bytes
                                                                                            MD5:af6d4ffcaf5d3dab814d16429cb76754
                                                                                            SHA1:04224ab9da82d078d5b9e48589c56e9bde707fcf
                                                                                            SHA256:55af6a90ac8863f27b3fcaa416a0f1e4ff02fb42aa46a7274c6b76aa000aacc2
                                                                                            SHA512:2d5ccdc482852a48597ab3c4fdf150cf4552c3bfaf0b3ec8779745e7c5ef7496bd9a8cc87e9df8af89762dfc4586be6797211983fb2b08e16b5c403c7600a171
                                                                                            SSDEEP:49152:Y+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:Y+lUlz9FKbsodq0YaH7ZPxMb8tT
                                                                                            TLSH:EDD523117584483AE3BB0A358D7AD6A05E7DFE605B70CA8E9308741E2E705C1AB76F73
                                                                                            File Content Preview:........................>......................................................................................................................................................................................................................................

                                                                                            File Icon

                                                                                            Icon Hash:2d2e3797b32b2b99

                                                                                            Network Behavior

                                                                                            Network Port Distribution

                                                                                            TCP Packets

                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                            Jul 3, 2024 18:21:01.140490055 CEST49743443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:01.140525103 CEST4434974335.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:01.140588045 CEST49743443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:01.158632994 CEST49743443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:01.158653975 CEST4434974335.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:01.212204933 CEST49746443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:01.212240934 CEST4434974635.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:01.212296963 CEST49746443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:01.213679075 CEST49746443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:01.213691950 CEST4434974635.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:02.125154972 CEST4434974335.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:02.125217915 CEST49743443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:02.137161970 CEST49743443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:02.137202978 CEST4434974335.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:02.137543917 CEST4434974335.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:02.143810987 CEST49743443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:02.188503027 CEST4434974335.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:02.189449072 CEST4434974635.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:02.189580917 CEST49746443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:02.191631079 CEST49746443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:02.191637993 CEST4434974635.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:02.192461014 CEST4434974635.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:02.193501949 CEST49746443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:02.240503073 CEST4434974635.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:02.330013037 CEST4434974335.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:02.330080032 CEST4434974335.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:02.330219030 CEST49743443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:02.335889101 CEST49743443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:02.385250092 CEST4434974635.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:02.511302948 CEST49746443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:02.511322021 CEST4434974635.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:02.512068987 CEST49746443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:02.512264967 CEST4434974635.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:02.512351990 CEST49746443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:02.642450094 CEST49750443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:02.642481089 CEST4434975035.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:02.642544985 CEST49750443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:02.643084049 CEST49750443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:02.643095970 CEST4434975035.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:02.645221949 CEST49751443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:02.645256996 CEST4434975135.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:02.645555973 CEST49751443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:02.645931959 CEST49751443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:02.645941973 CEST4434975135.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:03.623157978 CEST4434975135.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:03.623245001 CEST49751443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:03.627243996 CEST4434975035.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:03.627353907 CEST49750443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:03.709382057 CEST49750443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:03.709391117 CEST4434975035.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:03.709800005 CEST4434975035.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:03.727061987 CEST49750443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:03.768500090 CEST4434975035.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:03.812012911 CEST49751443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:03.812026024 CEST4434975135.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:03.812418938 CEST4434975135.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:03.813617945 CEST49751443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:03.860491991 CEST4434975135.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:03.916341066 CEST4434975035.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:03.916424990 CEST4434975035.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:03.916491985 CEST49750443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:03.917110920 CEST49750443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:04.327595949 CEST4434975135.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:04.327625036 CEST4434975135.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:04.327716112 CEST49751443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:04.327739954 CEST4434975135.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:04.330404043 CEST49751443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:04.330493927 CEST4434975135.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:04.330569029 CEST49751443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:04.499402046 CEST49754443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:04.499424934 CEST4434975435.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:04.499480009 CEST49754443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:04.500802994 CEST49755443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:04.500832081 CEST4434975535.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:04.500914097 CEST49755443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:04.501257896 CEST49755443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:04.501270056 CEST4434975535.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:04.501912117 CEST49754443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:04.501941919 CEST4434975435.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:04.517791033 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:04.517829895 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:04.517889977 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:04.518246889 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:04.518263102 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.351799011 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.351955891 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:05.353866100 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:05.353880882 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.354163885 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.355381966 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:05.396503925 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.633228064 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.633279085 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.633292913 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.633460999 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:05.633493900 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.633567095 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:05.665577888 CEST4434975535.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.665800095 CEST49755443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:05.670663118 CEST49755443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:05.670676947 CEST4434975535.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.670916080 CEST4434975535.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.672085047 CEST49755443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:05.688637018 CEST4434975435.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.688924074 CEST49754443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:05.690910101 CEST49754443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:05.690922022 CEST4434975435.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.691229105 CEST4434975435.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.695549965 CEST49754443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:05.713001966 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.713021040 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.713423967 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:05.713455915 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.713609934 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:05.716502905 CEST4434975535.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.723856926 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.723872900 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.723970890 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:05.723970890 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:05.723980904 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.726967096 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:05.736496925 CEST4434975435.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.803540945 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.803560019 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.803664923 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:05.803664923 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:05.803683043 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.803946972 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:05.804395914 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.804410934 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.804519892 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:05.804527998 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.806010008 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.806029081 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.806118011 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:05.806127071 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.806811094 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:05.817781925 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.817795992 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.817884922 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:05.817884922 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:05.817895889 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.817995071 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:05.895283937 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.895308971 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.895395041 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:05.895395041 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:05.895406961 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.896025896 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.896044970 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.896116972 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:05.896116972 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:05.896126986 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.896533012 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:05.897279024 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.897291899 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.897759914 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:05.897768021 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.897908926 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:05.898365021 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.898380995 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.898458004 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:05.898458004 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:05.898467064 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.898524046 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:05.902693987 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.902712107 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.902755976 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:05.902764082 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.902787924 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:05.902817965 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:05.909429073 CEST4434975435.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.909492016 CEST4434975435.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.910765886 CEST49754443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:05.911479950 CEST49754443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:05.953015089 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.953031063 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.953186989 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:05.953197956 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.953478098 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:05.986205101 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.986221075 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.986656904 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:05.986669064 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.987277985 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.987294912 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.987926960 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.987941027 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.987958908 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:05.987967968 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.987997055 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:05.988931894 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.988954067 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.989006996 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:05.989015102 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.989042044 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:05.989756107 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.989770889 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.990708113 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:05.990719080 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.990803003 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.990823030 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:05.990897894 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:05.990897894 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:05.990906954 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:06.001523972 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:06.001585960 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:06.001629114 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:06.001637936 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:06.001699924 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:06.015111923 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:06.095280886 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:06.095303059 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:06.095510006 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:06.095529079 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:06.095568895 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:06.095873117 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:06.095887899 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:06.095932007 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:06.095938921 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:06.095957994 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:06.095976114 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:06.096527100 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:06.096540928 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:06.096587896 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:06.096596003 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:06.096637011 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:06.097037077 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:06.097093105 CEST443497563.165.136.99192.168.2.4
                                                                                            Jul 3, 2024 18:21:06.097094059 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:06.097134113 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:06.098534107 CEST49756443192.168.2.43.165.136.99
                                                                                            Jul 3, 2024 18:21:08.368922949 CEST4434975535.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:08.368937016 CEST4434975535.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:08.369023085 CEST4434975535.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:08.369818926 CEST49755443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:08.369818926 CEST49755443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:08.376831055 CEST49762443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:08.376882076 CEST4434976235.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:08.376976967 CEST49762443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:08.377857924 CEST49763443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:08.377870083 CEST4434976335.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:08.378118038 CEST49763443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:08.378118038 CEST49763443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:08.378134966 CEST4434976335.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:08.378657103 CEST49762443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:08.378676891 CEST4434976235.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:09.290977955 CEST4434976335.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:09.292578936 CEST49763443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:09.292608023 CEST4434976335.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:09.325457096 CEST4434976235.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:09.327083111 CEST49762443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:09.327095032 CEST4434976235.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:09.512728930 CEST4434976235.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:09.512799978 CEST4434976235.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:09.512872934 CEST49762443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:09.513271093 CEST49762443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:53.376559973 CEST49767443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:53.376599073 CEST4434976735.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:53.376694918 CEST49767443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:53.378166914 CEST49767443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:53.378175974 CEST4434976735.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:54.288664103 CEST4434976735.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:54.291129112 CEST49767443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:54.291136980 CEST4434976735.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:54.475404978 CEST4434976735.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:54.475500107 CEST4434976735.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:54.475590944 CEST49767443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:54.477663994 CEST49767443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:54.479181051 CEST49768443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:54.479209900 CEST4434976835.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:54.479350090 CEST49768443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:54.479623079 CEST49768443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:54.479631901 CEST4434976835.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:55.432374954 CEST4434976835.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:55.437547922 CEST49768443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:55.437556982 CEST4434976835.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:55.677858114 CEST4434976835.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:55.677958965 CEST4434976835.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:21:55.678021908 CEST49768443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:21:55.684559107 CEST49768443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:02.242278099 CEST4434976335.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:02.242306948 CEST4434976335.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:02.242374897 CEST4434976335.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:02.242471933 CEST49763443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:02.242517948 CEST49763443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:02.243602037 CEST49763443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:02.250381947 CEST49773443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:02.250402927 CEST4434977335.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:02.250458956 CEST49773443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:02.251063108 CEST49774443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:02.251080036 CEST4434977435.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:02.251149893 CEST49774443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:02.251337051 CEST49774443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:02.251351118 CEST4434977435.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:02.252360106 CEST49773443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:02.252372026 CEST4434977335.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:03.261666059 CEST4434977335.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:03.263617039 CEST4434977435.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:03.308283091 CEST49773443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:03.308283091 CEST49774443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:03.320193052 CEST49773443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:03.320200920 CEST4434977335.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:03.327630043 CEST49774443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:03.327636957 CEST4434977435.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:03.567173004 CEST4434977335.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:03.620759964 CEST49773443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:03.620775938 CEST4434977335.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:03.621346951 CEST49773443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:03.621476889 CEST4434977335.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:03.621537924 CEST49773443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:08.871891022 CEST4434977435.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:08.871932983 CEST4434977435.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:08.872020006 CEST49774443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:08.872039080 CEST4434977435.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:08.872453928 CEST49774443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:08.872503042 CEST4434977435.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:08.872595072 CEST49774443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:08.879570007 CEST49778443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:08.879609108 CEST4434977835.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:08.879663944 CEST49778443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:08.880424023 CEST49778443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:08.880434990 CEST4434977835.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:08.880856037 CEST49779443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:08.880866051 CEST4434977935.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:08.880923033 CEST49779443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:08.881196976 CEST49779443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:08.881206989 CEST4434977935.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:09.789052963 CEST49779443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:09.816095114 CEST49781443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:09.816135883 CEST4434978135.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:09.816206932 CEST49781443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:09.817451954 CEST49781443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:09.817472935 CEST4434978135.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:09.836510897 CEST4434977935.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:10.288366079 CEST4434977935.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:10.288460970 CEST49779443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:10.288460970 CEST49779443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:10.380183935 CEST4434977835.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:10.382592916 CEST49778443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:10.382592916 CEST49778443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:10.382623911 CEST4434977835.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:10.382858038 CEST4434977835.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:10.383857965 CEST49778443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:10.428494930 CEST4434977835.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:10.574039936 CEST4434977835.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:10.574120045 CEST4434977835.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:10.574738979 CEST49778443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:10.575685978 CEST49778443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:10.575685978 CEST49783443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:10.575722933 CEST4434978335.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:10.575930119 CEST49783443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:10.576142073 CEST49783443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:10.576157093 CEST4434978335.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:11.018095970 CEST4434978135.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:11.018723965 CEST49781443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:11.198765993 CEST49781443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:11.198800087 CEST4434978135.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:11.199187994 CEST4434978135.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:11.208558083 CEST49781443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:11.252504110 CEST4434978135.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:11.494760036 CEST4434978135.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:11.494853020 CEST4434978135.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:11.494921923 CEST49781443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:11.500011921 CEST49781443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:11.513473034 CEST4434978335.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:11.539118052 CEST49783443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:11.539135933 CEST4434978335.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:11.742841005 CEST4434978335.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:11.742907047 CEST4434978335.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:11.742974997 CEST49783443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:11.743474960 CEST49783443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:11.748698950 CEST49784443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:11.748723984 CEST4434978435.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:11.748790026 CEST49784443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:11.749442101 CEST49784443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:11.749452114 CEST4434978435.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:11.749849081 CEST49785443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:11.749892950 CEST4434978535.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:11.749978065 CEST49785443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:11.750191927 CEST49785443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:11.750210047 CEST4434978535.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:12.680270910 CEST4434978535.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:12.681950092 CEST49785443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:12.681981087 CEST4434978535.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:12.837378025 CEST4434978435.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:12.838721037 CEST49784443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:12.838752985 CEST4434978435.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:13.032052040 CEST4434978435.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:13.032129049 CEST4434978435.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:13.032201052 CEST49784443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:13.032820940 CEST49784443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:22.380079031 CEST4434978535.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:22.433258057 CEST49785443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:22.433293104 CEST4434978535.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:22.433926105 CEST49785443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:22.433990002 CEST4434978535.157.63.229192.168.2.4
                                                                                            Jul 3, 2024 18:22:22.434093952 CEST49785443192.168.2.435.157.63.229
                                                                                            Jul 3, 2024 18:22:22.444823980 CEST49789443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:22.444860935 CEST4434978935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:22.445019007 CEST49789443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:22.446078062 CEST49789443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:22.446078062 CEST49790443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:22.446100950 CEST4434978935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:22.446111917 CEST4434979035.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:22.446813107 CEST49790443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:22.450717926 CEST49790443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:22.450730085 CEST4434979035.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:22.935266018 CEST49790443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:22.936388969 CEST49792443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:22.936419010 CEST4434979235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:22.936702967 CEST49792443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:22.937079906 CEST49792443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:22.937092066 CEST4434979235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:22.976500034 CEST4434979035.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:23.354850054 CEST4434978935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:23.354932070 CEST49789443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:23.357191086 CEST49789443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:23.357201099 CEST4434978935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:23.357592106 CEST4434978935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:23.358499050 CEST49789443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:23.365159988 CEST4434979035.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:23.365217924 CEST49790443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:23.365236044 CEST49790443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:23.404493093 CEST4434978935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:23.546379089 CEST4434978935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:23.546462059 CEST4434978935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:23.546735048 CEST49789443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:23.547096968 CEST49789443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:23.547919035 CEST49794443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:23.547969103 CEST4434979435.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:23.548049927 CEST49794443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:23.548310041 CEST49794443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:23.548320055 CEST4434979435.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:23.904274940 CEST4434979235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:23.904364109 CEST49792443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:23.906841040 CEST49792443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:23.906852007 CEST4434979235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:23.907124043 CEST4434979235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:23.913376093 CEST49792443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:23.960499048 CEST4434979235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:24.145207882 CEST4434979235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:24.145282030 CEST4434979235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:24.145356894 CEST49792443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:24.169702053 CEST49792443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:24.170548916 CEST49797443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:24.170572996 CEST4434979735.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:24.170660973 CEST49797443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:24.171196938 CEST49797443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:24.171209097 CEST4434979735.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:24.621988058 CEST4434979435.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:24.635231972 CEST49794443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:24.635267019 CEST4434979435.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:24.823122978 CEST4434979435.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:24.871143103 CEST49794443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:24.871176004 CEST4434979435.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:24.873786926 CEST49794443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:24.873943090 CEST4434979435.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:24.874175072 CEST4434979435.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:24.874244928 CEST49794443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:24.874244928 CEST49794443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:25.070029974 CEST49798443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:25.070060968 CEST4434979835.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:25.070230007 CEST49798443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:25.073165894 CEST49798443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:25.073175907 CEST4434979835.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:25.097733021 CEST4434979735.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:25.097815990 CEST49797443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:25.099857092 CEST49797443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:25.099863052 CEST4434979735.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:25.100152969 CEST4434979735.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:25.104572058 CEST49797443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:25.152494907 CEST4434979735.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:25.338943958 CEST4434979735.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:25.339020967 CEST4434979735.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:25.339070082 CEST49797443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:25.345628977 CEST49797443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:25.346668959 CEST49799443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:25.346714020 CEST4434979935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:25.346767902 CEST49799443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:25.347107887 CEST49799443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:25.347120047 CEST4434979935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:26.119112968 CEST4434979835.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:26.119190931 CEST49798443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:26.121479988 CEST49798443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:26.121489048 CEST4434979835.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:26.122267008 CEST4434979835.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:26.128456116 CEST49798443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:26.172513962 CEST4434979835.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:26.312674999 CEST4434979835.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:26.312809944 CEST4434979835.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:26.312879086 CEST49798443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:26.313390970 CEST49798443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:26.405399084 CEST4434979935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:26.407352924 CEST49799443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:26.407394886 CEST4434979935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:26.622613907 CEST4434979935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:26.622642040 CEST4434979935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:26.622729063 CEST4434979935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:26.622760057 CEST49799443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:26.622796059 CEST49799443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:26.628808975 CEST49799443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:26.630306005 CEST49804443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:26.630352020 CEST4434980435.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:26.632967949 CEST49804443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:26.633280993 CEST49804443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:26.633299112 CEST4434980435.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:26.634792089 CEST49805443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:26.634821892 CEST4434980535.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:26.636871099 CEST49805443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:26.637110949 CEST49805443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:26.637124062 CEST4434980535.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:27.580800056 CEST4434980435.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:27.591917038 CEST4434980535.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:27.636409044 CEST49804443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:27.636410952 CEST49805443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:27.774017096 CEST49804443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:27.774034977 CEST4434980435.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:27.781476021 CEST49805443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:27.781507969 CEST4434980535.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:27.967195988 CEST4434980435.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:27.976859093 CEST4434980535.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:27.976941109 CEST4434980535.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:27.977014065 CEST49805443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:28.011506081 CEST49804443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:28.011523008 CEST4434980435.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:28.058053017 CEST4434980435.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:28.058260918 CEST49804443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:28.058299065 CEST49804443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:28.112612009 CEST49805443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:28.198088884 CEST49804443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:28.199038029 CEST49808443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:28.199084044 CEST4434980835.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:28.199151993 CEST49808443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:28.199662924 CEST49808443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:28.199676037 CEST4434980835.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:28.219947100 CEST49808443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:28.224461079 CEST49809443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:28.224520922 CEST4434980935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:28.224586964 CEST49809443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:28.226262093 CEST49809443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:28.226274014 CEST4434980935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:28.237329960 CEST49810443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:28.237345934 CEST4434981035.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:28.237428904 CEST49810443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:28.237907887 CEST49810443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:28.237922907 CEST4434981035.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:28.260523081 CEST4434980835.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:28.837603092 CEST49809443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:28.851491928 CEST49813443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:28.851541996 CEST4434981335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:28.851598978 CEST49813443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:28.851972103 CEST49813443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:28.851985931 CEST4434981335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:28.884495020 CEST4434980935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:29.159859896 CEST4434980935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:29.159924030 CEST49809443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:29.159950018 CEST49809443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:29.200350046 CEST4434981035.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:29.200418949 CEST49810443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:29.203888893 CEST49810443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:29.203897953 CEST4434981035.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:29.204188108 CEST4434981035.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:29.213221073 CEST49810443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:29.258198977 CEST4434980835.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:29.258361101 CEST4434980835.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:29.258443117 CEST49808443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:29.258443117 CEST49808443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:29.260493040 CEST4434981035.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:29.410962105 CEST4434981035.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:29.527194023 CEST49810443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:29.527223110 CEST4434981035.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:29.528103113 CEST49810443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:29.528194904 CEST4434981035.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:29.528301954 CEST49810443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:29.529117107 CEST49816443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:29.529150963 CEST4434981635.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:29.530224085 CEST49816443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:29.530844927 CEST49816443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:29.530860901 CEST4434981635.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:29.760124922 CEST4434981335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:29.760215044 CEST49813443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:29.762209892 CEST49813443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:29.762223005 CEST4434981335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:29.762522936 CEST4434981335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:29.765389919 CEST49813443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:29.812505960 CEST4434981335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:30.111182928 CEST49816443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:30.112082958 CEST49813443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:30.112207890 CEST4434981335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:30.112365961 CEST49813443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:30.115379095 CEST49820443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:30.115396976 CEST4434982035.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:30.115520000 CEST49820443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:30.115751028 CEST49820443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:30.115761995 CEST4434982035.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:30.116384029 CEST49821443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:30.116425037 CEST4434982135.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:30.116847992 CEST49821443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:30.117149115 CEST49821443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:30.117166996 CEST4434982135.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:30.156506062 CEST4434981635.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:30.272993088 CEST49821443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:30.274266958 CEST49823443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:30.274291039 CEST4434982335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:30.274348974 CEST49823443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:30.274768114 CEST49823443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:30.274780035 CEST4434982335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:30.320498943 CEST4434982135.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:30.448371887 CEST4434981635.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:30.448427916 CEST49816443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:30.448450089 CEST49816443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:31.047808886 CEST4434982135.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:31.047878027 CEST49821443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:31.047899008 CEST49821443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:31.048115015 CEST4434982035.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:31.048187971 CEST49820443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:31.052692890 CEST49820443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:31.052712917 CEST4434982035.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:31.052998066 CEST4434982035.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:31.054464102 CEST49820443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:31.096503019 CEST4434982035.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:31.124958992 CEST4434982335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:31.125042915 CEST49823443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:31.130419016 CEST49823443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:31.130439043 CEST4434982335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:31.130747080 CEST4434982335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:31.132762909 CEST49823443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:31.176491976 CEST4434982335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:31.241348982 CEST4434982035.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:31.241434097 CEST4434982035.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:31.241483927 CEST49820443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:31.242074013 CEST49820443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:31.282741070 CEST49826443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:31.282793045 CEST4434982635.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:31.283025026 CEST49826443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:31.283433914 CEST49826443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:31.283451080 CEST4434982635.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:31.321650982 CEST4434982335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:31.321732998 CEST4434982335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:31.321892023 CEST49823443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:31.322244883 CEST49823443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:31.326725960 CEST49827443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:31.326750040 CEST4434982735.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:31.327037096 CEST49827443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:31.327421904 CEST49827443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:31.327430964 CEST4434982735.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:32.257869005 CEST4434982635.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:32.259118080 CEST49826443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:32.259146929 CEST4434982635.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:32.449091911 CEST4434982635.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:32.449171066 CEST4434982635.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:32.449238062 CEST49826443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:32.457185030 CEST49826443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:32.459691048 CEST49832443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:32.459726095 CEST4434983235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:32.459774971 CEST49832443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:32.460685968 CEST49832443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:32.460704088 CEST4434983235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:32.527232885 CEST4434982735.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:32.587158918 CEST49827443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:32.587183952 CEST4434982735.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:32.782193899 CEST4434982735.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:32.782265902 CEST4434982735.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:32.782332897 CEST49827443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:32.791774035 CEST49827443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:32.798964024 CEST49833443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:32.798994064 CEST4434983335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:32.799053907 CEST49833443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:32.807303905 CEST49833443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:32.807313919 CEST4434983335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:33.356467009 CEST4434983235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:33.358092070 CEST49832443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:33.358119965 CEST4434983235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:33.542479992 CEST4434983235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:33.542555094 CEST4434983235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:33.542680979 CEST49832443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:33.543179989 CEST49832443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:33.546971083 CEST49837443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:33.547000885 CEST4434983735.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:33.547070026 CEST49837443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:33.547353029 CEST49837443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:33.547363997 CEST4434983735.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:33.734885931 CEST49833443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:33.736820936 CEST49838443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:33.736881018 CEST4434983835.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:33.736933947 CEST49838443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:33.737196922 CEST49838443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:33.737210989 CEST4434983835.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:33.776492119 CEST4434983335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:33.840162992 CEST4434983335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:33.840248108 CEST49833443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:34.356580973 CEST49838443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:34.359190941 CEST49842443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:34.359246016 CEST4434984235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:34.359343052 CEST49842443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:34.360846043 CEST49842443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:34.360878944 CEST4434984235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:34.400511026 CEST4434983835.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:34.455584049 CEST4434983735.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:34.455663919 CEST49837443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:34.457439899 CEST49837443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:34.457451105 CEST4434983735.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:34.457694054 CEST4434983735.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:34.458986044 CEST49837443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:34.504502058 CEST4434983735.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:34.642853022 CEST4434983735.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:34.642921925 CEST4434983735.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:34.643069983 CEST49837443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:34.644244909 CEST49837443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:34.644296885 CEST49843443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:34.644326925 CEST4434984335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:34.644504070 CEST49843443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:34.644891977 CEST49843443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:34.644906044 CEST4434984335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:34.664027929 CEST4434983835.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:34.664105892 CEST49838443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:34.664105892 CEST49838443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:35.282489061 CEST4434984235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:35.282557011 CEST49842443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:35.284904957 CEST49842443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:35.284914017 CEST4434984235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:35.285305023 CEST4434984235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:35.286478043 CEST49842443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:35.296372890 CEST49842443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:35.296406031 CEST4434984235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:35.296457052 CEST49842443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:35.297442913 CEST49843443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:35.299287081 CEST49848443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:35.299314976 CEST4434984835.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:35.299369097 CEST49848443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:35.299673080 CEST49848443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:35.299679041 CEST4434984835.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:35.300874949 CEST49849443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:35.300905943 CEST4434984935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:35.300961971 CEST49849443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:35.301259041 CEST49849443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:35.301270008 CEST4434984935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:35.344490051 CEST4434984335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:35.597691059 CEST4434984335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:35.597815990 CEST49843443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:36.231625080 CEST4434984835.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:36.231712103 CEST49848443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:36.408606052 CEST4434984935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:36.408679962 CEST49849443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:36.437467098 CEST49849443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:36.437480927 CEST4434984935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:36.437825918 CEST4434984935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:36.443068027 CEST49849443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:36.484492064 CEST4434984935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:36.494518042 CEST49848443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:36.494554996 CEST4434984835.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:36.494858980 CEST4434984835.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:36.497009993 CEST49848443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:36.544492006 CEST4434984835.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:36.631788969 CEST4434984935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:36.693825006 CEST4434984835.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:36.693905115 CEST4434984835.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:36.693953991 CEST49848443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:36.694508076 CEST49848443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:36.696233988 CEST49853443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:36.696263075 CEST4434985335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:36.696316957 CEST49853443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:36.696635962 CEST49853443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:36.696645021 CEST4434985335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:36.726443052 CEST4434984935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:36.726602077 CEST49849443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:36.727112055 CEST49849443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:36.727801085 CEST49854443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:36.727823973 CEST4434985435.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:36.727901936 CEST49854443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:36.728127956 CEST49854443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:36.728140116 CEST4434985435.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:37.450366020 CEST49854443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:37.451483011 CEST49857443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:37.451534033 CEST4434985735.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:37.454874039 CEST49857443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:37.455357075 CEST49857443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:37.455369949 CEST4434985735.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:37.492537022 CEST4434985435.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:37.637811899 CEST4434985335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:37.642739058 CEST49853443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:37.642775059 CEST4434985335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:37.658368111 CEST4434985435.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:37.658490896 CEST49854443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:37.879554033 CEST4434985335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:37.879641056 CEST4434985335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:37.879847050 CEST49853443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:37.880350113 CEST49853443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:37.884231091 CEST49863443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:37.884272099 CEST4434986335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:37.884656906 CEST49863443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:37.885663986 CEST49863443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:37.885675907 CEST4434986335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:38.388108015 CEST4434985735.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:38.388183117 CEST49857443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:38.389956951 CEST49857443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:38.389976025 CEST4434985735.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:38.390191078 CEST4434985735.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:38.391587973 CEST49857443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:38.432506084 CEST4434985735.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:38.594595909 CEST4434985735.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:38.594760895 CEST4434985735.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:38.594832897 CEST49857443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:38.595592022 CEST49857443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:38.596419096 CEST49865443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:38.596465111 CEST4434986535.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:38.596532106 CEST49865443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:38.596764088 CEST49865443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:38.596780062 CEST4434986535.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:38.829775095 CEST4434986335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:38.829898119 CEST49863443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:38.831665993 CEST49863443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:38.831677914 CEST4434986335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:38.831921101 CEST4434986335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:38.835736990 CEST49863443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:38.876504898 CEST4434986335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:38.952315092 CEST49865443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:38.956712008 CEST49868443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:38.956754923 CEST4434986835.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:38.956811905 CEST49868443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:38.961536884 CEST49868443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:38.961555958 CEST4434986835.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:38.996495008 CEST4434986535.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:39.019211054 CEST4434986335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:39.019285917 CEST4434986335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:39.019362926 CEST49863443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:39.024247885 CEST49863443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:39.026715994 CEST49869443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:39.026741028 CEST4434986935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:39.026822090 CEST49869443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:39.027512074 CEST49869443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:39.027523041 CEST4434986935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:39.395771980 CEST49868443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:39.398575068 CEST49871443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:39.398617983 CEST4434987135.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:39.398755074 CEST49871443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:39.399393082 CEST49871443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:39.399404049 CEST4434987135.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:39.440512896 CEST4434986835.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:39.581684113 CEST4434986535.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:39.581830025 CEST4434986535.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:39.584849119 CEST49865443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:39.584877968 CEST49865443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:39.878844023 CEST4434986835.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:39.878993988 CEST49868443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:39.879000902 CEST4434986835.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:39.879085064 CEST49868443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:39.950274944 CEST4434986935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:39.950352907 CEST49869443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:39.952538967 CEST49869443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:39.952555895 CEST4434986935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:39.952789068 CEST4434986935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:39.954696894 CEST49869443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:40.000494003 CEST4434986935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:40.137414932 CEST4434986935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:40.230345964 CEST49869443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:40.230381966 CEST4434986935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:40.231018066 CEST49869443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:40.231090069 CEST4434986935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:40.231292009 CEST4434986935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:40.231354952 CEST49869443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:40.231374025 CEST49869443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:40.231908083 CEST49877443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:40.231960058 CEST4434987735.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:40.232023001 CEST49877443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:40.232265949 CEST49877443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:40.232279062 CEST4434987735.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:40.414949894 CEST49877443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:40.416347027 CEST49879443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:40.416400909 CEST4434987935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:40.416467905 CEST49879443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:40.416795015 CEST49879443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:40.416810036 CEST4434987935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:40.445122957 CEST4434987135.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:40.445238113 CEST49871443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:40.447150946 CEST49871443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:40.447175980 CEST4434987135.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:40.447446108 CEST4434987135.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:40.448708057 CEST49871443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:40.460505962 CEST4434987735.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:40.496505022 CEST4434987135.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:40.633714914 CEST4434987135.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:40.633791924 CEST4434987135.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:40.633840084 CEST49871443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:40.634284019 CEST49871443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:41.145802021 CEST4434987735.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:41.145873070 CEST49877443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:41.145901918 CEST49877443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:41.196182013 CEST49879443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:41.200490952 CEST49884443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:41.200540066 CEST4434988435.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:41.200592041 CEST49884443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:41.202295065 CEST49884443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:41.202322960 CEST4434988435.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:41.203175068 CEST49885443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:41.203212976 CEST4434988535.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:41.203279972 CEST49885443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:41.203751087 CEST49885443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:41.203766108 CEST4434988535.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:41.240510941 CEST4434987935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:41.351021051 CEST4434987935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:41.351113081 CEST49879443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:41.351113081 CEST49879443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:42.153620958 CEST4434988435.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:42.155725002 CEST4434988535.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:42.157186985 CEST49885443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:42.157193899 CEST49884443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:42.157200098 CEST4434988535.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:42.157227993 CEST4434988435.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:42.348709106 CEST4434988535.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:42.349575996 CEST4434988435.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:42.349669933 CEST4434988435.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:42.349771976 CEST49884443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:42.350317955 CEST49884443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:42.351362944 CEST49889443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:42.351413965 CEST4434988935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:42.351471901 CEST49889443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:42.351885080 CEST49889443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:42.351901054 CEST4434988935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:42.464535952 CEST49885443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:42.464564085 CEST4434988535.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:42.465435982 CEST49885443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:42.465537071 CEST4434988535.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:42.465600967 CEST49885443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:42.466902971 CEST49890443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:42.466970921 CEST4434989035.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:42.467031956 CEST49890443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:42.467299938 CEST49890443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:42.467319965 CEST4434989035.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:42.968036890 CEST49890443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:42.968210936 CEST49889443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:42.971919060 CEST49892443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:42.971944094 CEST4434989235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:42.971992016 CEST49892443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:42.973052979 CEST49893443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:42.973094940 CEST4434989335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:42.973144054 CEST49893443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:42.973520041 CEST49893443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:42.973536015 CEST4434989335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:42.973643064 CEST49892443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:42.973659039 CEST4434989235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:43.012494087 CEST4434988935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:43.012505054 CEST4434989035.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:43.432744980 CEST4434988935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:43.432866096 CEST49889443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:43.433064938 CEST49889443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:43.561371088 CEST4434989035.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:43.561436892 CEST49890443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:43.561487913 CEST49890443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:44.032306910 CEST4434989235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:44.032488108 CEST49892443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:44.034751892 CEST49892443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:44.034774065 CEST4434989235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:44.034986973 CEST4434989235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:44.036055088 CEST49892443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:44.076515913 CEST4434989235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:44.098792076 CEST4434989335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:44.099024057 CEST49893443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:44.102722883 CEST49893443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:44.102732897 CEST4434989335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:44.103060007 CEST4434989335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:44.106755018 CEST49893443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:44.148495913 CEST4434989335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:44.218673944 CEST4434989235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:44.218738079 CEST4434989235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:44.219453096 CEST49892443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:44.219599009 CEST49892443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:44.338161945 CEST4434989335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:44.338241100 CEST4434989335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:44.338433027 CEST49893443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:44.339024067 CEST49893443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:44.546598911 CEST49901443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:44.546643972 CEST4434990135.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:44.546777010 CEST49901443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:44.549058914 CEST49902443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:44.549067020 CEST4434990235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:44.549098969 CEST49901443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:44.549113989 CEST4434990135.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:44.549124956 CEST49902443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:44.550493002 CEST49902443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:44.550513983 CEST4434990235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:44.574709892 CEST49901443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:44.576647997 CEST49903443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:44.576694012 CEST4434990335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:44.576760054 CEST49903443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:44.577013969 CEST49903443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:44.577025890 CEST4434990335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:44.616503954 CEST4434990135.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:45.478574038 CEST4434990135.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:45.478653908 CEST49901443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:45.596256018 CEST4434990235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:45.596344948 CEST49902443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:45.607891083 CEST4434990335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:45.608001947 CEST49903443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:45.663110971 CEST49902443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:45.663136959 CEST4434990235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:45.664119959 CEST4434990235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:45.770589113 CEST49902443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:45.775398016 CEST49903443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:45.775427103 CEST4434990335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:45.775777102 CEST4434990335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:45.779753923 CEST49903443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:45.816494942 CEST4434990235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:45.820498943 CEST4434990335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:45.954209089 CEST4434990235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:45.954309940 CEST4434990235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:45.954457045 CEST49902443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:45.955507040 CEST49902443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:45.967123032 CEST4434990335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:45.967190027 CEST4434990335.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:45.967397928 CEST49903443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:45.967772007 CEST49903443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:47.248151064 CEST49915443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:47.248192072 CEST4434991535.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:47.248271942 CEST49915443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:47.249146938 CEST49915443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:47.249160051 CEST4434991535.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:47.251214981 CEST49916443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:47.251252890 CEST4434991635.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:47.251338005 CEST49916443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:47.251713037 CEST49916443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:47.251723051 CEST4434991635.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:48.197154045 CEST4434991635.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:48.222286940 CEST4434991535.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:48.244318008 CEST49916443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:48.254262924 CEST49916443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:48.254270077 CEST4434991635.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:48.256983042 CEST49915443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:48.257003069 CEST4434991535.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:48.441251040 CEST4434991635.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:48.441334963 CEST4434991635.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:48.441395044 CEST49916443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:48.492208958 CEST4434991535.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:48.573906898 CEST49915443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:48.573928118 CEST4434991535.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:48.638571978 CEST4434991535.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:48.638638973 CEST49915443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:48.954140902 CEST49916443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:48.982956886 CEST49915443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:49.136861086 CEST49919443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:49.136913061 CEST4434991935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:49.136961937 CEST49919443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:49.137727022 CEST49919443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:49.137739897 CEST4434991935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:49.732141018 CEST49919443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:49.741058111 CEST49922443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:49.741097927 CEST4434992235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:49.741250992 CEST49922443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:49.742049932 CEST49922443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:49.742063046 CEST4434992235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:49.758074045 CEST49924443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:49.758104086 CEST4434992435.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:49.758172035 CEST49924443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:49.760431051 CEST49924443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:49.760448933 CEST4434992435.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:49.776504040 CEST4434991935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:50.055085897 CEST4434991935.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:50.055152893 CEST49919443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:50.654624939 CEST4434992235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:50.654695034 CEST49922443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:50.657263994 CEST49922443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:50.657277107 CEST4434992235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:50.657612085 CEST4434992235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:50.659162998 CEST49922443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:50.702657938 CEST4434992435.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:50.702716112 CEST49924443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:50.704391003 CEST49924443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:50.704397917 CEST4434992435.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:50.704488993 CEST4434992235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:50.704649925 CEST4434992435.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:50.706043959 CEST49924443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:50.752492905 CEST4434992435.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:50.848737001 CEST4434992235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:50.848836899 CEST4434992235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:50.849014044 CEST49922443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:50.849549055 CEST49922443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:50.850415945 CEST49928443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:50.850435019 CEST4434992835.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:50.852938890 CEST49928443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:50.853291988 CEST49928443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:50.853298903 CEST4434992835.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:50.896287918 CEST4434992435.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:50.896384954 CEST4434992435.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:50.896543980 CEST49924443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:50.896966934 CEST49924443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:50.903254032 CEST49928443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:50.904627085 CEST49930443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:50.904674053 CEST4434993035.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:50.904880047 CEST49930443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:50.905467987 CEST49930443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:50.905483007 CEST4434993035.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:50.907754898 CEST49931443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:50.907772064 CEST4434993135.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:50.908020973 CEST49931443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:50.908624887 CEST49931443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:50.908637047 CEST4434993135.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:50.948489904 CEST4434992835.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:51.849384069 CEST4434992835.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:51.849459887 CEST49928443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:51.859930992 CEST4434993135.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:51.860024929 CEST49931443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:51.870650053 CEST4434993035.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:51.870793104 CEST49930443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:54.434640884 CEST49930443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:54.434655905 CEST4434993035.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:54.435122967 CEST49931443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:54.435153961 CEST4434993135.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:54.435451031 CEST4434993135.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:54.435609102 CEST4434993035.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:54.435869932 CEST49930443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:54.435976028 CEST49930443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:54.435976028 CEST49932443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:54.436007023 CEST4434993235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:54.436204910 CEST49932443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:54.436394930 CEST49932443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:54.436410904 CEST4434993235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:54.437521935 CEST49931443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:54.480513096 CEST4434993135.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:54.642625093 CEST4434993135.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:54.642685890 CEST4434993135.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:54.642853022 CEST49931443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:54.643244028 CEST49931443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:55.404489994 CEST4434993235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:55.404561043 CEST49932443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:55.405900002 CEST49932443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:55.405909061 CEST4434993235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:55.406121969 CEST4434993235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:55.406847000 CEST49932443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:55.452522039 CEST4434993235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:55.642225027 CEST4434993235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:55.642292976 CEST4434993235.157.63.227192.168.2.4
                                                                                            Jul 3, 2024 18:22:55.642345905 CEST49932443192.168.2.435.157.63.227
                                                                                            Jul 3, 2024 18:22:55.642889023 CEST49932443192.168.2.435.157.63.227

                                                                                            UDP Packets

                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                            Jul 3, 2024 18:20:49.966672897 CEST5040253192.168.2.41.1.1.1
                                                                                            Jul 3, 2024 18:20:58.391335964 CEST5736453192.168.2.41.1.1.1
                                                                                            Jul 3, 2024 18:21:01.091185093 CEST5484853192.168.2.41.1.1.1
                                                                                            Jul 3, 2024 18:21:01.100020885 CEST53548481.1.1.1192.168.2.4
                                                                                            Jul 3, 2024 18:21:01.160779953 CEST6444753192.168.2.41.1.1.1
                                                                                            Jul 3, 2024 18:21:04.508060932 CEST5128853192.168.2.41.1.1.1
                                                                                            Jul 3, 2024 18:21:04.516752005 CEST53512881.1.1.1192.168.2.4
                                                                                            Jul 3, 2024 18:22:00.715751886 CEST5959053192.168.2.41.1.1.1
                                                                                            Jul 3, 2024 18:22:11.773366928 CEST6201353192.168.2.41.1.1.1
                                                                                            Jul 3, 2024 18:22:22.436206102 CEST6469353192.168.2.41.1.1.1
                                                                                            Jul 3, 2024 18:22:22.444119930 CEST53646931.1.1.1192.168.2.4
                                                                                            Jul 3, 2024 18:22:22.935261965 CEST5069053192.168.2.41.1.1.1
                                                                                            Jul 3, 2024 18:22:31.318727970 CEST5633653192.168.2.41.1.1.1
                                                                                            Jul 3, 2024 18:22:40.152726889 CEST5688453192.168.2.41.1.1.1
                                                                                            Jul 3, 2024 18:22:50.793766022 CEST5870753192.168.2.41.1.1.1

                                                                                            DNS Queries

                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                            Jul 3, 2024 18:20:49.966672897 CEST192.168.2.41.1.1.10xccb2Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                            Jul 3, 2024 18:20:58.391335964 CEST192.168.2.41.1.1.10x6067Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                            Jul 3, 2024 18:21:01.091185093 CEST192.168.2.41.1.1.10x58caStandard query (0)ps.pndsn.comA (IP address)IN (0x0001)false
                                                                                            Jul 3, 2024 18:21:01.160779953 CEST192.168.2.41.1.1.10x868fStandard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                            Jul 3, 2024 18:21:04.508060932 CEST192.168.2.41.1.1.10x5cStandard query (0)ps.atera.comA (IP address)IN (0x0001)false
                                                                                            Jul 3, 2024 18:22:00.715751886 CEST192.168.2.41.1.1.10x7106Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                            Jul 3, 2024 18:22:11.773366928 CEST192.168.2.41.1.1.10xf9bdStandard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                            Jul 3, 2024 18:22:22.436206102 CEST192.168.2.41.1.1.10x106bStandard query (0)ps.pndsn.comA (IP address)IN (0x0001)false
                                                                                            Jul 3, 2024 18:22:22.935261965 CEST192.168.2.41.1.1.10xb32cStandard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                            Jul 3, 2024 18:22:31.318727970 CEST192.168.2.41.1.1.10x7a27Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                            Jul 3, 2024 18:22:40.152726889 CEST192.168.2.41.1.1.10x4856Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                            Jul 3, 2024 18:22:50.793766022 CEST192.168.2.41.1.1.10x8eccStandard query (0)agent-api.atera.comA (IP address)IN (0x0001)false

                                                                                            DNS Answers

                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                            Jul 3, 2024 18:20:49.975600958 CEST1.1.1.1192.168.2.40xccb2No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                            Jul 3, 2024 18:20:56.278439999 CEST1.1.1.1192.168.2.40xdb81No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                            Jul 3, 2024 18:20:56.278439999 CEST1.1.1.1192.168.2.40xdb81No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                            Jul 3, 2024 18:20:57.510230064 CEST1.1.1.1192.168.2.40xfd91No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                            Jul 3, 2024 18:20:57.510230064 CEST1.1.1.1192.168.2.40xfd91No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                            Jul 3, 2024 18:20:57.523814917 CEST1.1.1.1192.168.2.40xda09No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                            Jul 3, 2024 18:20:57.523814917 CEST1.1.1.1192.168.2.40xda09No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                            Jul 3, 2024 18:20:58.400152922 CEST1.1.1.1192.168.2.40x6067No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                            Jul 3, 2024 18:21:01.100020885 CEST1.1.1.1192.168.2.40x58caNo error (0)ps.pndsn.com35.157.63.229A (IP address)IN (0x0001)false
                                                                                            Jul 3, 2024 18:21:01.100020885 CEST1.1.1.1192.168.2.40x58caNo error (0)ps.pndsn.com35.157.63.227A (IP address)IN (0x0001)false
                                                                                            Jul 3, 2024 18:21:01.170380116 CEST1.1.1.1192.168.2.40x868fNo error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                            Jul 3, 2024 18:21:04.516752005 CEST1.1.1.1192.168.2.40x5cNo error (0)ps.atera.comd25btwd9wax8gu.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                            Jul 3, 2024 18:21:04.516752005 CEST1.1.1.1192.168.2.40x5cNo error (0)d25btwd9wax8gu.cloudfront.net3.165.136.99A (IP address)IN (0x0001)false
                                                                                            Jul 3, 2024 18:21:04.516752005 CEST1.1.1.1192.168.2.40x5cNo error (0)d25btwd9wax8gu.cloudfront.net3.165.136.91A (IP address)IN (0x0001)false
                                                                                            Jul 3, 2024 18:21:04.516752005 CEST1.1.1.1192.168.2.40x5cNo error (0)d25btwd9wax8gu.cloudfront.net3.165.136.42A (IP address)IN (0x0001)false
                                                                                            Jul 3, 2024 18:21:04.516752005 CEST1.1.1.1192.168.2.40x5cNo error (0)d25btwd9wax8gu.cloudfront.net3.165.136.45A (IP address)IN (0x0001)false
                                                                                            Jul 3, 2024 18:21:06.977324963 CEST1.1.1.1192.168.2.40xe056No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                            Jul 3, 2024 18:21:06.977324963 CEST1.1.1.1192.168.2.40xe056No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                            Jul 3, 2024 18:21:57.571146011 CEST1.1.1.1192.168.2.40xa85aNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                            Jul 3, 2024 18:21:57.571146011 CEST1.1.1.1192.168.2.40xa85aNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                            Jul 3, 2024 18:22:00.743941069 CEST1.1.1.1192.168.2.40x7106No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                            Jul 3, 2024 18:22:11.815804005 CEST1.1.1.1192.168.2.40xf9bdNo error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                            Jul 3, 2024 18:22:22.444119930 CEST1.1.1.1192.168.2.40x106bNo error (0)ps.pndsn.com35.157.63.227A (IP address)IN (0x0001)false
                                                                                            Jul 3, 2024 18:22:22.444119930 CEST1.1.1.1192.168.2.40x106bNo error (0)ps.pndsn.com35.157.63.228A (IP address)IN (0x0001)false
                                                                                            Jul 3, 2024 18:22:22.943461895 CEST1.1.1.1192.168.2.40xb32cNo error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                            Jul 3, 2024 18:22:31.329102039 CEST1.1.1.1192.168.2.40x7a27No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                            Jul 3, 2024 18:22:40.160761118 CEST1.1.1.1192.168.2.40x4856No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                            Jul 3, 2024 18:22:50.802911997 CEST1.1.1.1192.168.2.40x8eccNo error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false

                                                                                            HTTP Request Dependency Graph

                                                                                            • ps.pndsn.com
                                                                                            • ps.atera.com

                                                                                            HTTPS Proxied Packets

                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            0192.168.2.44974335.157.63.2294437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:21:02 UTC183OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=4268a400-66a4-4a60-8ada-3d40a293c400&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Host: ps.pndsn.com
                                                                                            Connection: Keep-Alive
                                                                                            2024-07-03 16:21:02 UTC168INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:21:02 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Connection: close
                                                                                            Content-Length: 19
                                                                                            Cache-Control: no-cache
                                                                                            2024-07-03 16:21:02 UTC19INData Raw: 5b 31 37 32 30 30 32 33 36 36 32 32 33 39 32 34 32 39 5d
                                                                                            Data Ascii: [17200236622392429]


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            1192.168.2.44974635.157.63.2294437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:21:02 UTC364OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=0eb26796-307c-4e44-aa88-dac711ca4da1&tt=0&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Cache-Control: no-cache
                                                                                            Pragma: no-cache
                                                                                            Content-Type: application/json
                                                                                            Host: ps.pndsn.com
                                                                                            Connection: Keep-Alive
                                                                                            2024-07-03 16:21:02 UTC235INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:21:02 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Content-Length: 45
                                                                                            Connection: close
                                                                                            Cache-Control: no-cache
                                                                                            Access-Control-Allow-Origin: *
                                                                                            Access-Control-Allow-Methods: GET
                                                                                            2024-07-03 16:21:02 UTC45INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 32 30 30 32 33 36 36 32 31 38 38 34 30 37 31 22 2c 22 72 22 3a 34 33 7d 2c 22 6d 22 3a 5b 5d 7d
                                                                                            Data Ascii: {"t":{"t":"17200236621884071","r":43},"m":[]}


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            2192.168.2.44975035.157.63.2294437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:21:03 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ceac7b8a-d06f-46f6-b40d-723d7f8ecc6e&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:21:03 UTC168INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:21:03 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Connection: close
                                                                                            Content-Length: 19
                                                                                            Cache-Control: no-cache
                                                                                            2024-07-03 16:21:03 UTC19INData Raw: 5b 31 37 32 30 30 32 33 36 36 33 38 32 30 34 38 31 38 5d
                                                                                            Data Ascii: [17200236638204818]


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            3192.168.2.44975135.157.63.2294437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:21:03 UTC362OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=3223849c-8c48-4b98-a40e-e3dd7f3726a2&tr=43&tt=17200236621884071&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Cache-Control: no-cache
                                                                                            Pragma: no-cache
                                                                                            Content-Type: application/json
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:21:04 UTC237INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:21:04 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Content-Length: 1852
                                                                                            Connection: close
                                                                                            Cache-Control: no-cache
                                                                                            Access-Control-Allow-Origin: *
                                                                                            Access-Control-Allow-Methods: GET
                                                                                            2024-07-03 16:21:04 UTC1852INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 32 30 30 32 33 36 36 34 32 32 39 32 30 36 34 22 2c 22 72 22 3a 34 33 7d 2c 22 6d 22 3a 5b 7b 22 61 22 3a 22 32 22 2c 22 66 22 3a 30 2c 22 69 22 3a 22 63 64 63 62 36 37 63 37 2d 33 30 39 61 2d 34 66 38 65 2d 39 33 62 35 2d 62 35 32 64 35 61 37 63 38 33 66 35 22 2c 22 70 22 3a 7b 22 74 22 3a 22 31 37 32 30 30 32 33 36 36 34 32 32 39 32 30 36 34 22 2c 22 72 22 3a 34 32 7d 2c 22 6b 22 3a 22 73 75 62 2d 63 2d 61 30 32 63 65 63 61 38 2d 61 39 35 38 2d 31 31 65 35 2d 62 64 38 63 2d 30 36 31 39 66 38 39 34 35 61 34 66 22 2c 22 63 22 3a 22 37 64 37 63 61 35 31 37 2d 66 38 32 35 2d 34 33 37 32 2d 38 33 32 37 2d 63 32 33 32 66 36 31 38 38 30 63 34 22 2c 22 64 22 3a 7b 22 43 6f 6d 6d 61 6e 64 49 64 22 3a 22 33 32 30 35 35 37 32
                                                                                            Data Ascii: {"t":{"t":"17200236642292064","r":43},"m":[{"a":"2","f":0,"i":"cdcb67c7-309a-4f8e-93b5-b52d5a7c83f5","p":{"t":"17200236642292064","r":42},"k":"sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f","c":"7d7ca517-f825-4372-8327-c232f61880c4","d":{"CommandId":"3205572


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            4192.168.2.4497563.165.136.994437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:21:05 UTC212OUTGET /agentpackagesnet45/AgentPackageAgentInformation/36.7/AgentPackageAgentInformation.zip?yxq+fCr1/sCV4kS8o/HVmHx/dgGVV270VK3QOQFoBjo5F8FfGf1KSAqUEXmoaJqt HTTP/1.1
                                                                                            Host: ps.atera.com
                                                                                            Connection: Keep-Alive
                                                                                            2024-07-03 16:21:05 UTC671INHTTP/1.1 200 OK
                                                                                            Content-Type: application/octet-stream
                                                                                            Content-Length: 380877
                                                                                            Connection: close
                                                                                            Content-MD5: iEStRWdGLVnOuPsl6fqv4Q==
                                                                                            Last-Modified: Sun, 14 Apr 2024 09:54:05 GMT
                                                                                            Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
                                                                                            x-ms-request-id: 39d03d24-d01e-0051-530c-c2e046000000
                                                                                            x-ms-version: 2009-09-19
                                                                                            x-ms-lease-status: unlocked
                                                                                            x-ms-blob-type: BlockBlob
                                                                                            Date: Wed, 03 Jul 2024 05:52:09 GMT
                                                                                            ETag: 0x8DC5C68D26AB26F
                                                                                            Vary: Accept-Encoding
                                                                                            X-Cache: Hit from cloudfront
                                                                                            Via: 1.1 fa05633741160f5d7fda4a3fc2b1f1b0.cloudfront.net (CloudFront)
                                                                                            X-Amz-Cf-Pop: CDG52-P3
                                                                                            X-Amz-Cf-Id: kcGBazLOMlLXAgPlUvLwrG4R2fj9aKvUPKlrvY-Imw6C19JSA1wubg==
                                                                                            Age: 37764
                                                                                            2024-07-03 16:21:05 UTC15713INData Raw: 50 4b 03 04 2d 00 09 08 08 00 c0 4e 8e 58 23 17 fe 92 ff ff ff ff ff ff ff ff 3d 00 14 00 41 67 65 6e 74 50 61 63 6b 61 67 65 41 67 65 6e 74 49 6e 66 6f 72 6d 61 74 69 6f 6e 2f 41 67 65 6e 74 50 61 63 6b 61 67 65 41 67 65 6e 74 49 6e 66 6f 72 6d 61 74 69 6f 6e 2e 65 78 65 01 00 10 00 30 8c 02 00 00 00 00 00 97 0d 01 00 00 00 00 00 bb 19 41 23 7e 33 8a 5c 81 90 f2 58 fc aa 05 79 e9 2e 98 8c 87 9c 46 eb 52 6d fa 0d 69 cd 59 9f 1c ab e0 e1 7f df 29 bf 93 e3 93 61 a3 0b 6d 0f d9 4d 09 b7 ec 8f 56 22 3e 7d 48 48 ea fe 06 f0 a2 35 0c 00 4f 19 b2 03 ce 69 7e 63 fe 60 c7 58 f8 17 08 bc ce ce c2 0f 89 5e 8f 33 7c 0a be bc f4 52 78 95 2f e5 22 7b 00 1a 87 7f 09 99 a5 ce b5 d1 d2 ce 60 50 69 f3 91 91 d6 a8 ea 33 8e d6 3a 15 d0 f5 9b 9a 25 c8 5f c1 61 62 bb d4 2f 27
                                                                                            Data Ascii: PK-NX#=AgentPackageAgentInformation/AgentPackageAgentInformation.exe0A#~3\Xy.FRmiY)amMV">}HH5Oi~c`X^3|Rx/"{`Pi3:%_ab/'
                                                                                            2024-07-03 16:21:05 UTC16384INData Raw: f0 a9 e5 7b 90 0f 06 de 7c 00 bc dc 18 04 02 e9 ae 70 50 66 27 78 1e fa ed ae ab 3d 38 f3 80 20 0c 04 ee b9 85 11 82 6c df 48 ac 46 c1 23 3b e7 08 e7 1e 4a 10 6e ec 7b d7 06 d0 44 88 b3 3b 52 80 00 2b 6b a3 ae 4c ed 44 a5 18 91 13 5c 81 dc ca 05 6f 91 c3 71 67 5f fb 29 a9 6b 39 63 06 30 a1 0b 06 d2 c3 1c d6 8a c9 2b 95 36 c7 9f 2b 4a ea ed ad be 5c 50 67 d4 f2 c5 2f 3b 92 7e ed ec d6 71 c2 62 09 f9 13 cd eb 05 cb a0 05 f7 c6 6a ef ce 03 af 37 2d 0b 9a 6d a7 78 62 42 ea bf 33 b0 1b 25 4f ae b4 e0 c0 c5 98 9e d6 61 fe 5e d6 9a cd 89 1a e3 20 66 48 f3 73 3c c9 3d aa 5b 58 ca a0 f3 85 29 c1 cd 29 ff 18 67 ca 2d dc b8 38 a7 6a d3 d7 b0 2c 61 90 8b c0 c9 27 38 2a 67 1b 59 4c 0b 36 46 53 f1 4b 56 af 27 24 26 9e 86 82 ae 6c da b4 03 f9 6d b1 c9 54 62 eb e3 eb 3a
                                                                                            Data Ascii: {|pPf'x=8 lHF#;Jn{D;R+kLD\oqg_)k9c0+6+J\Pg/;~qbj7-mxbB3%Oa^ fHs<=[X))g-8j,a'8*gYL6FSKV'$&lmTb:
                                                                                            2024-07-03 16:21:05 UTC16384INData Raw: 0c e1 16 b2 dd a2 fe c2 f3 25 0c 8a 4b df c8 57 70 74 25 c0 a5 07 d3 bf 1b 96 a1 bb 5a 9b c5 71 42 e6 e7 d4 01 71 1d 6e 67 99 12 fd 10 8c 82 5c 6e 90 65 6e 03 cc ae 81 0d 70 35 3d 2f 3c 61 1e 8d 6e dd e2 d6 43 d5 87 db d4 83 e5 d6 af 80 21 fe 01 7d 98 f9 b4 f5 c0 bd c0 97 53 57 f8 37 62 c9 0b 16 5d e4 76 a6 19 35 b7 3c fa 0a a0 0f eb 99 20 e5 89 62 00 6f 77 bb 9d a6 ee b5 31 b7 fe ef 24 5b 3c fb 4f 4c 9f d7 92 17 b7 48 a1 f3 65 9d 1c df fd 84 1e 51 5d 55 c7 a4 7b 40 e7 e2 5b e2 4f ee 8e 60 2b 18 40 fc b5 fd 5f 1f 4e d2 9e e2 1a 87 df ec 5c a7 7e c1 44 5a f0 23 70 29 f1 8a 88 cc 4a c9 bd d1 80 0b 97 d9 44 fe 6b db ca bd 5d a1 b3 a1 5d 20 a4 7b 62 ef 9b f8 8a 32 e9 a2 13 7d 8e c2 fa 81 39 6f 28 56 1f bd f2 4f 8c 7a ff e8 70 a5 4d da 40 41 e9 7e 63 d1 42 aa
                                                                                            Data Ascii: %KWpt%ZqBqng\nenp5=/<anC!}SW7b]v5< bow1$[<OLHeQ]U{@[O`+@_N\~DZ#p)JDk]] {b2}9o(VOzpM@A~cB
                                                                                            2024-07-03 16:21:05 UTC16384INData Raw: f4 26 3f 93 ce d3 1c 6b a9 4a aa ee 78 75 d4 01 38 6b 0d ed 16 00 64 7a 92 e6 e2 37 a0 53 8c 7e eb d9 9b bb 8b a7 e6 4c 74 cd 32 44 54 db 7f cc fa c6 34 f5 10 b0 1f 9b 5a c8 11 0c fc cc 91 d3 93 e5 9b cf fa a7 78 18 c0 2c 7e 7f ce a1 9a ef ce 0f cd 83 3c cd d6 f4 b2 67 f9 a6 bb 71 a2 04 a2 dd 80 2b 9b 89 4a 93 b5 33 ab 24 ab 77 31 14 90 5e d6 29 66 bf ed 96 52 90 92 4d 16 26 15 ea 6e ac d3 41 4b 54 81 7f 55 48 19 ad 6b 31 91 fe 2a c9 10 39 c4 7e ff c5 72 3a 67 b0 c6 2d 82 06 87 4c 4d 29 85 fa 31 11 13 64 1a 9c 14 5c 81 22 8a 43 33 ce fa e8 9f 0a 0c 7e b6 0d 68 5a 5f bf e2 22 20 ae 12 d0 e9 97 3d e3 56 32 d0 8f fe 10 8c 61 9f 82 d0 97 0f 03 be bc ab b5 2a f8 67 10 e6 d6 a0 ed b8 b7 47 31 53 3e 27 9e a3 51 99 46 e4 7f 17 b6 91 4f ac 8c df 82 11 64 fc 13 26
                                                                                            Data Ascii: &?kJxu8kdz7S~Lt2DT4Zx,~<gq+J3$w1^)fRM&nAKTUHk1*9~r:g-LM)1d\"C3~hZ_" =V2a*gG1S>'QFOd&
                                                                                            2024-07-03 16:21:05 UTC16384INData Raw: 01 bc 4e 38 15 22 e7 3d 71 0b 51 6b b2 b0 44 76 c3 fa 01 f9 ab 21 e5 3a 49 2a 6e 40 75 95 a9 50 2d 0c 38 e8 99 a0 12 ed a0 2c 6c a6 f8 de 06 92 01 33 a4 50 6b ff 16 a4 63 06 da 14 07 4f 87 c4 07 c2 b7 54 55 c6 55 04 de d7 29 28 18 be 8b fc 02 ae 75 44 bf 95 4d 7c c3 02 f5 af eb 17 7e 2c c9 fe c9 7d 51 65 66 33 90 a2 e3 c7 da f5 fd 32 b6 96 04 6a b2 b4 d5 31 77 7b b5 b4 48 fb 78 88 eb 3b 5f 54 85 f2 10 be b2 ab 89 eb 45 5b bc c5 5d 3d c6 e0 fc 37 2f cc 4b 37 89 7e f0 ca 79 3c 5c ad 6c e6 0b d9 b9 d3 2a 00 68 c7 68 13 d4 a4 db 4e 4f d6 fb 74 7d 45 7f 9d a7 75 40 fd 9c 53 af f3 a9 04 60 02 05 04 8d ca fa 56 38 89 93 5d e2 0d 41 4c ff 09 3c f7 9d 3c fe a6 d9 8c 5e e5 ad 56 af 5c f8 a4 f5 0a 47 a4 73 5b 8f 85 b5 be e1 af 04 a7 36 f0 b6 eb a7 d0 ab d2 26 5b d7
                                                                                            Data Ascii: N8"=qQkDv!:I*n@uP-8,l3PkcOTUU)(uDM|~,}Qef32j1w{Hx;_TE[]=7/K7~y<\l*hhNOt}Eu@S`V8]AL<<^V\Gs[6&[
                                                                                            2024-07-03 16:21:05 UTC16384INData Raw: 0b 9d 83 90 fd 31 55 3b c5 01 78 c4 29 0c bd 69 00 f4 06 f7 97 03 72 2a 6b 56 d8 9d 11 1f 6a 8a 58 3e 5f 56 94 1c 3b c0 f3 79 82 3f b6 7f f1 22 ab 26 29 f9 0c 44 f1 d1 35 c0 6a 8c 9d e1 01 4b 57 72 7c a1 d2 d5 46 c9 53 f4 90 4b 63 b4 e1 45 89 dc ec 3f 2e ed d2 34 4b 23 16 89 32 0f b7 4d ea ab 42 82 41 66 8a b2 15 5c ed 75 66 08 75 f1 fe 26 e0 bb 71 57 d9 c4 24 99 5a 3f 7f 50 3e e4 45 d0 d3 48 bc 42 41 cf 82 41 52 93 78 6c 7c bd f6 8a 2a 6c 4e 96 9d 31 75 cb 1d b1 a1 20 58 6d 79 3b a9 de 60 c3 0b 12 94 91 ed 34 4d 43 47 cc ed 72 52 84 ac 10 0c 70 7a 55 fa ce 6b 8b 50 ec de 3b b7 16 c3 5b 90 e0 79 29 63 01 a5 93 1b df 51 8f 0e b0 67 d0 00 aa 36 22 9a a1 ff 2d 84 ca e8 66 f1 70 3a ba 74 63 77 1b b5 62 06 7b 6c a3 b5 1b b0 c0 61 2a 2c 45 3b 9f 9f 84 93 d2 3b
                                                                                            Data Ascii: 1U;x)ir*kVjX>_V;y?"&)D5jKWr|FSKcE?.4K#2MBAf\ufu&qW$Z?P>EHBAARxl|*lN1u Xmy;`4MCGrRpzUkP;[y)cQg6"-fp:tcwb{la*,E;;
                                                                                            2024-07-03 16:21:05 UTC16384INData Raw: c7 9f 57 0b e2 b7 d3 62 16 4d 8f 63 25 3b 8f 71 ed cc 41 36 5c c8 29 45 08 6d 1d 44 a5 38 6c 27 d4 91 cf 77 c3 52 95 b7 3c f0 b6 71 61 79 2c 18 08 a0 7d dd 30 14 79 54 c8 c9 c0 f9 39 02 a8 f0 86 ee 2f 25 e5 ac aa 10 1d 45 43 91 f6 19 0b 6a 17 b8 3b 92 d0 b2 12 95 02 e8 29 ec 96 a2 55 45 7d 15 b7 24 6d 28 fd 5f 88 55 a5 52 96 a1 88 97 62 26 9f 21 b8 03 af 94 a6 69 00 5c 24 bc 20 e5 4b f1 ca 67 ea 33 63 78 58 b1 ad 0e 7c 6e 77 c0 cd 5b eb ee de bb 00 13 46 15 4c 63 b1 74 a5 4b d4 2f b9 8a d6 c6 11 37 08 db 76 46 fe 6d 1f 08 f1 59 5a 01 11 55 59 76 e1 c4 5f 2a 1e 49 ac 27 7a f0 36 af 91 ae 9a ba 42 10 d1 5d 37 e6 92 dc da 37 5d f0 bd 8b c0 63 4e 0e 2c e5 42 13 ac 75 64 90 96 19 a1 17 c7 b0 77 b7 ca 22 8f 2d f1 63 18 c0 c3 f4 ea 11 29 04 56 ca 6a 17 4d 24 3c
                                                                                            Data Ascii: WbMc%;qA6\)EmD8l'wR<qay,}0yT9/%ECj;)UE}$m(_URb&!i\$ Kg3cxX|nw[FLctK/7vFmYZUYv_*I'z6B]77]cN,Budw"-c)VjM$<
                                                                                            2024-07-03 16:21:05 UTC16384INData Raw: 68 ff 23 00 a3 cc b4 45 8f 1d 80 06 51 96 46 9c fc 82 65 89 8a da b8 7f 6b f5 e4 04 83 ef cd d5 a4 69 cc a5 12 32 6b 03 79 de a5 03 84 16 d4 46 86 f4 1b c7 1b 6f 07 0b 13 2a e6 b8 10 a1 79 0f 16 97 09 58 9a 3c 41 13 71 32 0b c9 fe 3c 25 7b 29 53 9f 12 ed e3 eb 7e b8 ea 6c 0e 6e 7a f5 9c 38 ff 41 bf b1 82 8e 1c 09 b2 ae b8 76 7a 0f c2 ce 96 b4 23 75 20 49 62 a6 0e 94 40 3e da bb 85 54 34 6e 55 56 2d 34 a9 94 29 19 2a 2f ef d1 6a 87 1c e2 34 b4 b6 3d 5f 1b 0e 61 83 a1 1f 1d d0 a7 3d 20 cb cf 3c df ca 91 9b 72 b4 ac 12 a8 a4 f2 6b ca 35 55 4e f1 be ca 5a d1 28 01 47 d7 53 f4 3c 4c 9b c2 c9 0f 18 cd 12 c0 c8 1a fe f9 a3 ab b0 f0 3c 75 bb 25 16 b3 94 65 37 e0 40 30 6f 05 20 22 89 0e cc d4 a3 4d ad 21 cb ba 28 1f 48 1f 1b 6e f9 8c 62 ea b2 52 1c 6d 94 32 0d 74
                                                                                            Data Ascii: h#EQFeki2kyFo*yX<Aq2<%{)S~lnz8Avz#u Ib@>T4nUV-4)*/j4=_a= <rk5UNZ(GS<L<u%e7@0o "M!(HnbRm2t
                                                                                            2024-07-03 16:21:05 UTC16384INData Raw: a3 a5 60 39 fb 07 ce be 40 2a 46 b4 29 da cc 50 06 83 89 e4 ff 9a 5b ef 3f 40 54 6d de e6 db 50 9a d1 94 5b d2 6e 75 f4 7b 21 d5 e1 1d 63 ea 30 1b d9 35 2f a2 fe 9e c1 4d c1 b8 e5 61 2a d8 d5 a1 12 df eb b3 d3 b1 94 8a 51 f2 e5 0f fb d2 47 3e 03 b1 04 94 18 fc f8 78 af 71 f2 8c 94 38 13 9c 67 e9 12 c4 d9 6d a5 bb 7b 2f 49 6d a5 78 83 31 72 16 a6 04 c0 79 6c 47 2d 9c b4 bf 09 9b fe 23 58 40 69 de 1a 53 09 f0 36 66 4d c3 5d da 2c d7 00 84 88 58 65 9b e5 12 36 58 18 ac 1f 79 da 31 3e d4 2c 67 83 b9 e8 2a d1 b9 e4 6d 69 2c 4a ec 46 0f 8f 2c d1 38 0d f7 09 8d 31 ad 1d 35 00 9a a7 ff 26 79 af a4 ca c4 4f ba 47 66 58 d4 ba 5d 87 74 64 31 d4 41 c2 ac dd ec 39 21 aa 06 a3 19 92 8f 9f e9 14 15 26 21 01 88 6f c2 78 83 86 18 ea 44 44 41 69 f8 cd 33 14 9a cd fd 2c e9
                                                                                            Data Ascii: `9@*F)P[?@TmP[nu{!c05/Ma*QG>xq8gm{/Imx1rylG-#X@iS6fM],Xe6Xy1>,g*mi,JF,815&yOGfX]td1A9!&!oxDDAi3,
                                                                                            2024-07-03 16:21:05 UTC16384INData Raw: b8 2c ab d5 4b 73 99 55 bc ea 11 2f ff d3 d6 2c 24 73 c3 80 c1 c6 d2 6b 36 4b 26 7b 1b 48 c5 2e 4b 21 c0 eb 1d b9 58 0d fc 51 a8 1f 12 f4 3e 6d b8 7e 12 5b 48 c9 59 a5 5a 2f 90 31 bf db ff bb c5 fc 39 f1 16 e0 0d 0a e1 ad f9 35 19 da 50 d8 79 51 ab 18 be 9a 2e 61 a0 5d 8b ea 67 ad 97 2e 29 40 08 50 48 3e 78 ab 2e 33 a3 34 df 61 ed bf 0a 4c 9d 60 30 0a 1a 34 46 4c fe 47 c4 dc 25 af da af 36 81 a7 b4 6e 94 df 4a 49 15 0d 2f 58 06 a1 d8 a9 fc de 8d 46 a3 21 4d 3d 9e ed d9 7e 87 b3 4a 83 e7 35 ba 78 3a 63 2c 57 fb e6 b8 59 88 e8 85 92 90 7f 06 c2 e7 01 b5 ab 1a 37 b1 9c 87 bd 0f 2f b1 b4 3d 3b d5 5e 00 e4 bc 73 69 85 d8 92 ce 3c d4 2e b2 23 fc 38 2a 3e 72 df 5d dd 18 18 98 7a 9d a0 21 fe 7a 0b ef 04 7b 38 e5 e2 da 7b fb 6c 6c 3f 06 ea 13 cf a7 07 a7 e4 5e f0
                                                                                            Data Ascii: ,KsU/,$sk6K&{H.K!XQ>m~[HYZ/195PyQ.a]g.)@PH>x.34aL`04FLG%6nJI/XF!M=~J5x:c,WY7/=;^si<.#8*>r]z!z{8{ll?^


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            5192.168.2.44975535.157.63.2294437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:21:05 UTC362OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=8a73a0d7-bb19-4916-959c-ca27c4baf748&tr=43&tt=17200236642292064&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Cache-Control: no-cache
                                                                                            Pragma: no-cache
                                                                                            Content-Type: application/json
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:21:08 UTC237INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:21:08 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Content-Length: 1887
                                                                                            Connection: close
                                                                                            Cache-Control: no-cache
                                                                                            Access-Control-Allow-Origin: *
                                                                                            Access-Control-Allow-Methods: GET
                                                                                            2024-07-03 16:21:08 UTC1887INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 32 30 30 32 33 36 36 38 32 37 37 35 39 31 35 22 2c 22 72 22 3a 34 33 7d 2c 22 6d 22 3a 5b 7b 22 61 22 3a 22 32 22 2c 22 66 22 3a 30 2c 22 69 22 3a 22 65 39 37 66 35 34 66 32 2d 37 35 32 35 2d 34 63 36 66 2d 61 61 61 61 2d 62 32 65 34 37 65 31 66 30 32 62 39 22 2c 22 70 22 3a 7b 22 74 22 3a 22 31 37 32 30 30 32 33 36 36 38 32 37 37 35 39 31 35 22 2c 22 72 22 3a 34 33 7d 2c 22 6b 22 3a 22 73 75 62 2d 63 2d 61 30 32 63 65 63 61 38 2d 61 39 35 38 2d 31 31 65 35 2d 62 64 38 63 2d 30 36 31 39 66 38 39 34 35 61 34 66 22 2c 22 63 22 3a 22 37 64 37 63 61 35 31 37 2d 66 38 32 35 2d 34 33 37 32 2d 38 33 32 37 2d 63 32 33 32 66 36 31 38 38 30 63 34 22 2c 22 64 22 3a 7b 22 43 6f 6d 6d 61 6e 64 49 64 22 3a 22 65 38 34 61 36 33 63
                                                                                            Data Ascii: {"t":{"t":"17200236682775915","r":43},"m":[{"a":"2","f":0,"i":"e97f54f2-7525-4c6f-aaaa-b2e47e1f02b9","p":{"t":"17200236682775915","r":43},"k":"sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f","c":"7d7ca517-f825-4372-8327-c232f61880c4","d":{"CommandId":"e84a63c


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            6192.168.2.44975435.157.63.2294437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:21:05 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=22cf76d8-ac1d-4e8c-a645-ddf02c4a5363&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:21:05 UTC168INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:21:05 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Connection: close
                                                                                            Content-Length: 19
                                                                                            Cache-Control: no-cache
                                                                                            2024-07-03 16:21:05 UTC19INData Raw: 5b 31 37 32 30 30 32 33 36 36 35 38 31 32 37 39 35 33 5d
                                                                                            Data Ascii: [17200236658127953]


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            7192.168.2.44976335.157.63.2294437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:21:09 UTC362OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=357c8023-d06f-43c6-af75-ff9276fa6312&tr=43&tt=17200236682775915&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Cache-Control: no-cache
                                                                                            Pragma: no-cache
                                                                                            Content-Type: application/json
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:22:02 UTC237INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:22:02 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Content-Length: 1872
                                                                                            Connection: close
                                                                                            Cache-Control: no-cache
                                                                                            Access-Control-Allow-Origin: *
                                                                                            Access-Control-Allow-Methods: GET
                                                                                            2024-07-03 16:22:02 UTC1872INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 32 30 30 32 33 37 32 32 31 34 38 31 30 31 34 22 2c 22 72 22 3a 34 33 7d 2c 22 6d 22 3a 5b 7b 22 61 22 3a 22 32 22 2c 22 66 22 3a 30 2c 22 69 22 3a 22 65 39 37 66 35 34 66 32 2d 37 35 32 35 2d 34 63 36 66 2d 61 61 61 61 2d 62 32 65 34 37 65 31 66 30 32 62 39 22 2c 22 70 22 3a 7b 22 74 22 3a 22 31 37 32 30 30 32 33 37 32 32 31 34 38 31 30 31 34 22 2c 22 72 22 3a 34 33 7d 2c 22 6b 22 3a 22 73 75 62 2d 63 2d 61 30 32 63 65 63 61 38 2d 61 39 35 38 2d 31 31 65 35 2d 62 64 38 63 2d 30 36 31 39 66 38 39 34 35 61 34 66 22 2c 22 63 22 3a 22 37 64 37 63 61 35 31 37 2d 66 38 32 35 2d 34 33 37 32 2d 38 33 32 37 2d 63 32 33 32 66 36 31 38 38 30 63 34 22 2c 22 64 22 3a 7b 22 43 6f 6d 6d 61 6e 64 49 64 22 3a 22 36 34 65 33 30 63 64
                                                                                            Data Ascii: {"t":{"t":"17200237221481014","r":43},"m":[{"a":"2","f":0,"i":"e97f54f2-7525-4c6f-aaaa-b2e47e1f02b9","p":{"t":"17200237221481014","r":43},"k":"sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f","c":"7d7ca517-f825-4372-8327-c232f61880c4","d":{"CommandId":"64e30cd


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            8192.168.2.44976235.157.63.2294437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:21:09 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6108e17e-e70c-47ee-93a9-dff9a3c5dc87&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:21:09 UTC168INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:21:09 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Connection: close
                                                                                            Content-Length: 19
                                                                                            Cache-Control: no-cache
                                                                                            2024-07-03 16:21:09 UTC19INData Raw: 5b 31 37 32 30 30 32 33 36 36 39 34 31 39 36 36 37 36 5d
                                                                                            Data Ascii: [17200236694196676]


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            9192.168.2.44976735.157.63.2294437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:21:54 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=272b312b-8cbb-4ed4-bd82-1f2dd3cf8d11&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:21:54 UTC168INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:21:54 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Connection: close
                                                                                            Content-Length: 19
                                                                                            Cache-Control: no-cache
                                                                                            2024-07-03 16:21:54 UTC19INData Raw: 5b 31 37 32 30 30 32 33 37 31 34 33 38 34 39 33 35 36 5d
                                                                                            Data Ascii: [17200237143849356]


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            10192.168.2.44976835.157.63.2294437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:21:55 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=02fdafa7-0cbf-4d21-9e7c-2644b1b8a69d&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Cache-Control: no-cache
                                                                                            Pragma: no-cache
                                                                                            Content-Type: application/json
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:21:55 UTC305INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:21:55 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Content-Length: 55
                                                                                            Connection: close
                                                                                            Access-Control-Allow-Origin: *
                                                                                            Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                            Age: 0
                                                                                            Server: Pubnub Presence
                                                                                            Cache-Control: no-cache
                                                                                            Accept-Ranges: bytes
                                                                                            2024-07-03 16:21:55 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                            Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            11192.168.2.44977335.157.63.2294437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:22:03 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=01817154-5258-48a3-85c0-e83f589a219b&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:22:03 UTC168INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:22:03 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Connection: close
                                                                                            Content-Length: 19
                                                                                            Cache-Control: no-cache
                                                                                            2024-07-03 16:22:03 UTC19INData Raw: 5b 31 37 32 30 30 32 33 37 32 33 34 31 36 39 34 32 30 5d
                                                                                            Data Ascii: [17200237234169420]


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            12192.168.2.44977435.157.63.2294437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:22:03 UTC362OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=644afada-5df7-4de5-b444-b1d3402ba380&tr=43&tt=17200237221481014&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Cache-Control: no-cache
                                                                                            Pragma: no-cache
                                                                                            Content-Type: application/json
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:22:08 UTC237INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:22:08 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Content-Length: 1862
                                                                                            Connection: close
                                                                                            Cache-Control: no-cache
                                                                                            Access-Control-Allow-Origin: *
                                                                                            Access-Control-Allow-Methods: GET
                                                                                            2024-07-03 16:22:08 UTC1862INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 32 30 30 32 33 37 32 38 37 37 36 34 38 39 36 22 2c 22 72 22 3a 34 33 7d 2c 22 6d 22 3a 5b 7b 22 61 22 3a 22 32 22 2c 22 66 22 3a 30 2c 22 69 22 3a 22 61 38 66 33 66 37 32 66 2d 31 38 61 30 2d 34 30 39 31 2d 38 65 39 37 2d 66 37 37 64 37 35 65 63 65 39 34 38 22 2c 22 70 22 3a 7b 22 74 22 3a 22 31 37 32 30 30 32 33 37 32 38 37 37 36 34 38 39 36 22 2c 22 72 22 3a 34 31 7d 2c 22 6b 22 3a 22 73 75 62 2d 63 2d 61 30 32 63 65 63 61 38 2d 61 39 35 38 2d 31 31 65 35 2d 62 64 38 63 2d 30 36 31 39 66 38 39 34 35 61 34 66 22 2c 22 63 22 3a 22 37 64 37 63 61 35 31 37 2d 66 38 32 35 2d 34 33 37 32 2d 38 33 32 37 2d 63 32 33 32 66 36 31 38 38 30 63 34 22 2c 22 64 22 3a 7b 22 43 6f 6d 6d 61 6e 64 49 64 22 3a 22 30 61 31 34 33 61 32
                                                                                            Data Ascii: {"t":{"t":"17200237287764896","r":43},"m":[{"a":"2","f":0,"i":"a8f3f72f-18a0-4091-8e97-f77d75ece948","p":{"t":"17200237287764896","r":41},"k":"sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f","c":"7d7ca517-f825-4372-8327-c232f61880c4","d":{"CommandId":"0a143a2


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            13192.168.2.44977835.157.63.2294437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:22:10 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6e72782c-04f9-4b3f-b04c-e2bcfd8dec88&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:22:10 UTC168INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:22:10 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Connection: close
                                                                                            Content-Length: 19
                                                                                            Cache-Control: no-cache
                                                                                            2024-07-03 16:22:10 UTC19INData Raw: 5b 31 37 32 30 30 32 33 37 33 30 34 37 39 33 37 30 30 5d
                                                                                            Data Ascii: [17200237304793700]


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            14192.168.2.44978135.157.63.2294437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:22:11 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=40aa23c2-5df2-4df3-a659-4fa85cdec74a&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Cache-Control: no-cache
                                                                                            Pragma: no-cache
                                                                                            Content-Type: application/json
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:22:11 UTC305INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:22:11 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Content-Length: 74
                                                                                            Connection: close
                                                                                            Access-Control-Allow-Origin: *
                                                                                            Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                            Age: 0
                                                                                            Server: Pubnub Presence
                                                                                            Cache-Control: no-cache
                                                                                            Accept-Ranges: bytes
                                                                                            2024-07-03 16:22:11 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                            Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            15192.168.2.44978335.157.63.2294437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:22:11 UTC340OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=8c864d9a-ab98-41ba-aa3b-cc8bfbb46040&tt=0&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Cache-Control: no-cache
                                                                                            Pragma: no-cache
                                                                                            Content-Type: application/json
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:22:11 UTC235INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:22:11 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Content-Length: 45
                                                                                            Connection: close
                                                                                            Cache-Control: no-cache
                                                                                            Access-Control-Allow-Origin: *
                                                                                            Access-Control-Allow-Methods: GET
                                                                                            2024-07-03 16:22:11 UTC45INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 32 30 30 32 33 37 32 38 37 37 36 34 38 39 36 22 2c 22 72 22 3a 34 33 7d 2c 22 6d 22 3a 5b 5d 7d
                                                                                            Data Ascii: {"t":{"t":"17200237287764896","r":43},"m":[]}


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            16192.168.2.44978535.157.63.2294437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:22:12 UTC362OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=fc3fa390-dd57-497e-a9ea-94acf3fd13aa&tr=43&tt=17200237287764896&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Cache-Control: no-cache
                                                                                            Pragma: no-cache
                                                                                            Content-Type: application/json
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:22:22 UTC235INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:22:22 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Content-Length: 45
                                                                                            Connection: close
                                                                                            Cache-Control: no-cache
                                                                                            Access-Control-Allow-Origin: *
                                                                                            Access-Control-Allow-Methods: GET
                                                                                            2024-07-03 16:22:22 UTC45INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 32 30 30 32 33 37 32 38 37 37 36 34 38 39 36 22 2c 22 72 22 3a 34 33 7d 2c 22 6d 22 3a 5b 5d 7d
                                                                                            Data Ascii: {"t":{"t":"17200237287764896","r":43},"m":[]}


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            17192.168.2.44978435.157.63.2294437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:22:12 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=28c02dc8-fc10-46f4-9892-4dca60ee91e7&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:22:13 UTC168INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:22:12 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Connection: close
                                                                                            Content-Length: 19
                                                                                            Cache-Control: no-cache
                                                                                            2024-07-03 16:22:13 UTC19INData Raw: 5b 31 37 32 30 30 32 33 37 33 32 39 33 34 39 38 39 32 5d
                                                                                            Data Ascii: [17200237329349892]


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            18192.168.2.44978935.157.63.2274437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:22:23 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=31d30483-1276-494b-8626-3e162b57285f&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:22:23 UTC168INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:22:23 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Connection: close
                                                                                            Content-Length: 19
                                                                                            Cache-Control: no-cache
                                                                                            2024-07-03 16:22:23 UTC19INData Raw: 5b 31 37 32 30 30 32 33 37 34 33 34 35 35 32 31 32 32 5d
                                                                                            Data Ascii: [17200237434552122]


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            19192.168.2.44979235.157.63.2274437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:22:23 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=dbb4b35f-5f78-4ab4-bdd1-d6b922caff40&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Cache-Control: no-cache
                                                                                            Pragma: no-cache
                                                                                            Content-Type: application/json
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:22:24 UTC305INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:22:24 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Content-Length: 55
                                                                                            Connection: close
                                                                                            Access-Control-Allow-Origin: *
                                                                                            Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                            Age: 0
                                                                                            Server: Pubnub Presence
                                                                                            Cache-Control: no-cache
                                                                                            Accept-Ranges: bytes
                                                                                            2024-07-03 16:22:24 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                            Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            20192.168.2.44979435.157.63.2274437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:22:24 UTC340OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=23953f87-3c94-4d9a-b977-4822589fc3f4&tt=0&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Cache-Control: no-cache
                                                                                            Pragma: no-cache
                                                                                            Content-Type: application/json
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:22:24 UTC235INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:22:24 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Content-Length: 45
                                                                                            Connection: close
                                                                                            Cache-Control: no-cache
                                                                                            Access-Control-Allow-Origin: *
                                                                                            Access-Control-Allow-Methods: GET
                                                                                            2024-07-03 16:22:24 UTC45INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 32 30 30 32 33 37 34 34 31 31 39 31 33 36 30 22 2c 22 72 22 3a 34 31 7d 2c 22 6d 22 3a 5b 5d 7d
                                                                                            Data Ascii: {"t":{"t":"17200237441191360","r":41},"m":[]}


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            21192.168.2.44979735.157.63.2274437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:22:25 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9d6606e1-8f57-49c5-9ab0-2ca887e76ed8&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Cache-Control: no-cache
                                                                                            Pragma: no-cache
                                                                                            Content-Type: application/json
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:22:25 UTC305INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:22:25 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Content-Length: 74
                                                                                            Connection: close
                                                                                            Access-Control-Allow-Origin: *
                                                                                            Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                            Age: 0
                                                                                            Server: Pubnub Presence
                                                                                            Cache-Control: no-cache
                                                                                            Accept-Ranges: bytes
                                                                                            2024-07-03 16:22:25 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                            Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            22192.168.2.44979835.157.63.2274437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:22:26 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e3c1bb87-134a-4b79-9350-4fcf40025dd1&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:22:26 UTC168INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:22:26 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Connection: close
                                                                                            Content-Length: 19
                                                                                            Cache-Control: no-cache
                                                                                            2024-07-03 16:22:26 UTC19INData Raw: 5b 31 37 32 30 30 32 33 37 34 36 32 32 31 38 32 36 33 5d
                                                                                            Data Ascii: [17200237462218263]


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            23192.168.2.44979935.157.63.2274437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:22:26 UTC362OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=5284cc2c-6255-40ac-a5e3-fbd09bfcbf48&tr=41&tt=17200237441191360&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Cache-Control: no-cache
                                                                                            Pragma: no-cache
                                                                                            Content-Type: application/json
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:22:26 UTC237INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:22:26 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Content-Length: 3670
                                                                                            Connection: close
                                                                                            Cache-Control: no-cache
                                                                                            Access-Control-Allow-Origin: *
                                                                                            Access-Control-Allow-Methods: GET
                                                                                            2024-07-03 16:22:26 UTC3670INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 32 30 30 32 33 37 34 36 33 38 38 32 38 37 30 22 2c 22 72 22 3a 34 31 7d 2c 22 6d 22 3a 5b 7b 22 61 22 3a 22 32 22 2c 22 66 22 3a 30 2c 22 69 22 3a 22 62 64 66 34 61 66 34 34 2d 33 30 61 33 2d 34 66 64 64 2d 61 61 39 62 2d 66 64 38 31 39 64 39 34 38 35 66 30 22 2c 22 70 22 3a 7b 22 74 22 3a 22 31 37 32 30 30 32 33 37 34 35 36 36 39 32 39 35 36 22 2c 22 72 22 3a 34 33 7d 2c 22 6b 22 3a 22 73 75 62 2d 63 2d 61 30 32 63 65 63 61 38 2d 61 39 35 38 2d 31 31 65 35 2d 62 64 38 63 2d 30 36 31 39 66 38 39 34 35 61 34 66 22 2c 22 63 22 3a 22 37 64 37 63 61 35 31 37 2d 66 38 32 35 2d 34 33 37 32 2d 38 33 32 37 2d 63 32 33 32 66 36 31 38 38 30 63 34 22 2c 22 64 22 3a 7b 22 43 6f 6d 6d 61 6e 64 49 64 22 3a 22 31 36 66 33 38 33 62
                                                                                            Data Ascii: {"t":{"t":"17200237463882870","r":41},"m":[{"a":"2","f":0,"i":"bdf4af44-30a3-4fdd-aa9b-fd819d9485f0","p":{"t":"17200237456692956","r":43},"k":"sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f","c":"7d7ca517-f825-4372-8327-c232f61880c4","d":{"CommandId":"16f383b


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            24192.168.2.44980435.157.63.2274437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:22:27 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=c089a5f6-aacc-464d-ba59-69fd86253ba9&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Cache-Control: no-cache
                                                                                            Pragma: no-cache
                                                                                            Content-Type: application/json
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:22:27 UTC305INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:22:27 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Content-Length: 74
                                                                                            Connection: close
                                                                                            Access-Control-Allow-Origin: *
                                                                                            Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                            Age: 2
                                                                                            Server: Pubnub Presence
                                                                                            Cache-Control: no-cache
                                                                                            Accept-Ranges: bytes
                                                                                            2024-07-03 16:22:27 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                            Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            25192.168.2.44980535.157.63.2274437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:22:27 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=be598775-daec-44be-852d-698fb405c4ff&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:22:27 UTC168INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:22:27 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Connection: close
                                                                                            Content-Length: 19
                                                                                            Cache-Control: no-cache
                                                                                            2024-07-03 16:22:27 UTC19INData Raw: 5b 31 37 32 30 30 32 33 37 34 37 38 37 38 35 30 39 30 5d
                                                                                            Data Ascii: [17200237478785090]


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            26192.168.2.44981035.157.63.2274437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:22:29 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e6094e12-9fa8-4d26-aa06-4e8fb7a4009c&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:22:29 UTC168INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:22:29 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Connection: close
                                                                                            Content-Length: 19
                                                                                            Cache-Control: no-cache
                                                                                            2024-07-03 16:22:29 UTC19INData Raw: 5b 31 37 32 30 30 32 33 37 34 39 33 31 30 36 33 33 31 5d
                                                                                            Data Ascii: [17200237493106331]


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            27192.168.2.44981335.157.63.2274437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:22:29 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=3da9111c-aaa7-4e08-ba06-01a1cd672c2b&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Cache-Control: no-cache
                                                                                            Pragma: no-cache
                                                                                            Content-Type: application/json
                                                                                            Host: ps.pndsn.com


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            28192.168.2.44982035.157.63.2274437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:22:31 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ad2ddba0-edbb-429e-9340-5807bd34a581&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:22:31 UTC168INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:22:31 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Connection: close
                                                                                            Content-Length: 19
                                                                                            Cache-Control: no-cache
                                                                                            2024-07-03 16:22:31 UTC19INData Raw: 5b 31 37 32 30 30 32 33 37 35 31 31 35 30 33 31 38 37 5d
                                                                                            Data Ascii: [17200237511503187]


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            29192.168.2.44982335.157.63.2274437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:22:31 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=1408e3ed-857e-4623-a748-09006bf71303&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Cache-Control: no-cache
                                                                                            Pragma: no-cache
                                                                                            Content-Type: application/json
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:22:31 UTC305INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:22:31 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Content-Length: 55
                                                                                            Connection: close
                                                                                            Access-Control-Allow-Origin: *
                                                                                            Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                            Age: 1
                                                                                            Server: Pubnub Presence
                                                                                            Cache-Control: no-cache
                                                                                            Accept-Ranges: bytes
                                                                                            2024-07-03 16:22:31 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                            Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            30192.168.2.44982635.157.63.2274437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:22:32 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8ca60d9f-75c2-4d80-a8a7-b05f671b9e42&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:22:32 UTC168INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:22:32 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Connection: close
                                                                                            Content-Length: 19
                                                                                            Cache-Control: no-cache
                                                                                            2024-07-03 16:22:32 UTC19INData Raw: 5b 31 37 32 30 30 32 33 37 35 32 33 35 32 35 37 33 34 5d
                                                                                            Data Ascii: [17200237523525734]


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            31192.168.2.44982735.157.63.2274437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:22:32 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=04b28964-6ef0-4a42-97e9-de0d1f8969f6&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Cache-Control: no-cache
                                                                                            Pragma: no-cache
                                                                                            Content-Type: application/json
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:22:32 UTC305INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:22:32 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Content-Length: 74
                                                                                            Connection: close
                                                                                            Access-Control-Allow-Origin: *
                                                                                            Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                            Age: 0
                                                                                            Server: Pubnub Presence
                                                                                            Cache-Control: no-cache
                                                                                            Accept-Ranges: bytes
                                                                                            2024-07-03 16:22:32 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                            Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            32192.168.2.44983235.157.63.2274437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:22:33 UTC340OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/7d7ca517-f825-4372-8327-c232f61880c4/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=59ddd6fa-ec59-4c28-92e6-b21af451dd77&tt=0&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Cache-Control: no-cache
                                                                                            Pragma: no-cache
                                                                                            Content-Type: application/json
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:22:33 UTC235INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:22:33 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Content-Length: 45
                                                                                            Connection: close
                                                                                            Cache-Control: no-cache
                                                                                            Access-Control-Allow-Origin: *
                                                                                            Access-Control-Allow-Methods: GET
                                                                                            2024-07-03 16:22:33 UTC45INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 32 30 30 32 33 37 35 32 38 32 33 35 39 38 30 22 2c 22 72 22 3a 34 31 7d 2c 22 6d 22 3a 5b 5d 7d
                                                                                            Data Ascii: {"t":{"t":"17200237528235980","r":41},"m":[]}


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            33192.168.2.44983735.157.63.2274437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:22:34 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=24efe0cb-37e4-4030-8040-96cc03619cbf&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:22:34 UTC168INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:22:34 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Connection: close
                                                                                            Content-Length: 19
                                                                                            Cache-Control: no-cache
                                                                                            2024-07-03 16:22:34 UTC19INData Raw: 5b 31 37 32 30 30 32 33 37 35 34 35 35 32 31 36 34 34 5d
                                                                                            Data Ascii: [17200237545521644]


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            34192.168.2.44984235.157.63.2274437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:22:35 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=712442ef-230d-4277-b641-1839d4d8d808&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Cache-Control: no-cache
                                                                                            Pragma: no-cache
                                                                                            Content-Type: application/json
                                                                                            Host: ps.pndsn.com


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            35192.168.2.44984935.157.63.2274437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:22:36 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9adb2664-b18c-43f3-856f-5709e73f6369&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Cache-Control: no-cache
                                                                                            Pragma: no-cache
                                                                                            Content-Type: application/json
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:22:36 UTC306INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:22:36 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Content-Length: 55
                                                                                            Connection: close
                                                                                            Access-Control-Allow-Origin: *
                                                                                            Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                            Age: 12
                                                                                            Server: Pubnub Presence
                                                                                            Cache-Control: no-cache
                                                                                            Accept-Ranges: bytes
                                                                                            2024-07-03 16:22:36 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                            Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            36192.168.2.44984835.157.63.2274437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:22:36 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=f70c64fb-bd8c-4b68-8d78-3a86a80f0fd6&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:22:36 UTC168INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:22:36 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Connection: close
                                                                                            Content-Length: 19
                                                                                            Cache-Control: no-cache
                                                                                            2024-07-03 16:22:36 UTC19INData Raw: 5b 31 37 32 30 30 32 33 37 35 36 35 39 33 39 36 38 37 5d
                                                                                            Data Ascii: [17200237565939687]


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            37192.168.2.44985335.157.63.2274437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:22:37 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=139b731a-b591-4698-bfee-48cc028559cd&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Cache-Control: no-cache
                                                                                            Pragma: no-cache
                                                                                            Content-Type: application/json
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:22:37 UTC305INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:22:37 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Content-Length: 74
                                                                                            Connection: close
                                                                                            Access-Control-Allow-Origin: *
                                                                                            Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                            Age: 0
                                                                                            Server: Pubnub Presence
                                                                                            Cache-Control: no-cache
                                                                                            Accept-Ranges: bytes
                                                                                            2024-07-03 16:22:37 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                            Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            38192.168.2.44985735.157.63.2274437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:22:38 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=800f1992-a163-4e95-be3a-8d7dd58c0f05&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Cache-Control: no-cache
                                                                                            Pragma: no-cache
                                                                                            Content-Type: application/json
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:22:38 UTC306INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:22:38 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Content-Length: 55
                                                                                            Connection: close
                                                                                            Access-Control-Allow-Origin: *
                                                                                            Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                            Age: 14
                                                                                            Server: Pubnub Presence
                                                                                            Cache-Control: no-cache
                                                                                            Accept-Ranges: bytes
                                                                                            2024-07-03 16:22:38 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                            Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            39192.168.2.44986335.157.63.2274437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:22:38 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=01dd44b0-5151-4864-a34b-b47d9fe01029&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:22:39 UTC168INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:22:38 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Connection: close
                                                                                            Content-Length: 19
                                                                                            Cache-Control: no-cache
                                                                                            2024-07-03 16:22:39 UTC19INData Raw: 5b 31 37 32 30 30 32 33 37 35 38 39 32 38 39 35 30 33 5d
                                                                                            Data Ascii: [17200237589289503]


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            40192.168.2.44986935.157.63.2274437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:22:39 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=eacad4ff-a252-4743-af8e-8338583503dc&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Cache-Control: no-cache
                                                                                            Pragma: no-cache
                                                                                            Content-Type: application/json
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:22:40 UTC305INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:22:40 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Content-Length: 74
                                                                                            Connection: close
                                                                                            Access-Control-Allow-Origin: *
                                                                                            Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                            Age: 2
                                                                                            Server: Pubnub Presence
                                                                                            Cache-Control: no-cache
                                                                                            Accept-Ranges: bytes
                                                                                            2024-07-03 16:22:40 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                            Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            41192.168.2.44987135.157.63.2274437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:22:40 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=49462288-5478-4372-9693-b47681abf7af&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:22:40 UTC168INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:22:40 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Connection: close
                                                                                            Content-Length: 19
                                                                                            Cache-Control: no-cache
                                                                                            2024-07-03 16:22:40 UTC19INData Raw: 5b 31 37 32 30 30 32 33 37 36 30 35 34 31 32 31 35 32 5d
                                                                                            Data Ascii: [17200237605412152]


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            42192.168.2.44988535.157.63.2274437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:22:42 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d8ba7937-4d26-44cf-99ef-80b433702404&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Cache-Control: no-cache
                                                                                            Pragma: no-cache
                                                                                            Content-Type: application/json
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:22:42 UTC306INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:22:42 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Content-Length: 55
                                                                                            Connection: close
                                                                                            Access-Control-Allow-Origin: *
                                                                                            Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                            Age: 12
                                                                                            Server: Pubnub Presence
                                                                                            Cache-Control: no-cache
                                                                                            Accept-Ranges: bytes
                                                                                            2024-07-03 16:22:42 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                            Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            43192.168.2.44988435.157.63.2274437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:22:42 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e8b5af52-42a9-47e1-bdc7-0d69fb53c145&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:22:42 UTC168INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:22:42 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Connection: close
                                                                                            Content-Length: 19
                                                                                            Cache-Control: no-cache
                                                                                            2024-07-03 16:22:42 UTC19INData Raw: 5b 31 37 32 30 30 32 33 37 36 32 32 35 32 35 38 31 35 5d
                                                                                            Data Ascii: [17200237622525815]


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            44192.168.2.44989235.157.63.2274437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:22:44 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8a35289a-c57c-4499-bfaf-3530f6d376e0&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:22:44 UTC168INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:22:44 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Connection: close
                                                                                            Content-Length: 19
                                                                                            Cache-Control: no-cache
                                                                                            2024-07-03 16:22:44 UTC19INData Raw: 5b 31 37 32 30 30 32 33 37 36 34 31 32 37 36 33 36 36 5d
                                                                                            Data Ascii: [17200237641276366]


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            45192.168.2.44989335.157.63.2274437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:22:44 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=c2080080-bc76-4491-ab59-0a0eabfe07a8&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Cache-Control: no-cache
                                                                                            Pragma: no-cache
                                                                                            Content-Type: application/json
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:22:44 UTC305INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:22:44 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Content-Length: 55
                                                                                            Connection: close
                                                                                            Access-Control-Allow-Origin: *
                                                                                            Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                            Age: 0
                                                                                            Server: Pubnub Presence
                                                                                            Cache-Control: no-cache
                                                                                            Accept-Ranges: bytes
                                                                                            2024-07-03 16:22:44 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                            Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            46192.168.2.44990235.157.63.2274437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:22:45 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0f6a6f9e-92dd-416b-bb7d-5bf345e8ea10&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:22:45 UTC168INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:22:45 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Connection: close
                                                                                            Content-Length: 19
                                                                                            Cache-Control: no-cache
                                                                                            2024-07-03 16:22:45 UTC19INData Raw: 5b 31 37 32 30 30 32 33 37 36 35 38 36 33 32 30 34 39 5d
                                                                                            Data Ascii: [17200237658632049]


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            47192.168.2.44990335.157.63.2274437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:22:45 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=b4930227-1a65-4e53-bbd5-48fb14f079bb&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Cache-Control: no-cache
                                                                                            Pragma: no-cache
                                                                                            Content-Type: application/json
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:22:45 UTC306INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:22:45 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Content-Length: 55
                                                                                            Connection: close
                                                                                            Access-Control-Allow-Origin: *
                                                                                            Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                            Age: 21
                                                                                            Server: Pubnub Presence
                                                                                            Cache-Control: no-cache
                                                                                            Accept-Ranges: bytes
                                                                                            2024-07-03 16:22:45 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                            Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            48192.168.2.44991635.157.63.2274437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:22:48 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=580032ce-f9f4-4e21-acd4-6e1ccc580200&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:22:48 UTC168INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:22:48 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Connection: close
                                                                                            Content-Length: 19
                                                                                            Cache-Control: no-cache
                                                                                            2024-07-03 16:22:48 UTC19INData Raw: 5b 31 37 32 30 30 32 33 37 36 38 33 34 39 39 39 33 35 5d
                                                                                            Data Ascii: [17200237683499935]


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            49192.168.2.44991535.157.63.2274437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:22:48 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d20451e7-16e9-46dc-ae34-697bd2a310ef&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Cache-Control: no-cache
                                                                                            Pragma: no-cache
                                                                                            Content-Type: application/json
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:22:48 UTC305INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:22:48 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Content-Length: 74
                                                                                            Connection: close
                                                                                            Access-Control-Allow-Origin: *
                                                                                            Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                            Age: 0
                                                                                            Server: Pubnub Presence
                                                                                            Cache-Control: no-cache
                                                                                            Accept-Ranges: bytes
                                                                                            2024-07-03 16:22:48 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                            Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            50192.168.2.44992235.157.63.2274437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:22:50 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=7232c231-fbd8-40c5-9fd4-a6b3ac2c95bc&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Cache-Control: no-cache
                                                                                            Pragma: no-cache
                                                                                            Content-Type: application/json
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:22:50 UTC305INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:22:50 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Content-Length: 74
                                                                                            Connection: close
                                                                                            Access-Control-Allow-Origin: *
                                                                                            Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                            Age: 0
                                                                                            Server: Pubnub Presence
                                                                                            Cache-Control: no-cache
                                                                                            Accept-Ranges: bytes
                                                                                            2024-07-03 16:22:50 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                            Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            51192.168.2.44992435.157.63.2274437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:22:50 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6d71671f-ff3a-4b21-bbc6-dec364cbbb66&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:22:50 UTC168INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:22:50 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Connection: close
                                                                                            Content-Length: 19
                                                                                            Cache-Control: no-cache
                                                                                            2024-07-03 16:22:50 UTC19INData Raw: 5b 31 37 32 30 30 32 33 37 37 30 37 39 39 36 30 31 37 5d
                                                                                            Data Ascii: [17200237707996017]


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            52192.168.2.44993135.157.63.2274437728C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:22:54 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ccd8b767-ce84-425a-a6fc-e1d295ece179&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:22:54 UTC168INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:22:54 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Connection: close
                                                                                            Content-Length: 19
                                                                                            Cache-Control: no-cache
                                                                                            2024-07-03 16:22:54 UTC19INData Raw: 5b 31 37 32 30 30 32 33 37 37 34 35 32 38 31 30 32 31 5d
                                                                                            Data Ascii: [17200237745281021]


                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                            53192.168.2.44993235.157.63.227443
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-07-03 16:22:55 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/7d7ca517-f825-4372-8327-c232f61880c4/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=12b69830-20e9-4eb2-bbe8-e1a13e0b11f8&uuid=7d7ca517-f825-4372-8327-c232f61880c4 HTTP/1.1
                                                                                            Cache-Control: no-cache
                                                                                            Pragma: no-cache
                                                                                            Content-Type: application/json
                                                                                            Host: ps.pndsn.com
                                                                                            2024-07-03 16:22:55 UTC305INHTTP/1.1 200 OK
                                                                                            Date: Wed, 03 Jul 2024 16:22:55 GMT
                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                            Content-Length: 55
                                                                                            Connection: close
                                                                                            Access-Control-Allow-Origin: *
                                                                                            Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                            Age: 0
                                                                                            Server: Pubnub Presence
                                                                                            Cache-Control: no-cache
                                                                                            Accept-Ranges: bytes
                                                                                            2024-07-03 16:22:55 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                            Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                            Statistics

                                                                                            CPU Usage

                                                                                            Click to jump to process

                                                                                            Memory Usage

                                                                                            Click to jump to process

                                                                                            High Level Behavior Distribution

                                                                                            Click to dive into process behavior distribution

                                                                                            Behavior

                                                                                            Click to jump to process

                                                                                            System Behavior

                                                                                            General

                                                                                            Target ID:0
                                                                                            Start time:12:20:44
                                                                                            Start date:03/07/2024
                                                                                            Path:C:\Windows\System32\msiexec.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\2cFFfHDG7D.msi"
                                                                                            Imagebase:0x7ff718990000
                                                                                            File size:69'632 bytes
                                                                                            MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:1
                                                                                            Start time:12:20:44
                                                                                            Start date:03/07/2024
                                                                                            Path:C:\Windows\System32\msiexec.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                            Imagebase:0x7ff718990000
                                                                                            File size:69'632 bytes
                                                                                            MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:false

                                                                                            General

                                                                                            Target ID:2
                                                                                            Start time:12:20:45
                                                                                            Start date:03/07/2024
                                                                                            Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 0F692C21F340271B8770E1FC6E93F18E
                                                                                            Imagebase:0xcb0000
                                                                                            File size:59'904 bytes
                                                                                            MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:3
                                                                                            Start time:12:20:45
                                                                                            Start date:03/07/2024
                                                                                            Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:rundll32.exe "C:\Windows\Installer\MSIF644.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5699250 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                                                                                            Imagebase:0x200000
                                                                                            File size:61'440 bytes
                                                                                            MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000003.00000003.1693003449.0000000004194000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:4
                                                                                            Start time:12:20:45
                                                                                            Start date:03/07/2024
                                                                                            Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:rundll32.exe "C:\Windows\Installer\MSIF924.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5699937 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
                                                                                            Imagebase:0x200000
                                                                                            File size:61'440 bytes
                                                                                            MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000004.00000002.1748246531.0000000004C64000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000004.00000002.1748246531.0000000004BC1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000004.00000003.1707175435.0000000004929000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:5
                                                                                            Start time:12:20:50
                                                                                            Start date:03/07/2024
                                                                                            Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:rundll32.exe "C:\Windows\Installer\MSID78.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5705093 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
                                                                                            Imagebase:0x200000
                                                                                            File size:61'440 bytes
                                                                                            MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000005.00000003.1750571216.00000000043FB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:6
                                                                                            Start time:12:20:51
                                                                                            Start date:03/07/2024
                                                                                            Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 185C737B37B128F567DAE967E866CAE9 E Global\MSI0000
                                                                                            Imagebase:0xcb0000
                                                                                            File size:59'904 bytes
                                                                                            MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:7
                                                                                            Start time:12:20:51
                                                                                            Start date:03/07/2024
                                                                                            Path:C:\Windows\SysWOW64\net.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"NET" STOP AteraAgent
                                                                                            Imagebase:0x710000
                                                                                            File size:47'104 bytes
                                                                                            MD5 hash:31890A7DE89936F922D44D677F681A7F
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:8
                                                                                            Start time:12:20:51
                                                                                            Start date:03/07/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x80000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:9
                                                                                            Start time:12:20:51
                                                                                            Start date:03/07/2024
                                                                                            Path:C:\Windows\SysWOW64\net1.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:C:\Windows\system32\net1 STOP AteraAgent
                                                                                            Imagebase:0xfc0000
                                                                                            File size:139'776 bytes
                                                                                            MD5 hash:2EFE6ED4C294AB8A39EB59C80813FEC1
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:10
                                                                                            Start time:12:20:51
                                                                                            Start date:03/07/2024
                                                                                            Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"TaskKill.exe" /f /im AteraAgent.exe
                                                                                            Imagebase:0xc30000
                                                                                            File size:74'240 bytes
                                                                                            MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:moderate
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:11
                                                                                            Start time:12:20:51
                                                                                            Start date:03/07/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff7699e0000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:12
                                                                                            Start time:12:20:53
                                                                                            Start date:03/07/2024
                                                                                            Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="omar.zetawi@polaris-tek.com" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000HarDhIAJ" /AgentId="7d7ca517-f825-4372-8327-c232f61880c4"
                                                                                            Imagebase:0x1e1b60c0000
                                                                                            File size:145'968 bytes
                                                                                            MD5 hash:477293F80461713D51A98A24023D45E8
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1816073152.00007FFD9B4A4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1811465867.000001E1B6311000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000000.1773587469.000001E1B60C2000.00000002.00000001.01000000.0000000F.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1814707609.000001E1D0810000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1812098404.000001E1B7F42000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1811401559.000001E1B62D0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1812098404.000001E1B7F8C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1812869872.000001E1D0540000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1811465867.000001E1B630E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1812098404.000001E1B7E9C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1813166524.000001E1D05BE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1812098404.000001E1B7ECA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1811261269.000001E1B6260000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1812098404.000001E1B7EC4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1811465867.000001E1B6359000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1812098404.000001E1B7EC2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1811465867.000001E1B635F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1811401559.000001E1B62D6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1812098404.000001E1B7ED9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1812098404.000001E1B7E99000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1811465867.000001E1B62EE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1812098404.000001E1B7E11000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, Author: Joe Security
                                                                                            Antivirus matches:
                                                                                            • Detection: 18%, ReversingLabs
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:13
                                                                                            Start time:12:20:56
                                                                                            Start date:03/07/2024
                                                                                            Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                                                                                            Imagebase:0x217faae0000
                                                                                            File size:145'968 bytes
                                                                                            MD5 hash:477293F80461713D51A98A24023D45E8
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2966329034.00000217FC074000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2946215609.0000007EE0BD5000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2950826484.0000021780692000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2950826484.0000021780422000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2950826484.00000217806B0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2950826484.000002178013E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2950826484.00000217809A0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2966329034.00000217FC08B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2950826484.000002178094C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2966329034.00000217FC0D5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2950826484.00000217801FD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2961429977.00000217FAB90000.00000004.00000020.00040000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2950826484.0000021780914000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2961466558.00000217FABA0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2950826484.00000217808E4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2950826484.0000021780305000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2950826484.0000021780232000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2950826484.0000021780001000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2961466558.00000217FABA8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2962759137.00000217FADB0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2961466558.00000217FABDC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2950826484.00000217806CE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2950826484.00000217808ED000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2950826484.00000217802B2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2950826484.000002178006E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2961466558.00000217FAC24000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2963636854.00000217FBC0E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            Has exited:false

                                                                                            General

                                                                                            Target ID:14
                                                                                            Start time:12:20:57
                                                                                            Start date:03/07/2024
                                                                                            Path:C:\Windows\System32\sc.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                                                                                            Imagebase:0x7ff69e820000
                                                                                            File size:72'192 bytes
                                                                                            MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:15
                                                                                            Start time:12:20:57
                                                                                            Start date:03/07/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff7699e0000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:16
                                                                                            Start time:12:20:57
                                                                                            Start date:03/07/2024
                                                                                            Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:rundll32.exe "C:\Windows\Installer\MSI27EA.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5711890 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
                                                                                            Imagebase:0x200000
                                                                                            File size:61'440 bytes
                                                                                            MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000010.00000003.1818863709.000000000427E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000010.00000002.1871926707.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000010.00000002.1871926707.0000000004341000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:20
                                                                                            Start time:12:21:07
                                                                                            Start date:03/07/2024
                                                                                            Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "3205572e-b701-411c-935a-8eefcd863daa" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
                                                                                            Imagebase:0x169f6680000
                                                                                            File size:166'960 bytes
                                                                                            MD5 hash:47709084FF7F796AAE3D6430AB076793
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.1938735886.00000169F67A0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.1938735886.00000169F677F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000000.1915534412.00000169F6682000.00000002.00000001.01000000.00000016.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.1938735886.00000169F6760000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.1937782713.0000016980083000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.1938735886.00000169F67AD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.1939609942.00000169F69F0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.1938735886.00000169F67ED000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.1937782713.0000016980001000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, Author: Joe Security
                                                                                            • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, Author: Joe Security
                                                                                            Antivirus matches:
                                                                                            • Detection: 0%, ReversingLabs
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:21
                                                                                            Start time:12:21:07
                                                                                            Start date:03/07/2024
                                                                                            Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "e84a63c2-b176-4565-84a8-bf664a770baa" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
                                                                                            Imagebase:0x24c04720000
                                                                                            File size:166'960 bytes
                                                                                            MD5 hash:47709084FF7F796AAE3D6430AB076793
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.1938695669.0000024C04F52000.00000002.00000001.01000000.00000018.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.1938810865.0000024C04FE1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.1937961302.0000024C049CB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.1938810865.0000024C05063000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.1937961302.0000024C049EC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.1937961302.0000024C049FA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.1937961302.0000024C04A36000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.1938810865.0000024C05027000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.1938810865.0000024C0509F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.1941843551.0000024C1D961000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.1937873368.0000024C049B0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.1937784076.0000024C04970000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.1937873368.0000024C049B8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:22
                                                                                            Start time:12:21:07
                                                                                            Start date:03/07/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff7699e0000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:23
                                                                                            Start time:12:21:07
                                                                                            Start date:03/07/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff7699e0000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:24
                                                                                            Start time:12:22:01
                                                                                            Start date:03/07/2024
                                                                                            Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "64e30cd7-7773-4e23-a998-f6edaea887a9" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
                                                                                            Imagebase:0x24296770000
                                                                                            File size:166'960 bytes
                                                                                            MD5 hash:47709084FF7F796AAE3D6430AB076793
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2482169319.0000024296857000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2483470135.0000024297127000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2483202493.0000024296B70000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2483470135.00000242970E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2482169319.0000024296819000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2482169319.000002429684D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2483470135.0000024297163000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2482169319.0000024296896000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2483470135.000002429719F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2482169319.0000024296810000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:25
                                                                                            Start time:12:22:01
                                                                                            Start date:03/07/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff7699e0000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:27
                                                                                            Start time:12:22:07
                                                                                            Start date:03/07/2024
                                                                                            Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "0a143a2b-b19b-4fce-bc04-41b81bcbcc4b" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
                                                                                            Imagebase:0x1ce7f300000
                                                                                            File size:166'960 bytes
                                                                                            MD5 hash:47709084FF7F796AAE3D6430AB076793
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2551673351.000001CE7F49B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2548929719.000001CE005DF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2551673351.000001CE7F4A8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2551673351.000001CE7F548000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2548929719.000001CE005A3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2551673351.000001CE7F460000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2550356997.000001CE18D0A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2548929719.000001CE00521000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2551673351.000001CE7F4E8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2553023308.000001CE7F7C0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2551673351.000001CE7F469000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2548929719.000001CE00567000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:28
                                                                                            Start time:12:22:07
                                                                                            Start date:03/07/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff7699e0000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:29
                                                                                            Start time:12:22:10
                                                                                            Start date:03/07/2024
                                                                                            Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "0a143a2b-b19b-4fce-bc04-41b81bcbcc4b" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
                                                                                            Imagebase:0x238ea200000
                                                                                            File size:166'960 bytes
                                                                                            MD5 hash:47709084FF7F796AAE3D6430AB076793
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001D.00000002.2579606173.00000238EB400000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001D.00000002.2576271251.00000238EA4AC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001D.00000002.2567708299.00000238800BF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001D.00000002.2576271251.00000238EA490000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001D.00000002.2567708299.0000023880047000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001D.00000002.2567708299.0000023880001000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001D.00000002.2576271251.00000238EA4CC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001D.00000002.2574330320.00000238EA3F0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001D.00000002.2576271251.00000238EA4DC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001D.00000002.2576271251.00000238EA499000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001D.00000002.2576271251.00000238EA568000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001D.00000002.2567708299.0000023880083000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001D.00000002.2576271251.00000238EA517000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:30
                                                                                            Start time:12:22:10
                                                                                            Start date:03/07/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff7699e0000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:31
                                                                                            Start time:12:22:25
                                                                                            Start date:03/07/2024
                                                                                            Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "f7c52d87-a697-402f-9ddb-f4bd7930a959" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
                                                                                            Imagebase:0x1ca8fbc0000
                                                                                            File size:166'960 bytes
                                                                                            MD5 hash:47709084FF7F796AAE3D6430AB076793
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.2720357078.000001CA90651000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.2720357078.000001CA906D3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.2718323397.000001CA8FE18000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.2718323397.000001CA8FE10000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.2718323397.000001CA8FE5C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.2718323397.000001CA8FE9B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.2720357078.000001CA9070F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.2720226579.000001CA90080000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.2720357078.000001CA90697000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:32
                                                                                            Start time:12:22:25
                                                                                            Start date:03/07/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff7699e0000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:33
                                                                                            Start time:12:22:35
                                                                                            Start date:03/07/2024
                                                                                            Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "34fed5af-6ccf-418e-89e6-f319c0139431" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
                                                                                            Imagebase:0x19db58e0000
                                                                                            File size:166'960 bytes
                                                                                            MD5 hash:47709084FF7F796AAE3D6430AB076793
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.2818020572.0000019DB5D20000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.2814840353.0000019DB5AA0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.2814840353.0000019DB5AA9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.2814840353.0000019DB5AE3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.2819989598.0000019DB64CF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.2819989598.0000019DB6493000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.2814840353.0000019DB5B26000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.2814840353.0000019DB5ADD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.2819989598.0000019DB6411000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.2822736956.0000019DCEAD0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.2819989598.0000019DB6457000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.2814840353.0000019DB5B61000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:34
                                                                                            Start time:12:22:35
                                                                                            Start date:03/07/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff7699e0000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:35
                                                                                            Start time:12:22:44
                                                                                            Start date:03/07/2024
                                                                                            Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7d7ca517-f825-4372-8327-c232f61880c4 "16f383b9-4be1-4380-b33c-f4b37a96755f" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000HarDhIAJ
                                                                                            Imagebase:0x213e3750000
                                                                                            File size:166'960 bytes
                                                                                            MD5 hash:47709084FF7F796AAE3D6430AB076793
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000023.00000002.2908773950.00000213E39E5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000023.00000002.2908773950.00000213E399D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000023.00000002.2925775178.00000213E42D3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000023.00000002.2925775178.00000213E4297000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000023.00000002.2925775178.00000213E430F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000023.00000002.2925187633.00000213E3AE0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000023.00000002.2908773950.00000213E3960000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000023.00000002.2908773950.00000213E3969000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000023.00000002.2908773950.00000213E399F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000023.00000002.2925775178.00000213E4251000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:36
                                                                                            Start time:12:22:44
                                                                                            Start date:03/07/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff7699e0000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Disassembly

                                                                                            Reset < >

                                                                                              Executed Functions

                                                                                              Function 04351630 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000003.1694199242.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_3_4350000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: $^q$$^q
                                                                                              • API String ID: 0-355816377
                                                                                              • Opcode ID: 2f257897b6f08e148d65d07a3bdf5ce6dae5e12e929021bbe12db7c246c7b2bd
                                                                                              • Instruction ID: dda0c218f94532c31f94232447a1f0e1ee03340054000c031e52bfba47b42af9
                                                                                              • Opcode Fuzzy Hash: 2f257897b6f08e148d65d07a3bdf5ce6dae5e12e929021bbe12db7c246c7b2bd
                                                                                              • Instruction Fuzzy Hash: 5F51C171B002099FDB15DF79D850AAEBBF6EFC9350B14812AE819DB364DB30AD02C791
                                                                                              Function 04351080 Relevance: 1.5, Strings: 1, Instructions: 212COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000003.1694199242.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_3_4350000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (bq
                                                                                              • API String ID: 0-149360118
                                                                                              • Opcode ID: 7a54741e93d5f4e85dc87916340ad537b565f9e4d41b720471bbda932ee9596e
                                                                                              • Instruction ID: c1c7acc45021811f2dbbf26fd5e90921d6c6419a8e951591cf42d9a604a380dc
                                                                                              • Opcode Fuzzy Hash: 7a54741e93d5f4e85dc87916340ad537b565f9e4d41b720471bbda932ee9596e
                                                                                              • Instruction Fuzzy Hash: 1871A435F102149BDF19ABB9C854B6EB7E7AFC8301F148129D9069B3A0DF35ED428791
                                                                                              Function 04350C1C Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000003.1694199242.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_3_4350000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (bq
                                                                                              • API String ID: 0-149360118
                                                                                              • Opcode ID: e018a8aa0ede4d9113d890fa6290045bb2e7939ced83c4a13f3e7e15a6d26adf
                                                                                              • Instruction ID: 590b047bec66df0f87027fc7ec74c5870faf0be84f77db8cf73b699fe591ce0a
                                                                                              • Opcode Fuzzy Hash: e018a8aa0ede4d9113d890fa6290045bb2e7939ced83c4a13f3e7e15a6d26adf
                                                                                              • Instruction Fuzzy Hash: 7A511630B04254AFEB149B78D458BAE7FB6EF89310F14406AD806E7391CE75AC45C791
                                                                                              Function 04350E8C Relevance: 1.4, Strings: 1, Instructions: 154COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000003.1694199242.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_3_4350000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (bq
                                                                                              • API String ID: 0-149360118
                                                                                              • Opcode ID: 8ae737c59f31ec83ee6bc1b8e3001ccd6f1131186349a30fd25fe28c35abd4b0
                                                                                              • Instruction ID: abde5e508b9f5cc73260619a2cf94699d9a57169d9d3fc46640372e5b6c85390
                                                                                              • Opcode Fuzzy Hash: 8ae737c59f31ec83ee6bc1b8e3001ccd6f1131186349a30fd25fe28c35abd4b0
                                                                                              • Instruction Fuzzy Hash: A741D431B001146BEB18AA79D8A4B6F679B9FC8714F14942DDD06EB390CE35BD06CBD1
                                                                                              Function 04352644 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000003.1694199242.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_3_4350000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (bq
                                                                                              • API String ID: 0-149360118
                                                                                              • Opcode ID: 40c84af1e14be4137648e922897c6cfe43c151b63a5a9a2d7f9063f1878ae888
                                                                                              • Instruction ID: 8fc01fdcc996b272212a7ab3e87fc8e4f2360d0b460af48400536de808a2e43b
                                                                                              • Opcode Fuzzy Hash: 40c84af1e14be4137648e922897c6cfe43c151b63a5a9a2d7f9063f1878ae888
                                                                                              • Instruction Fuzzy Hash: AB314821B083641BFB296A395464B6F3B9B8FC6714F0494FADC02CB292DD68FC4247D1
                                                                                              Function 04352764 Relevance: .4, Instructions: 394COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000003.1694199242.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_3_4350000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7f0f59bfefbd42400c2fe20f658c1c7d4c47ed307b778edb8e6f409911976665
                                                                                              • Instruction ID: 48ddea952ecb15c9ed68af4c7e02a561559d4020ec918d139ca0e06e5684d0cc
                                                                                              • Opcode Fuzzy Hash: 7f0f59bfefbd42400c2fe20f658c1c7d4c47ed307b778edb8e6f409911976665
                                                                                              • Instruction Fuzzy Hash: 6BE09270D093099FAB40EFB9954169A7FF5AA5920472092FAC409D6320F732E5038F91
                                                                                              Function 043523B8 Relevance: .2, Instructions: 158COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000003.1694199242.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_3_4350000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 804859b17e7719f2a00de9e863723bff23288949af61fb52ceba2c654f3f9fee
                                                                                              • Instruction ID: 315b07eeac279f0fa4404c941e547ea42c6e475db38003a9447aa680ac6fa5e7
                                                                                              • Opcode Fuzzy Hash: 804859b17e7719f2a00de9e863723bff23288949af61fb52ceba2c654f3f9fee
                                                                                              • Instruction Fuzzy Hash: 3D51C271B012158FDB10CF68C994A6ABBF1FF44308B2595EAE818DB272DB31EC41CB81
                                                                                              Function 04351F08 Relevance: .1, Instructions: 115COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000003.1694199242.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_3_4350000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6b0dd08f4949bd015bbd04719cb48a0c09e4c096344f81988987a3759714e774
                                                                                              • Instruction ID: a25918721b19787a8182d823642bd07d8cdd29908cb364eac030336b4bb1d46e
                                                                                              • Opcode Fuzzy Hash: 6b0dd08f4949bd015bbd04719cb48a0c09e4c096344f81988987a3759714e774
                                                                                              • Instruction Fuzzy Hash: E7316932B093553FDF195A39B855B2B7F6A8F81354B056067ED08CF161DA24FC42C3A1
                                                                                              Function 04352268 Relevance: .1, Instructions: 106COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000003.1694199242.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_3_4350000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 629367a90646409ecdec1dcee4b5da0130c071ba66931c2659262a36e9043d44
                                                                                              • Instruction ID: 15f0b72aa9dffbdf1a1c0a07f20fce1b718d2de209d410786304c6439337e76e
                                                                                              • Opcode Fuzzy Hash: 629367a90646409ecdec1dcee4b5da0130c071ba66931c2659262a36e9043d44
                                                                                              • Instruction Fuzzy Hash: 75411A35B002189FCB54DF69D88099EBBB2FF89714B14816AE905EB360DB31ED42CF90
                                                                                              Function 04352664 Relevance: .1, Instructions: 90COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000003.1694199242.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_3_4350000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 353bb0d980ef670dacb1158bca60677cf6e3f4c91c0d99c5f9e6d535540a76b6
                                                                                              • Instruction ID: 1562ad64242619e6ec6f61d893aabefb370b4bdd518eb1771c5bc68facbc9513
                                                                                              • Opcode Fuzzy Hash: 353bb0d980ef670dacb1158bca60677cf6e3f4c91c0d99c5f9e6d535540a76b6
                                                                                              • Instruction Fuzzy Hash: AD215E32A453247FFB0126756424BFB3F98CF42264F01A4F7EE099A161C914FC8697E0
                                                                                              Function 04351050 Relevance: .1, Instructions: 87COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000003.1694199242.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_3_4350000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e1038fc7a76c1c975c3f22fdc4a5548ff0224269561dfe28bc2d0cb0d711b9e9
                                                                                              • Instruction ID: dd7947cf721830b40e1807df0cbd54d010c52426507b7c22560b3917f4ee3f38
                                                                                              • Opcode Fuzzy Hash: e1038fc7a76c1c975c3f22fdc4a5548ff0224269561dfe28bc2d0cb0d711b9e9
                                                                                              • Instruction Fuzzy Hash: 52210632F002649BEF109F79D854BEE7BEA9F84244F04507ACD06DB251EE34EE468791
                                                                                              Function 04352258 Relevance: .1, Instructions: 65COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000003.1694199242.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_3_4350000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0e4025eac58a5878d5f79a4830c612fac9e650594fda4e0eeb69e63c61848a42
                                                                                              • Instruction ID: 85bb3f6ca3896e381cdeab2d90857e2a631a075be3b231f58335288788596be8
                                                                                              • Opcode Fuzzy Hash: 0e4025eac58a5878d5f79a4830c612fac9e650594fda4e0eeb69e63c61848a42
                                                                                              • Instruction Fuzzy Hash: 7B214A75A102189FCB44DF79D88099EBBF5FF8D714F10916AE905EB320DB31A942CB90
                                                                                              Function 04351958 Relevance: .1, Instructions: 58COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000003.1694199242.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_3_4350000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: bcff0f48c34c96452e22e31b30fc98ca43757f176fa263f89d6389bb218e5248
                                                                                              • Instruction ID: 54399454f5d0f26d6446c4c270fbed49683d1acc2c44818db7d7eacf3a475906
                                                                                              • Opcode Fuzzy Hash: bcff0f48c34c96452e22e31b30fc98ca43757f176fa263f89d6389bb218e5248
                                                                                              • Instruction Fuzzy Hash: 32113335A00264AFDB54DF68E458AE97BB6FF8D320F144019E80AE7250CF75AC86CB90
                                                                                              Function 04351378 Relevance: .1, Instructions: 55COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000003.1694199242.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_3_4350000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5df7406a9f8b3a16b5d54f5c6a5177216eb83f6251a9fb435f376b1d8e897cc9
                                                                                              • Instruction ID: c820268e24476edf973861eb01c766148e1eabd1c95bfef2c21169179cf3cba3
                                                                                              • Opcode Fuzzy Hash: 5df7406a9f8b3a16b5d54f5c6a5177216eb83f6251a9fb435f376b1d8e897cc9
                                                                                              • Instruction Fuzzy Hash: 6821E5B4D042498EDB14DFAAC484AEEFBF0FF88314F10852ED959A7240C7756945CFA1
                                                                                              Function 04351380 Relevance: .1, Instructions: 53COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000003.1694199242.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_3_4350000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 923de3494774eaf55be64956b682027e385f93d1d4b3b2c3343338c4e8f87872
                                                                                              • Instruction ID: b09981a9c528423aefed651473206526fd8b20fd78c96bd1b2ad65b2a6c65303
                                                                                              • Opcode Fuzzy Hash: 923de3494774eaf55be64956b682027e385f93d1d4b3b2c3343338c4e8f87872
                                                                                              • Instruction Fuzzy Hash: C81106B4D042098FDB10DFAAC485ADEFBF4FF88324F108419D959A7240CB746945CFA5
                                                                                              Function 04351968 Relevance: .1, Instructions: 51COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000003.1694199242.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_3_4350000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: eaefb34f0ad93936ae374e45ba86e02cb18fcf6d09f2a60a997c35168db3c39a
                                                                                              • Instruction ID: dc9e6727a9047190365c4059d316935f7f5cb4af9e83cc4c61f0e82300654656
                                                                                              • Opcode Fuzzy Hash: eaefb34f0ad93936ae374e45ba86e02cb18fcf6d09f2a60a997c35168db3c39a
                                                                                              • Instruction Fuzzy Hash: A211FE35B40225AFCB54DF58E458AA97BB6FF8C321F144019E50AE7350CF79AC85CBA0
                                                                                              Function 04351829 Relevance: .0, Instructions: 48COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000003.1694199242.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_3_4350000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 29a98be078a6cc30879ca4ffd50e6edbfe17d8b3bcd6c9b1350a149a3059212a
                                                                                              • Instruction ID: ad696b3df018addf9cfbf64db787702cfe0ad6da570af77ebad8d94d05cb26e7
                                                                                              • Opcode Fuzzy Hash: 29a98be078a6cc30879ca4ffd50e6edbfe17d8b3bcd6c9b1350a149a3059212a
                                                                                              • Instruction Fuzzy Hash: 9E018F71A0061497EB28AA699454BAFBEFA9BC9714F21442DE802F7390CE756C018BE1
                                                                                              Function 04351440 Relevance: .0, Instructions: 42COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000003.1694199242.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_3_4350000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 46ccbffa51ce3645fb1c20b0a7e6e6fb301419c36793488c20299437689bdc6e
                                                                                              • Instruction ID: 54b2cd98d6101f3ee0ce0eab8ba2ed389e7e17d0d75ea698793169fc42146126
                                                                                              • Opcode Fuzzy Hash: 46ccbffa51ce3645fb1c20b0a7e6e6fb301419c36793488c20299437689bdc6e
                                                                                              • Instruction Fuzzy Hash: 5B01A770A093451FCB099F38A4395153FFAEEC6600B151CAAD949CF1A2E924E84583D2
                                                                                              Function 04352AA3 Relevance: .0, Instructions: 37COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000003.1694199242.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_3_4350000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e598b9e23d81863d2970c4fe62a7c13d34c97e551f792e1cd16e1485aab06fe4
                                                                                              • Instruction ID: 0fe2af8e84bf1d577161664ebbe9d6b9f2823433b058bd7c54b69b82a2f65e15
                                                                                              • Opcode Fuzzy Hash: e598b9e23d81863d2970c4fe62a7c13d34c97e551f792e1cd16e1485aab06fe4
                                                                                              • Instruction Fuzzy Hash: 7AF0273670431417A7385D1B94C4E7B679EDFC4664B08A069FD08D3260DE24BC0159A4
                                                                                              Function 04351431 Relevance: .0, Instructions: 36COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000003.1694199242.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_3_4350000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5d56ba3f208da17070879c4a81f3edef14e9e5843306b4481d206e943d2c9871
                                                                                              • Instruction ID: 6250cb8d334fb8dc5d671ee1001449549e1ce2f1ec6434b474902fec1ed52d94
                                                                                              • Opcode Fuzzy Hash: 5d56ba3f208da17070879c4a81f3edef14e9e5843306b4481d206e943d2c9871
                                                                                              • Instruction Fuzzy Hash: 8CF0C870B043152FDF099F7CA42A6163FEAEEC56147151C6ED94ACF151E924F84183D2
                                                                                              Function 043525D1 Relevance: .0, Instructions: 34COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000003.1694199242.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_3_4350000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 68627229ee2022f49ee7094683ff6c00dc69b444bf0f358f9006a891b4d956bf
                                                                                              • Instruction ID: 9cc898bd1671a42f7c5fa59c41e9db7c114feaf74a0aa0afd9c4e274ff399844
                                                                                              • Opcode Fuzzy Hash: 68627229ee2022f49ee7094683ff6c00dc69b444bf0f358f9006a891b4d956bf
                                                                                              • Instruction Fuzzy Hash: 69F0B433B141845BDB0D8A38E0585EE7B729BC9224F54817FD403A7280EE75990AD741
                                                                                              Function 043525E0 Relevance: .0, Instructions: 29COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000003.1694199242.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_3_4350000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9972d7ceb453a716c75b14c850c0e0276837da5b79420568c2fd2891b383e4d1
                                                                                              • Instruction ID: 5fc5f4463085df8c953f082eea2b0da049458d6e5a24a35f95467824ded1e276
                                                                                              • Opcode Fuzzy Hash: 9972d7ceb453a716c75b14c850c0e0276837da5b79420568c2fd2891b383e4d1
                                                                                              • Instruction Fuzzy Hash: 7EE0E532B1015847CB0C9669E4585FEB77ADBC8210B11813AD816A3340EF705D09DB91
                                                                                              Function 04352654 Relevance: .0, Instructions: 29COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000003.1694199242.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_3_4350000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0584ce1e13a0a79397c8a8e0691fdd41daa2bd90712d9f54ae7bb51e0979e0d9
                                                                                              • Instruction ID: 749ef9667736c1a9e88c9162e815e49f1d98641e0b14ee76246dabf5d8ae9c91
                                                                                              • Opcode Fuzzy Hash: 0584ce1e13a0a79397c8a8e0691fdd41daa2bd90712d9f54ae7bb51e0979e0d9
                                                                                              • Instruction Fuzzy Hash: 47E0DF2072432806FB3C296A5410FB736DE8F80B08F002DFADC42C76A2E8C0F8400BE2
                                                                                              Function 04352590 Relevance: .0, Instructions: 21COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000003.1694199242.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_3_4350000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9e6284d1d97309185b9d4d7804ea8b384fce05b8e90ca29eb473f75a5088d413
                                                                                              • Instruction ID: 06adf57d417c6f9a50d2154b367fe1dff68bd8fb19f25c54509c4979a547b692
                                                                                              • Opcode Fuzzy Hash: 9e6284d1d97309185b9d4d7804ea8b384fce05b8e90ca29eb473f75a5088d413
                                                                                              • Instruction Fuzzy Hash: 2EE0C2719053601FE702A7B4B81D6C92BD2EF626053079DA7E1069F116DE20BD8A43D5
                                                                                              Function 043517F0 Relevance: .0, Instructions: 21COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000003.1694199242.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_3_4350000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0882a93a0200cd7e5399e26e646445925294ef8f9c2afa509af8761c5adcb074
                                                                                              • Instruction ID: 6806300eeefca52460503490aeff2afb3f7736b240d1bc0703eeab57637b953b
                                                                                              • Opcode Fuzzy Hash: 0882a93a0200cd7e5399e26e646445925294ef8f9c2afa509af8761c5adcb074
                                                                                              • Instruction Fuzzy Hash: 9CE02B3311C3842FD70A1B30E8118D67FB99B5B22030960B3F942872A1CD217C01C7E0
                                                                                              Function 04350C0C Relevance: .0, Instructions: 17COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000003.1694199242.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_3_4350000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ecc427f80e3a835d83a2e62e9b1e1690dcdea6434691ea7a324ed4febe1d6f39
                                                                                              • Instruction ID: 73e00e529699e035b2a37bbc2a1fd92f63f8d962e58c9be041e50f4bc322f417
                                                                                              • Opcode Fuzzy Hash: ecc427f80e3a835d83a2e62e9b1e1690dcdea6434691ea7a324ed4febe1d6f39
                                                                                              • Instruction Fuzzy Hash: 32D0A73236021C6B57086619D885D7A7BA9EB953613105427FD0683220DD61BC4187D9
                                                                                              Function 04352A58 Relevance: .0, Instructions: 17COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000003.1694199242.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_3_4350000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b5ead728a58bcfee306226349521b56548627beafa3eaef63771995db96aaee8
                                                                                              • Instruction ID: 9cc526975a71a032df9c77c1d204aa2499969f1911ab649f012ece8848d34303
                                                                                              • Opcode Fuzzy Hash: b5ead728a58bcfee306226349521b56548627beafa3eaef63771995db96aaee8
                                                                                              • Instruction Fuzzy Hash: CDE0EC70D002099F8740EFB9954156ABBF4AB48204B1085AAC808D7210FA3295028F91
                                                                                              Function 04352560 Relevance: .0, Instructions: 15COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000003.1694199242.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_3_4350000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: eb20f65417ce0b42e285d3e5e76bc602044028cb9fcbc3a89daadf882e1287db
                                                                                              • Instruction ID: 004de05cd16a95373362c51c1cf16914197590c44ba1230cb0c7206570978ae7
                                                                                              • Opcode Fuzzy Hash: eb20f65417ce0b42e285d3e5e76bc602044028cb9fcbc3a89daadf882e1287db
                                                                                              • Instruction Fuzzy Hash: 5AD05E7490130DDFCB04DFB5E94196DBFF9EB44205B2086A6E408D3210EA305E00CB80
                                                                                              Function 04350440 Relevance: .0, Instructions: 13COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000003.1694199242.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_3_4350000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e246154cbb518112f8eebd7ecb73352db65c2cabd4eb5644402eaec9db6b5a5f
                                                                                              • Instruction ID: cc01176f1a631ca9945bfaabfc7179d18f5e051d1789c7b636ac6681c350d032
                                                                                              • Opcode Fuzzy Hash: e246154cbb518112f8eebd7ecb73352db65c2cabd4eb5644402eaec9db6b5a5f
                                                                                              • Instruction Fuzzy Hash: 24D012B251D7D05FE7478268049049AAFB0BA7320978E5296C08889413E1169457D762

                                                                                              Executed Functions

                                                                                              Function 06FB7678 Relevance: 8.2, Strings: 6, Instructions: 728COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746545312.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_6fb0000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Pl^q$Pl^q$Pl^q$Pl^q$Pl^q$x cq
                                                                                              • API String ID: 0-1040424049
                                                                                              • Opcode ID: 6375069c90b6288c824e89e9120acff7777a8d9315028d9b867d659534d8ce54
                                                                                              • Instruction ID: 4b1939ae1fb0e5c02f7b8fbcfbe4bdca2ac32742d65661f67f2d0c638834419f
                                                                                              • Opcode Fuzzy Hash: 6375069c90b6288c824e89e9120acff7777a8d9315028d9b867d659534d8ce54
                                                                                              • Instruction Fuzzy Hash: 86525D74B007048FD754EB3AC494A6ABBE6BFC8705B1588ADD54ACB366DE70EC01CB91
                                                                                              Function 06FB0040 Relevance: 1.7, Strings: 1, Instructions: 471COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746545312.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_6fb0000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: \;^q
                                                                                              • API String ID: 0-2342212615
                                                                                              • Opcode ID: 7176c83121855c69997996b38d0d40342b3da3980b5568e7dd0ec0b3c4252063
                                                                                              • Instruction ID: adbd6731dbb7de7c96d5c1a90b6f1964a7b8949680e861582a7bc34b7be425f9
                                                                                              • Opcode Fuzzy Hash: 7176c83121855c69997996b38d0d40342b3da3980b5568e7dd0ec0b3c4252063
                                                                                              • Instruction Fuzzy Hash: 95225D30E10319CFDB14EF79C84469DBBB2FF89304F1196A9D946AB251EF70A985CB90
                                                                                              Function 04B8746A Relevance: 20.9, Strings: 16, Instructions: 921COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: `q$$&_q$(_^q$4'^q$4'^q$4'^q$4'^q$4c^q$4c^q$@b^q$|-_q$$^q$$^q$c^q$c^q$`q
                                                                                              • API String ID: 0-3238858861
                                                                                              • Opcode ID: 0b6ee868a273b0f97e9ffdb4559312a30bd600d63fb4555e0e69ab424d426ac6
                                                                                              • Instruction ID: 31df41dd30989bd4a3bfbd409ea1cd68f3a3490f19a4413fff7bf1c6dbba2a67
                                                                                              • Opcode Fuzzy Hash: 0b6ee868a273b0f97e9ffdb4559312a30bd600d63fb4555e0e69ab424d426ac6
                                                                                              • Instruction Fuzzy Hash: F6A2E67090022C9FDB259F64C855AEEBBB6FF89301F1045E9D6096B291DF319E85CF81
                                                                                              Function 04B874C0 Relevance: 20.9, Strings: 16, Instructions: 867COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: `q$$&_q$(_^q$4'^q$4'^q$4'^q$4'^q$4c^q$4c^q$@b^q$|-_q$$^q$$^q$c^q$c^q$`q
                                                                                              • API String ID: 0-3238858861
                                                                                              • Opcode ID: 35f581dde92989313e9a26ed06a592e30887547dec7cc0d908b89cafd994e9ac
                                                                                              • Instruction ID: a59ea88cf397725e17e8ea8d18aa6df6f6e7713d5485df92d0f06d0dcc6ca97c
                                                                                              • Opcode Fuzzy Hash: 35f581dde92989313e9a26ed06a592e30887547dec7cc0d908b89cafd994e9ac
                                                                                              • Instruction Fuzzy Hash: 4992C17090022C9FDB259F64D855AEEBBB6FF89301F1045E9D6096B2A0DF319E85CF81
                                                                                              Function 04B8B688 Relevance: 6.5, Strings: 5, Instructions: 219COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (bq$\;^q$l;p$?p$|]q
                                                                                              • API String ID: 0-2154232553
                                                                                              • Opcode ID: dac27aaf8349e9263f847330a7cdbfe0c63ff392ebd9260d997e91e3cbbe463c
                                                                                              • Instruction ID: 36919d4d0acf1f859aac7675cb6773bfd7f56c726f81b9f1598018c1445dbe36
                                                                                              • Opcode Fuzzy Hash: dac27aaf8349e9263f847330a7cdbfe0c63ff392ebd9260d997e91e3cbbe463c
                                                                                              • Instruction Fuzzy Hash: 3A61B5B9B0821A4BD714AA7AD85457FB7EBEFC4744B14806EE805D7394EE34FC02C6A1
                                                                                              Function 04B8B9F8 Relevance: 5.3, Strings: 4, Instructions: 269COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (bq$(bq$(bq$(bq
                                                                                              • API String ID: 0-2632976689
                                                                                              • Opcode ID: 9e6caf00fb1f06c4c2d6f7487e3061ee8ed566e7940d6ab7979affde8a304e61
                                                                                              • Instruction ID: 48da61469cf383643ddc0b434ebf7ad03d45860494b04922f8594acf5b04ecd7
                                                                                              • Opcode Fuzzy Hash: 9e6caf00fb1f06c4c2d6f7487e3061ee8ed566e7940d6ab7979affde8a304e61
                                                                                              • Instruction Fuzzy Hash: 9281D235B041148FDB14EF7DD4546AE7BE6EF89711B1580AAE60ACB391EE30EE01CB91
                                                                                              Function 04B885C0 Relevance: 2.9, Strings: 2, Instructions: 435COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (bq$d
                                                                                              • API String ID: 0-3334038649
                                                                                              • Opcode ID: 3aeaa7be33f77336bb2ef47d879c8759498022acbfb5784bc94aa504f332acd1
                                                                                              • Instruction ID: d9b4764154024fc25f3f0ccf9f408fa79532482f845145443a3691dc13ea6c26
                                                                                              • Opcode Fuzzy Hash: 3aeaa7be33f77336bb2ef47d879c8759498022acbfb5784bc94aa504f332acd1
                                                                                              • Instruction Fuzzy Hash: E5029C74A006058FD714EF59C48096ABBF2FF89314B65CAADE45A9B365D730FC42CB90
                                                                                              Function 04B86C20 Relevance: 2.9, Strings: 2, Instructions: 368COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (bq$|7p
                                                                                              • API String ID: 0-1820265802
                                                                                              • Opcode ID: c7603691ea7e171972491edf7646a8dfbd8aa03d648ce2d332341c746b888689
                                                                                              • Instruction ID: 5414e93d3a9b5d8bc01afb7166b67cbbbb2419153cc05ee308fff09d1cbd5fed
                                                                                              • Opcode Fuzzy Hash: c7603691ea7e171972491edf7646a8dfbd8aa03d648ce2d332341c746b888689
                                                                                              • Instruction Fuzzy Hash: E4D1BE70B002158FC719AF69C89466E7BE2FF88305B24889DE54ADB355EF34EC42CB91
                                                                                              Function 04B81630 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: $^q$$^q
                                                                                              • API String ID: 0-355816377
                                                                                              • Opcode ID: 95f3a5cf251d0ed8a3a632b475aa31de9cffbb5a8388b5582d8aadcb3ebcc538
                                                                                              • Instruction ID: bcd6651e43aa774fae8fce5696182168cf700fca7d28b62a45fc5e2e3817480a
                                                                                              • Opcode Fuzzy Hash: 95f3a5cf251d0ed8a3a632b475aa31de9cffbb5a8388b5582d8aadcb3ebcc538
                                                                                              • Instruction Fuzzy Hash: B151CF75B012099FDB14EF7DD8406AEBBE6EBC9350B1481AEE459DB354DA30AC02C7A1
                                                                                              Function 04B830EC Relevance: 2.6, Strings: 2, Instructions: 135COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (bq$LR^q
                                                                                              • API String ID: 0-516514815
                                                                                              • Opcode ID: 33d875fb2f545ce37c83cbc573d3733cfe1caedd8d79d6568299e43a20709407
                                                                                              • Instruction ID: 6cf914cbfe99f805cd3a05126d01d5d23296a92a2b286369ed2110cb2484ffa3
                                                                                              • Opcode Fuzzy Hash: 33d875fb2f545ce37c83cbc573d3733cfe1caedd8d79d6568299e43a20709407
                                                                                              • Instruction Fuzzy Hash: 2541E475B002145FEB08AB38985473E7BE6EBC5B04F0084ADE906D7395EE39EC01C791
                                                                                              Function 04B8A228 Relevance: 2.6, Strings: 2, Instructions: 133COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (bq$(bq
                                                                                              • API String ID: 0-4224401849
                                                                                              • Opcode ID: 3ff4bd919fd9842b8bc9e99fee00a0161d3176c312518eddd52a27a360be6e12
                                                                                              • Instruction ID: 832fd2f1405b0e5908f415a0902afc66780ebd0297134a3cb8a0e0d20ea22a70
                                                                                              • Opcode Fuzzy Hash: 3ff4bd919fd9842b8bc9e99fee00a0161d3176c312518eddd52a27a360be6e12
                                                                                              • Instruction Fuzzy Hash: 9741BF34B042549FDB15DB69C854BAEBBE2EF8D710F24809DD906AB381CA75AD02CB91
                                                                                              Function 04B8EA88 Relevance: 2.6, Strings: 2, Instructions: 122COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (bq$T;p
                                                                                              • API String ID: 0-1114662672
                                                                                              • Opcode ID: 72429cc92494a55cf3488261ae69ee7b2aa3c5631921d81ab5c35e225db6f9fa
                                                                                              • Instruction ID: 8bf331d85e6dd288773f12ea333938e95b72afa39c8573244ba87b72fefd35d9
                                                                                              • Opcode Fuzzy Hash: 72429cc92494a55cf3488261ae69ee7b2aa3c5631921d81ab5c35e225db6f9fa
                                                                                              • Instruction Fuzzy Hash: 763100307002158FDB08AA3ED89587EBBE6EFC9610714457DE906C7390DE71EC018BA1
                                                                                              Function 04B899B8 Relevance: 1.6, Strings: 1, Instructions: 324COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (bq
                                                                                              • API String ID: 0-149360118
                                                                                              • Opcode ID: 7e5ec15b1c5456047af90005592904348b724bc0887ed266359dc90503ad4136
                                                                                              • Instruction ID: 5e40cfc74b846cb4a11945f4b0493535449e2a49be6af6065e25dc19ffd6603e
                                                                                              • Opcode Fuzzy Hash: 7e5ec15b1c5456047af90005592904348b724bc0887ed266359dc90503ad4136
                                                                                              • Instruction Fuzzy Hash: 24E11A74A003598FDF05DFA8C884AADBBF2FF89304F158199D849AB295DB70ED46CB50
                                                                                              Function 04B8E1F0 Relevance: 1.6, Strings: 1, Instructions: 322COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (Acq
                                                                                              • API String ID: 0-1548273396
                                                                                              • Opcode ID: 5b978e314a288c9348e31f9da0bdcc057ae4033ce1b4ff68939553a932afa797
                                                                                              • Instruction ID: 89a19ff9003733f3823291ed542e0b0d972b4e82fa759970094ac57ee12cc8f1
                                                                                              • Opcode Fuzzy Hash: 5b978e314a288c9348e31f9da0bdcc057ae4033ce1b4ff68939553a932afa797
                                                                                              • Instruction Fuzzy Hash: 39C11974B10219DFDB15EFA9D454AAEBBB2EF88304F144469E806EB390DB74EC06CB51
                                                                                              Function 06FB9FE0 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • KiUserExceptionDispatcher.NTDLL ref: 06FB9FF8
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746545312.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_6fb0000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID: DispatcherExceptionUser
                                                                                              • String ID:
                                                                                              • API String ID: 6842923-0
                                                                                              • Opcode ID: 8fba39f9c1a326033047c390cde2989806581a9d5ae1c2c1000a8f176c29b1a5
                                                                                              • Instruction ID: 6128532e1d1e61e8c014755f4c029cce522e1795cadcaaa68f686eec434d6dad
                                                                                              • Opcode Fuzzy Hash: 8fba39f9c1a326033047c390cde2989806581a9d5ae1c2c1000a8f176c29b1a5
                                                                                              • Instruction Fuzzy Hash: E6113F36E012049FEB50CE7AD8803FDBBB1EB893A8F14A525E515532D0EB36A909CB51
                                                                                              Function 06FB9FD0 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • KiUserExceptionDispatcher.NTDLL ref: 06FB9FF8
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746545312.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_6fb0000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID: DispatcherExceptionUser
                                                                                              • String ID:
                                                                                              • API String ID: 6842923-0
                                                                                              • Opcode ID: 0f048c80fdb6aad646d6b9b88e9d3a2adecbcf364a08fcdd502f68a0ed97ff54
                                                                                              • Instruction ID: 54ab24c0df9215fa705d08d89d8a295abfb0cfe94877d830c9b6a0944139eaa9
                                                                                              • Opcode Fuzzy Hash: 0f048c80fdb6aad646d6b9b88e9d3a2adecbcf364a08fcdd502f68a0ed97ff54
                                                                                              • Instruction Fuzzy Hash: C2113B35D01345AFDB50CF3AC8443EDBBA2EF493A4F14A518D91563290EB31A809CB91
                                                                                              Function 04B81080 Relevance: 1.5, Strings: 1, Instructions: 212COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (bq
                                                                                              • API String ID: 0-149360118
                                                                                              • Opcode ID: 2f0853ea89ddcc7175ba098d72a4ebe8f8366b2ce55de7167426b6dd1de5799a
                                                                                              • Instruction ID: d1bc017fab89d182bd52c2f629ba2076f3843be70e3ba98dcaac603118d78a7f
                                                                                              • Opcode Fuzzy Hash: 2f0853ea89ddcc7175ba098d72a4ebe8f8366b2ce55de7167426b6dd1de5799a
                                                                                              • Instruction Fuzzy Hash: F371A235B012149FEB14ABB9C85466EBAE7EFC8300F158069E50AEB3A0DE74EC42D751
                                                                                              Function 04B86048 Relevance: 1.4, Strings: 1, Instructions: 188COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (bq
                                                                                              • API String ID: 0-149360118
                                                                                              • Opcode ID: e16a3cb435fb2fac2d0bd2ee2f27d33988491d5c28536f1fafe32e692fb38b08
                                                                                              • Instruction ID: 97ff254c10b1387085a3eee26d488db73f2fadb9d94023293704a82ecb3002ac
                                                                                              • Opcode Fuzzy Hash: e16a3cb435fb2fac2d0bd2ee2f27d33988491d5c28536f1fafe32e692fb38b08
                                                                                              • Instruction Fuzzy Hash: D4714D71A042189FEB04EBE8C4606AEBFB3EF89301F104469D6167B7A0DF356D459B92
                                                                                              Function 04B868E0 Relevance: 1.4, Strings: 1, Instructions: 186COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (bq
                                                                                              • API String ID: 0-149360118
                                                                                              • Opcode ID: 7808a9f98fc8aac6e168cd613b3ef47e0c7f73cac6bb0df7f2b4afd17b323123
                                                                                              • Instruction ID: df73190e79e18b954a471973b03fcb3bfb3a860e5e95e9bc5aab6cb528f6dd17
                                                                                              • Opcode Fuzzy Hash: 7808a9f98fc8aac6e168cd613b3ef47e0c7f73cac6bb0df7f2b4afd17b323123
                                                                                              • Instruction Fuzzy Hash: EF614D7AB002059FCB11DF69C88099ABBF6FF8D350B1484A9E619DB321DB31ED15DB90
                                                                                              Function 04B8E7D8 Relevance: 1.4, Strings: 1, Instructions: 181COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: L<p
                                                                                              • API String ID: 0-3975772089
                                                                                              • Opcode ID: 10f4d4c18dc93f1e90416b41f9e60bdcaa78316cb312cbe62cf235b6dfbecb88
                                                                                              • Instruction ID: 1c42d09095feb2d01aa12953220fc4250a2f15d43e3a5ecc1fa61b6dc8a75d6f
                                                                                              • Opcode Fuzzy Hash: 10f4d4c18dc93f1e90416b41f9e60bdcaa78316cb312cbe62cf235b6dfbecb88
                                                                                              • Instruction Fuzzy Hash: 3E616D307002099BDB14FF6AD59566EB7F6EF88644B24846DE406E7390DFB4EC01CBA1
                                                                                              Function 04B86C10 Relevance: 1.4, Strings: 1, Instructions: 150COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: |7p
                                                                                              • API String ID: 0-2673033477
                                                                                              • Opcode ID: 512817fb90de5a314c23f5f5c05d1d46ee96237163ca14dab467c52fadda490c
                                                                                              • Instruction ID: d847691369a81db9109a4d25e3b67f0151eb67daa99ce68579bd856cc8dab8fc
                                                                                              • Opcode Fuzzy Hash: 512817fb90de5a314c23f5f5c05d1d46ee96237163ca14dab467c52fadda490c
                                                                                              • Instruction Fuzzy Hash: F2518E70B002159FCB14DF69C485AAEBBF2FF88311B118569E909DB395DB30EC41CB91
                                                                                              Function 04B8C4D8 Relevance: 1.4, Strings: 1, Instructions: 140COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (bq
                                                                                              • API String ID: 0-149360118
                                                                                              • Opcode ID: 2eb59f0134e7d79037045d9a43cb2ae97c4cb920113d77b4e0ecaaa79c044ea3
                                                                                              • Instruction ID: f95044d0155d69f50c7a856a565f71a16e94ea6d8939bb68afcd1e1fffdc503d
                                                                                              • Opcode Fuzzy Hash: 2eb59f0134e7d79037045d9a43cb2ae97c4cb920113d77b4e0ecaaa79c044ea3
                                                                                              • Instruction Fuzzy Hash: 3351CF753007418FC725DB29D458A6ABBF2EFC5301B08CAADD54A8B665DE30FC02CBA1
                                                                                              Function 04B8E428 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (Acq
                                                                                              • API String ID: 0-1548273396
                                                                                              • Opcode ID: 5fc36a5ca88f36988ba008e07e30ea2fb3bba17aec27735acad80e93019c7995
                                                                                              • Instruction ID: 050dd231ea353ff334a59a6504a2b0e253779030898d89dc8702c27b6768681c
                                                                                              • Opcode Fuzzy Hash: 5fc36a5ca88f36988ba008e07e30ea2fb3bba17aec27735acad80e93019c7995
                                                                                              • Instruction Fuzzy Hash: 54411A70B102159BDB14EF69D855AAEBBA2FF88204B144569E806EB390EF74AC05CB91
                                                                                              Function 04B8E438 Relevance: 1.4, Strings: 1, Instructions: 125COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (Acq
                                                                                              • API String ID: 0-1548273396
                                                                                              • Opcode ID: 94bf86d2d5eef6706e3b41d9931ef31249e375db497ebe57cca12c2aacfa95ff
                                                                                              • Instruction ID: 32bb0c7c6efc2579a064914b7664f7b7e90d49832a31b0637dac9e2e7e37875d
                                                                                              • Opcode Fuzzy Hash: 94bf86d2d5eef6706e3b41d9931ef31249e375db497ebe57cca12c2aacfa95ff
                                                                                              • Instruction Fuzzy Hash: 2C411A70B10215DFDB14EF69D854AAEBBB6FF88604F144569E806EB390EF74AC01CB91
                                                                                              Function 04B8E7C7 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: L<p
                                                                                              • API String ID: 0-3975772089
                                                                                              • Opcode ID: 1927044b60d7651f8110faf83ff466314369f347ae93ae3d0fc4786069be1927
                                                                                              • Instruction ID: 4bac5bb031e3bf5eef8ed55227074be40dbc331cd4969824bbb5eaa77aa16a3f
                                                                                              • Opcode Fuzzy Hash: 1927044b60d7651f8110faf83ff466314369f347ae93ae3d0fc4786069be1927
                                                                                              • Instruction Fuzzy Hash: 0A418E31B002059BDB14EB7AD8556AEBBF6EFC9600B24842DE416E7380DF74AC05CBA1
                                                                                              Function 04B885B0 Relevance: 1.4, Strings: 1, Instructions: 118COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (bq
                                                                                              • API String ID: 0-149360118
                                                                                              • Opcode ID: 403883f3eb026e4ee8b03d948bf14f7740dd13980881763c28dd1aa7c40e22fb
                                                                                              • Instruction ID: 96476202a1f3ab176cae6d6e474cdf138493ae5b1db4914c8c48bf379d0dd298
                                                                                              • Opcode Fuzzy Hash: 403883f3eb026e4ee8b03d948bf14f7740dd13980881763c28dd1aa7c40e22fb
                                                                                              • Instruction Fuzzy Hash: 4D418B74A006098FDB14EF59C484A6ABBF2FFC9314B5589ADD41AAB750CB30F841CF94
                                                                                              Function 04B80C1C Relevance: 1.4, Strings: 1, Instructions: 102COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (bq
                                                                                              • API String ID: 0-149360118
                                                                                              • Opcode ID: 2691733e911958ff05cc4abccf0b74167b81177d0b6a6d19188783e51ee18b77
                                                                                              • Instruction ID: ebea6ebf7779c9ae0dbc271ff5f61ac93fb07e0152d056ef71b32d87a8fb3d25
                                                                                              • Opcode Fuzzy Hash: 2691733e911958ff05cc4abccf0b74167b81177d0b6a6d19188783e51ee18b77
                                                                                              • Instruction Fuzzy Hash: C431D520B0A2595FE715777D882037E7BA2DBC6304F1584EED506E7386CE746C06C7A1
                                                                                              Function 04B83719 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: LR^q
                                                                                              • API String ID: 0-2625958711
                                                                                              • Opcode ID: bccd53c466514747e283f5b3188d8c9f41f90ff96e50d92a4ca0f2753e34301c
                                                                                              • Instruction ID: 2c8d38b58deb6f01856f5932e95f7a4f9f80abf993b61d31e70aea9745c91646
                                                                                              • Opcode Fuzzy Hash: bccd53c466514747e283f5b3188d8c9f41f90ff96e50d92a4ca0f2753e34301c
                                                                                              • Instruction Fuzzy Hash: 1421B275B041055BEB18EE28D894B7F77EAEBC4A18F1054ADE806C7294EB3AEC01C755
                                                                                              Function 04B845C8 Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (bq
                                                                                              • API String ID: 0-149360118
                                                                                              • Opcode ID: db6fb01b3e76865253cbad5a42d173aab46c54b2aa0cccad1859d4bc7dea5e3f
                                                                                              • Instruction ID: 000848998eeae6c97e6e26c41fbd4b3f6f10a1c70855c4b1ab81fdcc0866362d
                                                                                              • Opcode Fuzzy Hash: db6fb01b3e76865253cbad5a42d173aab46c54b2aa0cccad1859d4bc7dea5e3f
                                                                                              • Instruction Fuzzy Hash: 4F21D0367042045FD714EB6DE44486E7BEBEFC921571544E9E60ACB351EE20EC42CB92
                                                                                              Function 04B8AAA7 Relevance: 1.3, Strings: 1, Instructions: 80COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: m
                                                                                              • API String ID: 0-3775001192
                                                                                              • Opcode ID: f3f81607596a3d8c737aac4ddb289e9c77e6f51d4644515587f67e0d9f2372f0
                                                                                              • Instruction ID: 262627a32a0924779fd92beb0bb47bdd52edb55c856b161042349f529ba32f8e
                                                                                              • Opcode Fuzzy Hash: f3f81607596a3d8c737aac4ddb289e9c77e6f51d4644515587f67e0d9f2372f0
                                                                                              • Instruction Fuzzy Hash: 9D218D74E053499FDB01EFA8D4509AEBFB2EF89300F0044DAD445AB351DB34AE45CB92
                                                                                              Function 04B8AF10 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: \;^q
                                                                                              • API String ID: 0-2342212615
                                                                                              • Opcode ID: 68a45950bc20160de6aba6bc4a72910bf5286783b911d785aa8338db91bad610
                                                                                              • Instruction ID: 6d4199297e4ad12c06976fd6f05b9357b825665de208813c264c03d6eec0cb2c
                                                                                              • Opcode Fuzzy Hash: 68a45950bc20160de6aba6bc4a72910bf5286783b911d785aa8338db91bad610
                                                                                              • Instruction Fuzzy Hash: 70119E723042054FAB149AAEA49495FF7DFEFC822531480BFE60DCBB45EE60FC0086A0
                                                                                              Function 04B85F38 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: LR^q
                                                                                              • API String ID: 0-2625958711
                                                                                              • Opcode ID: 10f98eeb71f1f4ceceb54eeb0c85d88f5361dbe203b323d4d325a23caa867769
                                                                                              • Instruction ID: d6dc0a171365593e1d4511b9df12020e60e4bc908a2f504f0ad95ba2d302e67d
                                                                                              • Opcode Fuzzy Hash: 10f98eeb71f1f4ceceb54eeb0c85d88f5361dbe203b323d4d325a23caa867769
                                                                                              • Instruction Fuzzy Hash: C3216D34B101099FDB18AF69D455AAEBBF6EF88614F11805DE912AB3A0DF706C01CF95
                                                                                              Function 04B85F48 Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: LR^q
                                                                                              • API String ID: 0-2625958711
                                                                                              • Opcode ID: 1b4dfa70b28dce31e0ded1e2ecab4cd96f79dcc1896ed0017155ce5f042065f3
                                                                                              • Instruction ID: 9bd97204da62e57f467fbb82a0e4353edcf9b1382d0553a6f712d31d1ad250f6
                                                                                              • Opcode Fuzzy Hash: 1b4dfa70b28dce31e0ded1e2ecab4cd96f79dcc1896ed0017155ce5f042065f3
                                                                                              • Instruction Fuzzy Hash: B1216234B10108DFDB18AB69C454AAEBBF6EF8C710F11805DE906EB390DEB16C01CB95
                                                                                              Function 04B83370 Relevance: 1.3, Strings: 1, Instructions: 61COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: fcq
                                                                                              • API String ID: 0-2768158334
                                                                                              • Opcode ID: de0defd79b191926e82c8253d2f20c92e20162d7e0b61c9d1359b192e0154c26
                                                                                              • Instruction ID: 74d3e9335655c4d5995ff8a53a7cbda9579ae772a73eaf934befb712bc7ec250
                                                                                              • Opcode Fuzzy Hash: de0defd79b191926e82c8253d2f20c92e20162d7e0b61c9d1359b192e0154c26
                                                                                              • Instruction Fuzzy Hash: 38117375B011156FDB04EFA594446BFBFA6F7CC600B11802AFA09D7344DE789D039BA5
                                                                                              Function 04B83380 Relevance: 1.3, Strings: 1, Instructions: 56COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: fcq
                                                                                              • API String ID: 0-2768158334
                                                                                              • Opcode ID: df58a4295218b92ec4d2a5ba15e5ff9b52a02c1d843257cdb42f3b13baea93f7
                                                                                              • Instruction ID: 00464372f3f8dde72613970dcb9a79fa52cf62591eee71684b449d5d0cf29dbc
                                                                                              • Opcode Fuzzy Hash: df58a4295218b92ec4d2a5ba15e5ff9b52a02c1d843257cdb42f3b13baea93f7
                                                                                              • Instruction Fuzzy Hash: 7F115275B002196FDB05EFA5984597FBFA6FBCC600B00802AFA09D7340DE755D129BA5
                                                                                              Function 04B857B8 Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (bq
                                                                                              • API String ID: 0-149360118
                                                                                              • Opcode ID: db5f6613887c90ce080a87762f53fb1b2d6ec75ca9ef278e4e8217c71d6cac62
                                                                                              • Instruction ID: 1265be5b2617744c5f6ba6d84f74dc0c620fbd0fa98bb5254e74ffc5417d5b74
                                                                                              • Opcode Fuzzy Hash: db5f6613887c90ce080a87762f53fb1b2d6ec75ca9ef278e4e8217c71d6cac62
                                                                                              • Instruction Fuzzy Hash: 3601F2243083415FD715EB3DD85052E3BE7DFCA62132849AED14ACB791EE25EC02C366
                                                                                              Function 04B8EA75 Relevance: 1.3, Strings: 1, Instructions: 38COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: T;p
                                                                                              • API String ID: 0-2975607647
                                                                                              • Opcode ID: fd111c04b65b5a327696d3d5245778746516cff1a2942ff53858e5a1d313dbaa
                                                                                              • Instruction ID: 0a4de9feb51850c4bef592b82a84e760f8e14c05c169f65deed94134e46cc15b
                                                                                              • Opcode Fuzzy Hash: fd111c04b65b5a327696d3d5245778746516cff1a2942ff53858e5a1d313dbaa
                                                                                              • Instruction Fuzzy Hash: F1F0E2353043041FD7042A2ED441A6EB7EBEFC9928B65006EF94AC7362DE65AC028766
                                                                                              Function 04B899A8 Relevance: .3, Instructions: 298COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0b664b26fb54e03dd2176c5b7e3aeb097334d3692ddb65328ebd84c3a56ae93a
                                                                                              • Instruction ID: ecf80d27655ba5b40ff7ed7e6cb50e5b4bc892acfbf0aa138bef9a57d0c65201
                                                                                              • Opcode Fuzzy Hash: 0b664b26fb54e03dd2176c5b7e3aeb097334d3692ddb65328ebd84c3a56ae93a
                                                                                              • Instruction Fuzzy Hash: 8DD11B74A003598FDF15DFA9C884AADBBF2FF89300F158199E809AB255DB70ED45CB50
                                                                                              Function 04B8BE40 Relevance: .3, Instructions: 273COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 11d8d1d4e2dcb157c287cf0b4ff34a41ce74830baa37957f6ac7f7f46fd8c877
                                                                                              • Instruction ID: 73f20f722b77bc7f5707b4a83e38dd536ddef9d3fae0ec21c5c09a5514298f64
                                                                                              • Opcode Fuzzy Hash: 11d8d1d4e2dcb157c287cf0b4ff34a41ce74830baa37957f6ac7f7f46fd8c877
                                                                                              • Instruction Fuzzy Hash: C5B18F747006058FDB15EF39D59496ABBF2FF88305B04896DEA0A8B365DB30EC46CB52
                                                                                              Function 04B8BE33 Relevance: .2, Instructions: 192COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 593849d502dcc6e8a3578257222ebacd551951850b7b7f12665701d9618d245b
                                                                                              • Instruction ID: b99ca697e30bca3d73707e7a97899097f4489792af3022860b71222055126981
                                                                                              • Opcode Fuzzy Hash: 593849d502dcc6e8a3578257222ebacd551951850b7b7f12665701d9618d245b
                                                                                              • Instruction Fuzzy Hash: F2718E747007058FCB05EF39D49496AFBF2FF89200B048AA9E90A8B355DB70ED46CB91
                                                                                              Function 04B8ABA0 Relevance: .2, Instructions: 186COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 94f95fe577091a7171bc490d6f8d468ec5e2700b06a7de5967e36d73bf8a6f38
                                                                                              • Instruction ID: fed7bd585d9482508d51616d888c884fe86d31d39b4147fb1928a0c3a785dd7c
                                                                                              • Opcode Fuzzy Hash: 94f95fe577091a7171bc490d6f8d468ec5e2700b06a7de5967e36d73bf8a6f38
                                                                                              • Instruction Fuzzy Hash: 875105747005018FDB48AF2AD89892A77E6AFDD71272980EEE506CB375EE70EC41DB50
                                                                                              Function 04B85482 Relevance: .1, Instructions: 142COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f1f8bbf3d5f71e9c80b2a5d97d128e0c095651281e6ad4e0b17b45151b50c95f
                                                                                              • Instruction ID: cd8b07dca5da07f2bc993aa53452cee8cf5dd0b47ae2948af79a15671236bc80
                                                                                              • Opcode Fuzzy Hash: f1f8bbf3d5f71e9c80b2a5d97d128e0c095651281e6ad4e0b17b45151b50c95f
                                                                                              • Instruction Fuzzy Hash: 81510D74A10219AFDB04EBA8D8546BEBBB3FF89301F114418EA16A7390CF352D45DB62
                                                                                              Function 04B834A8 Relevance: .1, Instructions: 140COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f3eeab3fbc84f24394ba761522a2f885e954ecdb656a39bbf392029604022d89
                                                                                              • Instruction ID: cbf848ef0dae1cc6a56de4d5aa5124320d44b81c69926e44aecd9be5f10d7f9a
                                                                                              • Opcode Fuzzy Hash: f3eeab3fbc84f24394ba761522a2f885e954ecdb656a39bbf392029604022d89
                                                                                              • Instruction Fuzzy Hash: A951A6743012169FC705EB68D45056DBBE3EBC8605B118B29E909DB344EF71BD4B87D1
                                                                                              Function 04B8B4F7 Relevance: .1, Instructions: 138COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7b263ca2c4e379a409aeac37f2e183d34bcaa00d1d4e723d2eb87dd82f4621ce
                                                                                              • Instruction ID: aefbd0ac11cf242a2e0c4d0a390c4dce5e7e20fa79b42629548f21dca93160bc
                                                                                              • Opcode Fuzzy Hash: 7b263ca2c4e379a409aeac37f2e183d34bcaa00d1d4e723d2eb87dd82f4621ce
                                                                                              • Instruction Fuzzy Hash: 1941C27590E3A15FD703AB389C605E67FB5DF43205B0940D7E480CF1A3DA28AD49C7A6
                                                                                              Function 04B834B8 Relevance: .1, Instructions: 137COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 595b48c42120c7249bd43764cb8396a384e1f7b0e08bcac10a6204f5b896836e
                                                                                              • Instruction ID: 0eba4090f0c48edef66a34feb3f5786aebf135bfcecca3c62fbcdd4e548cacb7
                                                                                              • Opcode Fuzzy Hash: 595b48c42120c7249bd43764cb8396a384e1f7b0e08bcac10a6204f5b896836e
                                                                                              • Instruction Fuzzy Hash: 8F5183743012169FCB05EB6CD59056DBBE3EBC8605B108B29E80ADB344EF71BD4A87D1
                                                                                              Function 04B85490 Relevance: .1, Instructions: 136COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7cb74c2df62cc133f74ea64deb07529cdec0f0580e88e2fd35e73ec9a744877c
                                                                                              • Instruction ID: b1241a3cdbe50f147a8c4e28da5ce11261a779090457eea98e8619235ff3efd5
                                                                                              • Opcode Fuzzy Hash: 7cb74c2df62cc133f74ea64deb07529cdec0f0580e88e2fd35e73ec9a744877c
                                                                                              • Instruction Fuzzy Hash: C051FA74A10219AFDB04EBE8D8546BEBBB3FF89301F114418EA16A7390CF352D45DB62
                                                                                              Function 04B81A48 Relevance: .1, Instructions: 133COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 59e1b6024245784e0fef96647b37c5a4029e0d04c839898ca00f164dcf0f17a9
                                                                                              • Instruction ID: 811d5151583da1435af4aaa801cbf86f17a44feebd3c172d61a19c1709e00f3a
                                                                                              • Opcode Fuzzy Hash: 59e1b6024245784e0fef96647b37c5a4029e0d04c839898ca00f164dcf0f17a9
                                                                                              • Instruction Fuzzy Hash: 9B314A3B7065557FC329AB7DA42566A7B57EBD2304B0981ABC6149F342D934BC03C3E1
                                                                                              Function 04B8C9A8 Relevance: .1, Instructions: 118COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9e14a9e72b135e46299b6a12b94e2e28537216150d2737df4ab3608f37b25f8f
                                                                                              • Instruction ID: 9d18724ed3c5c48970a78768bd2bad05de61fd44d5294615e65c3d3e126d5007
                                                                                              • Opcode Fuzzy Hash: 9e14a9e72b135e46299b6a12b94e2e28537216150d2737df4ab3608f37b25f8f
                                                                                              • Instruction Fuzzy Hash: C631C29681E3E12FD713AB3858740EA7FB59E63615B0A45C7D0D0CE0A3D5285A0EC3BB
                                                                                              Function 04B8E1E0 Relevance: .1, Instructions: 110COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 61fd9ff6b5221da47acd092b226a20e209bb04fdcf48a63f4dafdd4c853e82fd
                                                                                              • Instruction ID: 91900ae0fc00059020ee91b83c9ed5988857edb548ae688eea4c4af632cb544d
                                                                                              • Opcode Fuzzy Hash: 61fd9ff6b5221da47acd092b226a20e209bb04fdcf48a63f4dafdd4c853e82fd
                                                                                              • Instruction Fuzzy Hash: E8413775E012099FCB15DFA9D88499EBBB2FF89300F248169E805EB364DB70ED46CB50
                                                                                              Function 04B8F69B Relevance: .1, Instructions: 107COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 148dd31d5b91f026bf678ced5867c39baebf3495f2a59af1380c26153510dc47
                                                                                              • Instruction ID: 8907004bcee3cc4981ce11b9ea0ba139e2364b158f8ea969769127f5460d84f9
                                                                                              • Opcode Fuzzy Hash: 148dd31d5b91f026bf678ced5867c39baebf3495f2a59af1380c26153510dc47
                                                                                              • Instruction Fuzzy Hash: 4C41CF307002698FCB15EF38C88897EBBFAEFC9201B04459DE246C7265DA70AD05CBA1
                                                                                              Function 04B82268 Relevance: .1, Instructions: 106COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 30df687f57873123c4d8b5ecc757affe9969435f76eb3e6b8ca73f8cb334a8da
                                                                                              • Instruction ID: 8e3a753c259d19bb5dfc4827f34ce4cd834da35295c06ad30eb3303bd3ebc7e9
                                                                                              • Opcode Fuzzy Hash: 30df687f57873123c4d8b5ecc757affe9969435f76eb3e6b8ca73f8cb334a8da
                                                                                              • Instruction Fuzzy Hash: 57411D35B001149FCB54EF68D98099DBBB2FF8C714B1081AAE905EB360DB31ED41CB94
                                                                                              Function 04B8F6A8 Relevance: .1, Instructions: 103COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c3043caac1f43ec41f0ca91bba275d711dbb7761455c2b6a982061ecdf29285f
                                                                                              • Instruction ID: 2cffb207abbce9b94b9dff1aa0f1d6b4e3e6cbf0d7ead6dad89938b50353335f
                                                                                              • Opcode Fuzzy Hash: c3043caac1f43ec41f0ca91bba275d711dbb7761455c2b6a982061ecdf29285f
                                                                                              • Instruction Fuzzy Hash: 6541BF707002658FCB15DB29C88897EBBF7EF99301B04459DE64AC7365DA70EC45CB51
                                                                                              Function 04B8B080 Relevance: .1, Instructions: 103COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: eecc646e5b241a8402f344907a111d370a94f409274a35819518b43ec60b2e7c
                                                                                              • Instruction ID: 4373994e918fb5e843148d7e83e4be93db5a9654fc56fdff7c4c32c98da77b9f
                                                                                              • Opcode Fuzzy Hash: eecc646e5b241a8402f344907a111d370a94f409274a35819518b43ec60b2e7c
                                                                                              • Instruction Fuzzy Hash: 5531BE35B051069FDB10EE69D880AAEF7AAEF84314B08C1AAE518CB715DB70FC11CB90
                                                                                              Function 04B8105A Relevance: .1, Instructions: 91COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: fc3742d031508a9c2bcf9b8d019546d892db068ed195fb0eb1230228ce4b119e
                                                                                              • Instruction ID: baaab467c1e560c8a1bfb99747da9bb974e9a9c6f5a3c8948ceef2091bc6749f
                                                                                              • Opcode Fuzzy Hash: fc3742d031508a9c2bcf9b8d019546d892db068ed195fb0eb1230228ce4b119e
                                                                                              • Instruction Fuzzy Hash: DC214C72B062609FEB11AA7D98503EE7FA9DBC5240F0540EBC546DB341E924ED07C7A1
                                                                                              Function 04B828F8 Relevance: .1, Instructions: 86COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 630fec41f904f370571b76bb3160757b5fa147b8993172b02979035137464398
                                                                                              • Instruction ID: 7f84d29a5a56fb5b29c970511d4b42e57c860b1511f500a7976e33c7f462b4b4
                                                                                              • Opcode Fuzzy Hash: 630fec41f904f370571b76bb3160757b5fa147b8993172b02979035137464398
                                                                                              • Instruction Fuzzy Hash: 5B214F6590E3A16FD7039B38AC616DA7FB1DF93104B0A05E7D0C4DB1A3E9245E09C3A6
                                                                                              Function 04B8310C Relevance: .1, Instructions: 84COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1c66071a1c435ae5adb6e9ccd003459d9b5cce2602a5762427d7317c5cdb4461
                                                                                              • Instruction ID: 9af5745ad73b1a90f8172ad04868ab540e2fda6435961c51ce913d996f762ccb
                                                                                              • Opcode Fuzzy Hash: 1c66071a1c435ae5adb6e9ccd003459d9b5cce2602a5762427d7317c5cdb4461
                                                                                              • Instruction Fuzzy Hash: 5B216B316462187FD70136A8A4203FA3F89DF91720F0190EAEE485B251D93AD852D3A0
                                                                                              Function 04B8C558 Relevance: .1, Instructions: 83COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9143024db353831044b22cfdd2c4ecbae86f28f65ffa48c3e5c593c9e3fddece
                                                                                              • Instruction ID: b10033645f8383f247baec9cbf1ddeea687d994c763ccb19a8fd33e7cf905de8
                                                                                              • Opcode Fuzzy Hash: 9143024db353831044b22cfdd2c4ecbae86f28f65ffa48c3e5c593c9e3fddece
                                                                                              • Instruction Fuzzy Hash: 43319C752007018FC725DF24D488926FBF2EF89311B08CAADE54A8B766DA30FC46CB91
                                                                                              Function 04B8B598 Relevance: .1, Instructions: 75COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 51ffd933dbceb06e2348a239b9f64a074d9d13709790bdf62661b0a79dcd3f40
                                                                                              • Instruction ID: 59caf5ce01e1250a112247c74ae8e725b9027acda339b6e7830c1321b84f7758
                                                                                              • Opcode Fuzzy Hash: 51ffd933dbceb06e2348a239b9f64a074d9d13709790bdf62661b0a79dcd3f40
                                                                                              • Instruction Fuzzy Hash: 4921D734B00219CFDB14EF75D845A6ABBA6FB88711F0084B9FA158B240EF71F846CB91
                                                                                              Function 048ED6A4 Relevance: .1, Instructions: 75COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.1747531691.00000000048ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 048ED000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_48ed000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 574894a8fd1c3f3464099a9a76b0db2ac594abbde7615c5719396e2667aebdaa
                                                                                              • Instruction ID: ab5d841a15016509bd7451c6a629975501e90833c07acfbadad6b762c25f1939
                                                                                              • Opcode Fuzzy Hash: 574894a8fd1c3f3464099a9a76b0db2ac594abbde7615c5719396e2667aebdaa
                                                                                              • Instruction Fuzzy Hash: 8E2145B5604245DFCB01DF14D9C0B36BFE1FB94324F20CA69E8098B256C336E41ACBA1
                                                                                              Function 04B8B930 Relevance: .1, Instructions: 72COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c91fce046019a9bf35cab56e818850e88a188eed5f61b9a639b4e633f8a03ec8
                                                                                              • Instruction ID: 5e98ba67e5e8fa7281b4e4fba4f50636279a07aeb7026dbfb295891cff1e5877
                                                                                              • Opcode Fuzzy Hash: c91fce046019a9bf35cab56e818850e88a188eed5f61b9a639b4e633f8a03ec8
                                                                                              • Instruction Fuzzy Hash: 7F1160727192014FAB14DA2ED890A2FF7DAEFD9260714807EA949CB746EE71FC01C390
                                                                                              Function 04B81BB0 Relevance: .1, Instructions: 71COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5b3d3261da2acbbdb1901b82004f192503d16549de5c19174e75bac6d4e2fe67
                                                                                              • Instruction ID: 74e3ae6bd1db834454b9cb8314e0e2b7951b58bb91b1c0f76ba64bf527ed749a
                                                                                              • Opcode Fuzzy Hash: 5b3d3261da2acbbdb1901b82004f192503d16549de5c19174e75bac6d4e2fe67
                                                                                              • Instruction Fuzzy Hash: 4D114C297053902FE7166A79485076A6F59EFE2250F0980EAD9458F343DE24EC07C3B1
                                                                                              Function 04B80F30 Relevance: .1, Instructions: 65COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 84a0bca77dbb5261dd87b4770dca8792792edd17b17d93a6bf834cb7ddb79ac5
                                                                                              • Instruction ID: a81e9fc4068de46ef996114ae14c9f5deea1b93337640d786b39575284dcdc82
                                                                                              • Opcode Fuzzy Hash: 84a0bca77dbb5261dd87b4770dca8792792edd17b17d93a6bf834cb7ddb79ac5
                                                                                              • Instruction Fuzzy Hash: 8F11E16130E6885FE7066678582136D7F759FA2214B1A88DAD449DF383C809EC47C7A2
                                                                                              Function 04B80F20 Relevance: .1, Instructions: 64COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2650f0e9ce620588f5165a9bc4c8e176325321e11fad18fc30f1daeb3a281ad7
                                                                                              • Instruction ID: fe9b74ebd5bcbd9335edd4b3e5ad7fb2053a4a3ece2d1748701c0ea2b20f72da
                                                                                              • Opcode Fuzzy Hash: 2650f0e9ce620588f5165a9bc4c8e176325321e11fad18fc30f1daeb3a281ad7
                                                                                              • Instruction Fuzzy Hash: CA018E2670A35017D725767D185072B7F99DFD5660F0584EED909CB302DD28EC02C2F1
                                                                                              Function 04B83A29 Relevance: .1, Instructions: 64COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 76b38194060725ae46a18c4d753bb207f7a96df11d75579cd96dead73d5e474c
                                                                                              • Instruction ID: 2841f3ec3824cd61770a700b5c0c68cbcedd702a1d6adcfea96701f66ef88c46
                                                                                              • Opcode Fuzzy Hash: 76b38194060725ae46a18c4d753bb207f7a96df11d75579cd96dead73d5e474c
                                                                                              • Instruction Fuzzy Hash: D3218474A01505ABDB14EF68D450A9E7BF6FFCC314F108019D509A7390DE75AC46CB90
                                                                                              Function 04B82258 Relevance: .1, Instructions: 63COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9cb3c0acab2940bf076adf9a457dcc2fd1da04deaecf5776583cefe9769cbb6e
                                                                                              • Instruction ID: d72f749ececf5d7dc8d519e903a4451a90d4285dce79382d6d41cc27062c61ee
                                                                                              • Opcode Fuzzy Hash: 9cb3c0acab2940bf076adf9a457dcc2fd1da04deaecf5776583cefe9769cbb6e
                                                                                              • Instruction Fuzzy Hash: 4C212C75E102189FCB44EF69D88099EBBF1FF8C714B10816AE815EB360DB31A842CF94
                                                                                              Function 04B8A219 Relevance: .1, Instructions: 62COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7cae6a10b6e24ec7a25d678cc614a059717dfec804d5691ba1a545706f82c638
                                                                                              • Instruction ID: 5e6e71c9709ac9ebc1629e842be8b9af7fe40650a183b11c6c176a08bdce2855
                                                                                              • Opcode Fuzzy Hash: 7cae6a10b6e24ec7a25d678cc614a059717dfec804d5691ba1a545706f82c638
                                                                                              • Instruction Fuzzy Hash: D9113D70B002099BDB14DF95C594BDEBBF6EB8C710F24805AE905AB341DB71ED46CBA0
                                                                                              Function 04B856C2 Relevance: .1, Instructions: 62COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a37280864e59c60e081c6bf89a50bee43d77a2c55495930406e1f4e2efa4decd
                                                                                              • Instruction ID: 4a8b6f2372972b2cacf162fe9a78536e304c3e498a6e7e932533167825ec9a42
                                                                                              • Opcode Fuzzy Hash: a37280864e59c60e081c6bf89a50bee43d77a2c55495930406e1f4e2efa4decd
                                                                                              • Instruction Fuzzy Hash: 70110471600318BFD700EBA9E8446AE7BE6EFC5315F410928F60A97250DFB17C458BA2
                                                                                              Function 04B830FC Relevance: .1, Instructions: 62COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4f2b78b5e5ed7b4dace43b249f3290478b71a6b9e96dcfef684e59815b71eef3
                                                                                              • Instruction ID: 1b818f565bd77302d69c58461602960e1b830f9d09df5e1376a19a6804334b3d
                                                                                              • Opcode Fuzzy Hash: 4f2b78b5e5ed7b4dace43b249f3290478b71a6b9e96dcfef684e59815b71eef3
                                                                                              • Instruction Fuzzy Hash: AF11E521B096582BFB283674582036E2FCACB92F04F0554EECE46DB682D995EC019392
                                                                                              Function 04B83A38 Relevance: .1, Instructions: 59COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3fea56186505cd809861d7e4708cb7feeb6a74513783c2f8c794d69ebd05d0c4
                                                                                              • Instruction ID: 942f33fea3d2e6c20fb66e680734207ef342b2bb15118675d63793f410baaff4
                                                                                              • Opcode Fuzzy Hash: 3fea56186505cd809861d7e4708cb7feeb6a74513783c2f8c794d69ebd05d0c4
                                                                                              • Instruction Fuzzy Hash: 8C114238A01605AFDB14EF69D850AAE7BF6EFCC314F148069D505A7390DF75AC46CBA0
                                                                                              Function 04B8AAE0 Relevance: .1, Instructions: 56COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7ae76ae03c732749266b232238141dee3146940a05372f3c9412e20977f6f932
                                                                                              • Instruction ID: d034ad3eb75b81fa3b0d4441a717a0fc8f5a924eae1cb1358a774fca25cd9b01
                                                                                              • Opcode Fuzzy Hash: 7ae76ae03c732749266b232238141dee3146940a05372f3c9412e20977f6f932
                                                                                              • Instruction Fuzzy Hash: F021E774E00209DFDB04EFA8D490AAEBBF2EF8D314F504599D405AB350DB30AE85CB91
                                                                                              Function 048ED69F Relevance: .1, Instructions: 56COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.1747531691.00000000048ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 048ED000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_48ed000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4905c3173599c275da52c7e066c0eaffa1fde9e6c4850b810a45a1f2b485225a
                                                                                              • Instruction ID: 3afb8eef410e217d6f873431e38c7dced843af210cce96b0397752c16e2b006b
                                                                                              • Opcode Fuzzy Hash: 4905c3173599c275da52c7e066c0eaffa1fde9e6c4850b810a45a1f2b485225a
                                                                                              • Instruction Fuzzy Hash: F911E676504281CFCB16CF10D9C4B26BFB2FB84324F24C6A9DD494B656C336E45ACBA2
                                                                                              Function 04B81378 Relevance: .1, Instructions: 55COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4bf45cd04ed27b5784fd7c9776524f6d030fe6b44147325d1fc39e4cef8c6882
                                                                                              • Instruction ID: 63f83debef374a50b4f10b91b6aeada70d021722be7f79061713c142c6d54686
                                                                                              • Opcode Fuzzy Hash: 4bf45cd04ed27b5784fd7c9776524f6d030fe6b44147325d1fc39e4cef8c6882
                                                                                              • Instruction Fuzzy Hash: AD2102B09002098FDB10DFAAC484ADEFBF0FF88324F10842AD569A7240C775A946CFA1
                                                                                              Function 04B81958 Relevance: .1, Instructions: 55COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6640b0ae33832079a3a36bc5150e7728b242d0fd822df5084a1da8336775ce73
                                                                                              • Instruction ID: 03cc86237cd0e05fb0977f6133396eb395e247a9b702ae4cd4b5e1d084cb02f9
                                                                                              • Opcode Fuzzy Hash: 6640b0ae33832079a3a36bc5150e7728b242d0fd822df5084a1da8336775ce73
                                                                                              • Instruction Fuzzy Hash: 79115479600115AFDB14DFA8D4559A9BBB2FFCC310F14401AD509A7384CB756C46CBA4
                                                                                              Function 04B82998 Relevance: .1, Instructions: 53COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 635e5b32443277f2ae34d666c9b1cb2e31cc911c3561e126d1d5afb8452cd8ac
                                                                                              • Instruction ID: 1eff64fd169a50604fd9e70457839042071e0d6e034e990935c90f1753346d71
                                                                                              • Opcode Fuzzy Hash: 635e5b32443277f2ae34d666c9b1cb2e31cc911c3561e126d1d5afb8452cd8ac
                                                                                              • Instruction Fuzzy Hash: 7901C07150A350AFD702DB60E8117D93FB0EBA6104B0645E7E485EF292E9206E06C791
                                                                                              Function 04B81380 Relevance: .1, Instructions: 53COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2a10d5f577d1be6b5cc1497248742383cc6b610d2793583abdfaef31aa409f63
                                                                                              • Instruction ID: 385addefbb86f9a321b02e72ffabead10814f427425c00032d264489bf0e24b0
                                                                                              • Opcode Fuzzy Hash: 2a10d5f577d1be6b5cc1497248742383cc6b610d2793583abdfaef31aa409f63
                                                                                              • Instruction Fuzzy Hash: 801113B09002098EDB10DFAAC480A9EFBF4FB88320F10841AD41967240C775A945CFA5
                                                                                              Function 04B80F40 Relevance: .1, Instructions: 51COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: fc4d9565ef3b2d94dcc9d9c4d845c8009bfc0eca4e3143a84358e758b0be597a
                                                                                              • Instruction ID: 51524a09eda7f22bd70cb70fb6516e68bede05baa8c19b1f99b1bf4ee413cfd2
                                                                                              • Opcode Fuzzy Hash: fc4d9565ef3b2d94dcc9d9c4d845c8009bfc0eca4e3143a84358e758b0be597a
                                                                                              • Instruction Fuzzy Hash: 6B01F234245348AFE315B768D855B3A7BA0EB81704F554CDEE689DF6C2C925FC42C712
                                                                                              Function 04B81968 Relevance: .1, Instructions: 51COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 775d604ffad1dae59b9105cceeb63f90603d2c8ce573508989d458beaa83abde
                                                                                              • Instruction ID: 176418a21510811a860a170d3368db06c5e5b2d62d910af4f1508a115547ac0b
                                                                                              • Opcode Fuzzy Hash: 775d604ffad1dae59b9105cceeb63f90603d2c8ce573508989d458beaa83abde
                                                                                              • Instruction Fuzzy Hash: AA114279600615BFD724DF68D454AA97BB6FFCC320F14401AE60AA7384DF796C45CBA0
                                                                                              Function 04B81440 Relevance: .0, Instructions: 46COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9872e8d16efc67af9ca738e30041339bd017cfeabe64aa620636068825b89644
                                                                                              • Instruction ID: ee7c7aba3a127544ee0ad1868bd475dfdb521bdfbc35a0c7c8b0c40e13240518
                                                                                              • Opcode Fuzzy Hash: 9872e8d16efc67af9ca738e30041339bd017cfeabe64aa620636068825b89644
                                                                                              • Instruction Fuzzy Hash: 4601B178A0A3061FCB19AF7D54352257FE9EFC160070908AEC649CB251E924EC06C7D2
                                                                                              Function 04B8B070 Relevance: .0, Instructions: 46COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4184e4b15fd8c597e23c8badba852ef2b60fe1fa588f7f3d3790ee7071a71667
                                                                                              • Instruction ID: 09c1494c7c5aee41cdb2b290076c807b74c567427522796ce361dd1914f1acec
                                                                                              • Opcode Fuzzy Hash: 4184e4b15fd8c597e23c8badba852ef2b60fe1fa588f7f3d3790ee7071a71667
                                                                                              • Instruction Fuzzy Hash: F701F4757042029BCB14DA7AD880A5FFBAAEFC8214B04C179E61CC7344EF31F806C6A1
                                                                                              Function 04B8182A Relevance: .0, Instructions: 46COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0373c3cf0575d16b8628ebe139986f9d970a141027d871b6df19bdcf0b626aef
                                                                                              • Instruction ID: 83023148552c83ff97d423d7b5dee68d42018c601bbd89d91877e40674166e82
                                                                                              • Opcode Fuzzy Hash: 0373c3cf0575d16b8628ebe139986f9d970a141027d871b6df19bdcf0b626aef
                                                                                              • Instruction Fuzzy Hash: 7501AD31A001199BEB18BA6DC4657EF7AEA9BC8718F1544AED002B7380CE716C06CBE1
                                                                                              Function 04B8B920 Relevance: .0, Instructions: 46COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b5ce61a4425009acf05f6af9a5babb678c43bb8dec34fa0ff6c4bcb7d98ea2e3
                                                                                              • Instruction ID: bf58cd40b6888bcd0d022f791326262d43164323273ca0967ff3fe2298e121ce
                                                                                              • Opcode Fuzzy Hash: b5ce61a4425009acf05f6af9a5babb678c43bb8dec34fa0ff6c4bcb7d98ea2e3
                                                                                              • Instruction Fuzzy Hash: 720186717092015FE714DA2DD890B6BBBDDDF99360B1580BDA909CB741EA71FC00C7A0
                                                                                              Function 04B8CB90 Relevance: .0, Instructions: 45COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1f6bd5f6c4fbab3b71c0a16313069660d367bf30a4c6f3ef9f8cac22116fe994
                                                                                              • Instruction ID: a5bdd42909e0e40c9ccf95fa1b5cf0bed3e351735a454493bdb48b3f01a0186a
                                                                                              • Opcode Fuzzy Hash: 1f6bd5f6c4fbab3b71c0a16313069660d367bf30a4c6f3ef9f8cac22116fe994
                                                                                              • Instruction Fuzzy Hash: 7AF06D763095185FA704AA6EBC84A2EBBBAEBC4A69314017FE509C3290DB75DC01C6A0
                                                                                              Function 048ED01D Relevance: .0, Instructions: 45COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.1747531691.00000000048ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 048ED000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_48ed000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 50f8f94c9934efaf111b40bdde79f6f69b83a038f3b5aaa3bae7adfd48f5e348
                                                                                              • Instruction ID: 468493538b8c4fd332ecbd6e84fba5256468f7edd0390d3e20154561b4790de1
                                                                                              • Opcode Fuzzy Hash: 50f8f94c9934efaf111b40bdde79f6f69b83a038f3b5aaa3bae7adfd48f5e348
                                                                                              • Instruction Fuzzy Hash: E501FC711043459DD710AE16DC84776BFD8DF52325F0CCA19EC198B182D275A849C7B1
                                                                                              Function 048ED006 Relevance: .0, Instructions: 44COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.1747531691.00000000048ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 048ED000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_48ed000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3a7e53091bc33c3238edadb79e63512b2855182484bfb9666102ffbd0fb96d1f
                                                                                              • Instruction ID: ed435b28d8f35f342efad0eac77676fcdc6cff7031d47af0cace7b4cb035d00e
                                                                                              • Opcode Fuzzy Hash: 3a7e53091bc33c3238edadb79e63512b2855182484bfb9666102ffbd0fb96d1f
                                                                                              • Instruction Fuzzy Hash: E0014C6100E3C09ED7128B259C94B62BFB4DF53224F1DC5CBE8888F1A7C2695848C7B2
                                                                                              Function 04B84F3E Relevance: .0, Instructions: 42COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e35f506cc097f2c378a5e76f0f8dcdf30f74e474a29345644753d028ac8b731b
                                                                                              • Instruction ID: c7de2e876b063274f587a3f75ba87daeed20fa906921e9405ed5bd787d69e921
                                                                                              • Opcode Fuzzy Hash: e35f506cc097f2c378a5e76f0f8dcdf30f74e474a29345644753d028ac8b731b
                                                                                              • Instruction Fuzzy Hash: 4F011E71700215CFCB01DF6CD88099ABBE1FF95319B148AA9E4188F21AEB71ED56CBD1
                                                                                              Function 04B86769 Relevance: .0, Instructions: 41COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6b6d22a663aa2647ec956d0cb418eb282ee2295797d1f2eeff97cd8bd8b1a29d
                                                                                              • Instruction ID: bcb3d83993516c16675d2493ddf330d5d89a4f32108b2bcc11cc174307904354
                                                                                              • Opcode Fuzzy Hash: 6b6d22a663aa2647ec956d0cb418eb282ee2295797d1f2eeff97cd8bd8b1a29d
                                                                                              • Instruction Fuzzy Hash: 7D018F3AB01605DBDB10DB64C68065DF7E6FB88325B508679C81A9B244E731EC46CBC1
                                                                                              Function 04B8E3EB Relevance: .0, Instructions: 41COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0180270f01e7612a11d63e8ffeb0b3aa5f2ac21ba502cbaeaa3ae22e8b470872
                                                                                              • Instruction ID: d66182d3f65359be634440bcfac4a74a83b458c926445b5b09014e6be0cb4048
                                                                                              • Opcode Fuzzy Hash: 0180270f01e7612a11d63e8ffeb0b3aa5f2ac21ba502cbaeaa3ae22e8b470872
                                                                                              • Instruction Fuzzy Hash: 7301D6727102108BD701BA99985137D7B62EBC8211F14855EE6069B344DFB1BC068BC4
                                                                                              Function 04B867E2 Relevance: .0, Instructions: 40COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d901afc4a890451d7150c7df76b647d6db7d9aa1c695a6878b5500ef5b128a54
                                                                                              • Instruction ID: f687b3a7d0f020e91fe52f744fe55a3dec3e4f0f400e145f3ce134a7add0429d
                                                                                              • Opcode Fuzzy Hash: d901afc4a890451d7150c7df76b647d6db7d9aa1c695a6878b5500ef5b128a54
                                                                                              • Instruction Fuzzy Hash: AB017170E00209FFCB48FFA8D4416ADBBF5EF88205F0186A8D915EB240EE706E058B41
                                                                                              Function 04B8E36A Relevance: .0, Instructions: 40COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0291fbde0743ad5774b546cd88575c83da5571ef1db4d1507355fa16e2e25916
                                                                                              • Instruction ID: c88e2cc2814a3ba317f90476ab1940e7c3507498140fb5343662dd469bbc6852
                                                                                              • Opcode Fuzzy Hash: 0291fbde0743ad5774b546cd88575c83da5571ef1db4d1507355fa16e2e25916
                                                                                              • Instruction Fuzzy Hash: BAF028327003104BD701B698981137D3B63FBC8651F15899EEA069B340DFB0BC02CBD4
                                                                                              Function 04B8CB7F Relevance: .0, Instructions: 40COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9a21945ee2e444095f7d699b8cdccc3278fe76478896a693148aab1f162cb271
                                                                                              • Instruction ID: 8de1e7cd18f4cb0ef4d75aa1e132cd23cc44a4d9124ff32dadf94031c6a2f1b1
                                                                                              • Opcode Fuzzy Hash: 9a21945ee2e444095f7d699b8cdccc3278fe76478896a693148aab1f162cb271
                                                                                              • Instruction Fuzzy Hash: 1DF082B97045185FD7149A6EEC54B6BBBFAEFC4665B1041AEE608C3350DB74EC02CBA0
                                                                                              Function 04B846A2 Relevance: .0, Instructions: 39COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5ab97cc1530554c7f40251cedddfc3df1a60cd6584f68d3a1ffbeeb4713f25df
                                                                                              • Instruction ID: 58a2d807c1ea784bbf7dc2de417e4a4364d8be347f8050e243928692bec86270
                                                                                              • Opcode Fuzzy Hash: 5ab97cc1530554c7f40251cedddfc3df1a60cd6584f68d3a1ffbeeb4713f25df
                                                                                              • Instruction Fuzzy Hash: 85F0B4767042049FD704DB59E408A9977DBEBC9351F1540E9F70A8B350EA31DC02DB92
                                                                                              Function 04B8AF00 Relevance: .0, Instructions: 38COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2132b5e4daa223369084ff0d299d3890a6f7791bfe6f7a631fd881dbf8a1d429
                                                                                              • Instruction ID: 16a1a84aedc5542a1ebcab685106527bf41757f2ed541c03ae441c64d9c11792
                                                                                              • Opcode Fuzzy Hash: 2132b5e4daa223369084ff0d299d3890a6f7791bfe6f7a631fd881dbf8a1d429
                                                                                              • Instruction Fuzzy Hash: 92F0A7F27002051BD768565E688499BB7DFEFD8625714847EF61DC7701EE60EC0686A0
                                                                                              Function 04B856D0 Relevance: .0, Instructions: 38COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 44549793d5d6c1fedc38d79f17ab64434c8d2506e17b3ecfa297713ef8635e37
                                                                                              • Instruction ID: 2ce79ebcc3d786cb212be227c530188e8f4542b9b34d1809084e1ffd85a44a6a
                                                                                              • Opcode Fuzzy Hash: 44549793d5d6c1fedc38d79f17ab64434c8d2506e17b3ecfa297713ef8635e37
                                                                                              • Instruction Fuzzy Hash: EEF0C2703003046BC754A7A9D44057EBAD6EBC53157824A2CEA1ECB750CFB1BC0987A2
                                                                                              Function 04B846C8 Relevance: .0, Instructions: 36COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f674faaf71aafb04a4aa4860aadb142b817d729c8fa5b5d076073555cf94d9f4
                                                                                              • Instruction ID: 2b3f514f671b340da39f73265fab4474b4125e9f870d9e19ada1a4fed5d883ed
                                                                                              • Opcode Fuzzy Hash: f674faaf71aafb04a4aa4860aadb142b817d729c8fa5b5d076073555cf94d9f4
                                                                                              • Instruction Fuzzy Hash: A5F09675E09248AFCB05EBB8E4554DDBFF5EF84316B0040EAD508D7351DA304A458B82
                                                                                              Function 04B867F0 Relevance: .0, Instructions: 36COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0d630094ec7c88c6bee110941ed8d2f7c54ca284dc1860a5f76571e2cab2c2f5
                                                                                              • Instruction ID: 1003f94f36ec2d407e7981c59b71bbd86709ce58dab0ce6287100ddfdc432de7
                                                                                              • Opcode Fuzzy Hash: 0d630094ec7c88c6bee110941ed8d2f7c54ca284dc1860a5f76571e2cab2c2f5
                                                                                              • Instruction Fuzzy Hash: 6F011D70E00209EFDB48FFA9D4415ADBBF5EF89205B1186A8D919EB240EE716E05CB41
                                                                                              Function 04B868D1 Relevance: .0, Instructions: 35COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0e475c2f1a4dfc2177de165db70e9c2e15599e3525ad62800ec24fe46bf026b0
                                                                                              • Instruction ID: 644b4763df6aa79246b1eecbb6f97d4051a1693535a5e13f04f204cdafc90977
                                                                                              • Opcode Fuzzy Hash: 0e475c2f1a4dfc2177de165db70e9c2e15599e3525ad62800ec24fe46bf026b0
                                                                                              • Instruction Fuzzy Hash: 33F054766042156FC711CE5DD844D8ABBFAEF8931070580AAE658C7252E731E915CBA1
                                                                                              Function 04B84551 Relevance: .0, Instructions: 34COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 01627b99d2fa6b0f4a3608b50378b6069c142e6df8009e29448d700f1cf23548
                                                                                              • Instruction ID: d43b83c8ab117ca0be802be3f3b05bce363770da4250a433fbdec159d62f89e6
                                                                                              • Opcode Fuzzy Hash: 01627b99d2fa6b0f4a3608b50378b6069c142e6df8009e29448d700f1cf23548
                                                                                              • Instruction Fuzzy Hash: 28F027713006152BC225B67EA84092F7A87DFD52217018A7CE70D8B200EF70ED418396
                                                                                              Function 04B8A369 Relevance: .0, Instructions: 34COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 13686adbefa7382703c1732c2703e416b7983e301cd5e3cb0dda86f6f04062d4
                                                                                              • Instruction ID: 83a68753afd981a9da46972fa785f4a4acc03d8cfa9f65c7fe7a7c3c0025053e
                                                                                              • Opcode Fuzzy Hash: 13686adbefa7382703c1732c2703e416b7983e301cd5e3cb0dda86f6f04062d4
                                                                                              • Instruction Fuzzy Hash: 18F0B4367092545FD7155A759804159BF26AF9521872880DDC9080F646CE329803C7E1
                                                                                              Function 04B8C4C9 Relevance: .0, Instructions: 33COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ac62f3e26a90870c4a73c031e7b12695630f54c37a78c757ca670ef5d258aeb3
                                                                                              • Instruction ID: 7250689d3c453d886e90c329620d4e6037e97e183e45bda939422c6df1073a9b
                                                                                              • Opcode Fuzzy Hash: ac62f3e26a90870c4a73c031e7b12695630f54c37a78c757ca670ef5d258aeb3
                                                                                              • Instruction Fuzzy Hash: 8EF05C723003102BC732A9249C41BEF7BE5CBC0751F00496EE94947148EE60F901C3B1
                                                                                              Function 04B8C688 Relevance: .0, Instructions: 33COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e32419d34e7247127a625a697e7634a385b81effe2c4a9559e42850c0ac3e1b3
                                                                                              • Instruction ID: 4666d5c37e0021ca05830fe3b5f4566b20d27d85bf4fe270719c2d6e680a766e
                                                                                              • Opcode Fuzzy Hash: e32419d34e7247127a625a697e7634a385b81effe2c4a9559e42850c0ac3e1b3
                                                                                              • Instruction Fuzzy Hash: 29F065757102128FD714EA79E944466BBEAEFC82A470895B9E908C7325EE71EC42C790
                                                                                              Function 04B86038 Relevance: .0, Instructions: 33COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2ee5efd4cb82ccfb386e3c12d69b795d22404fd3e8ed6ee94e8209ece9d18cb5
                                                                                              • Instruction ID: 9e47c583d400a93ddda060c4304ed1801093c27d200483c2b6a2e37259fdab5f
                                                                                              • Opcode Fuzzy Hash: 2ee5efd4cb82ccfb386e3c12d69b795d22404fd3e8ed6ee94e8209ece9d18cb5
                                                                                              • Instruction Fuzzy Hash: EDF0F671104BB09BC3319B68E404687BBE5EF8171AB008C1DD2C603A51E7F1B845C796
                                                                                              Function 04B857A8 Relevance: .0, Instructions: 33COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7c2dc574a4860caff890f69e6ccdd783b6ca512e444674df9508d0575ea7bc5a
                                                                                              • Instruction ID: 7b2fe227d5053732cb92f59159c88c6c4265271dab13bcf96783b8ff93ccb985
                                                                                              • Opcode Fuzzy Hash: 7c2dc574a4860caff890f69e6ccdd783b6ca512e444674df9508d0575ea7bc5a
                                                                                              • Instruction Fuzzy Hash: 44F0E270700301AFD720EA2ED840A5A77D6DFCA261B0549AEE149CB254EA61EC81C790
                                                                                              Function 04B845B8 Relevance: .0, Instructions: 32COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2a7ee04ed57db6cbe9cbb55b778962fba3e50ebb22e20de3cd341242fafdba23
                                                                                              • Instruction ID: 3b8ecd29ee2d68995dad7e4d1db5d47485d5015b17e6ddee62324bae5140fd28
                                                                                              • Opcode Fuzzy Hash: 2a7ee04ed57db6cbe9cbb55b778962fba3e50ebb22e20de3cd341242fafdba23
                                                                                              • Instruction Fuzzy Hash: 00F082713042028FD714EB6DE454A6E7BD2DFC924570849ADE649CB664EB20EC428751
                                                                                              Function 04B81431 Relevance: .0, Instructions: 31COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 88b2f5313ba8dbffc89fcd06b420d00771e18c296810263e2971714fffb9eeae
                                                                                              • Instruction ID: c11eedf33857f59ecfada36162483c8353ce8470402bde6dd2fdd30f4aae2cb2
                                                                                              • Opcode Fuzzy Hash: 88b2f5313ba8dbffc89fcd06b420d00771e18c296810263e2971714fffb9eeae
                                                                                              • Instruction Fuzzy Hash: 89F09678A062061FCB1CAF7D50252157FDAFFD460470908AE825A8F251FA24DC01C7D2
                                                                                              Function 04B84560 Relevance: .0, Instructions: 30COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e1728164555a826cebbfa6464e24652e09f66cd28931c6cbe00bb5bf4b573a1b
                                                                                              • Instruction ID: fe0a106480a8d1260e58d680484e9b62399b15d85c81a9ec19ed281f6067a26c
                                                                                              • Opcode Fuzzy Hash: e1728164555a826cebbfa6464e24652e09f66cd28931c6cbe00bb5bf4b573a1b
                                                                                              • Instruction Fuzzy Hash: 49E022323006152B8215B66EA84082EBAC7EFC52613014A7CEA0ECB300EF60FE4583D6
                                                                                              Function 04B8AB90 Relevance: .0, Instructions: 30COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f93922b017802088b7b322b9c05a0cd7d37f6fa88e0383a697322ab4fa0bea49
                                                                                              • Instruction ID: d48c496fde5031aa841ffee1b62fa004b9e60859bf0bb55a22731daafe1a66e0
                                                                                              • Opcode Fuzzy Hash: f93922b017802088b7b322b9c05a0cd7d37f6fa88e0383a697322ab4fa0bea49
                                                                                              • Instruction Fuzzy Hash: B5E09B313043149BC7145A7AA88595A7BEAEBC922175581BEF60AC7351DE21EC01C791
                                                                                              Function 04B838B0 Relevance: .0, Instructions: 30COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3cf868076fc3b4b85a301122088dd7634f11f4999d8ee9301734f0cf06ae8de4
                                                                                              • Instruction ID: 29934b6e9069b6ce6f705bc362353fb5381b09977b566ef836bc1eee6dcb103a
                                                                                              • Opcode Fuzzy Hash: 3cf868076fc3b4b85a301122088dd7634f11f4999d8ee9301734f0cf06ae8de4
                                                                                              • Instruction Fuzzy Hash: 4BE02260B0821807FF24356558203AE0FC98B92F08F1110FECD86CAB86E9D2E842C3D2
                                                                                              Function 04B836A9 Relevance: .0, Instructions: 27COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8455b5f3fdd4356c8513488bc7d44be0b61f088c95ae5b87b40803fb2258bbb6
                                                                                              • Instruction ID: 3d11f144a26fa3bd319432077520b46a917172d67a9a321918fb1540560be4c1
                                                                                              • Opcode Fuzzy Hash: 8455b5f3fdd4356c8513488bc7d44be0b61f088c95ae5b87b40803fb2258bbb6
                                                                                              • Instruction Fuzzy Hash: 6CE0E5B1F05115AF8B44EFAD55002EEBBF4DB48550B21846DD91DD7305F2319A02CBD0
                                                                                              Function 04B85772 Relevance: .0, Instructions: 27COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6b23e4e4263f340944ae822a1debc18538f3ac27ea348f426b2e49aff7f045e1
                                                                                              • Instruction ID: 1bd3ae7e9c62989ed7a71df8f167887b0367da71b2b3edb394ff13e95291e681
                                                                                              • Opcode Fuzzy Hash: 6b23e4e4263f340944ae822a1debc18538f3ac27ea348f426b2e49aff7f045e1
                                                                                              • Instruction Fuzzy Hash: 69E020732046205FE321A75CF440AD677C6EFC0336B04C959F24E47914DB74AC874794
                                                                                              Function 04B86AAF Relevance: .0, Instructions: 26COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c165b5d04426f463c8861f71eaaba74a80085efc0bf828de03095798953ed7a8
                                                                                              • Instruction ID: 9f552da8d4a3c3443b77bcde639b8b2053d43d4ac322a2d5be3f14b48b4ea7b2
                                                                                              • Opcode Fuzzy Hash: c165b5d04426f463c8861f71eaaba74a80085efc0bf828de03095798953ed7a8
                                                                                              • Instruction Fuzzy Hash: E1E092B1308204AFD314DF9DD880D82BBE9EF98311B1580AAE548CF352D721FD16CBA0
                                                                                              Function 04B8C1D0 Relevance: .0, Instructions: 25COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0f7feb0c6c5b4af029b47099e9ee0e63a7e9ce93cd5e9db1e675ad10be916413
                                                                                              • Instruction ID: 224d1e4d346f81730d8e9ef566dad643c0f8f00df6e79a955b76dbab5edec05f
                                                                                              • Opcode Fuzzy Hash: 0f7feb0c6c5b4af029b47099e9ee0e63a7e9ce93cd5e9db1e675ad10be916413
                                                                                              • Instruction Fuzzy Hash: 62E0923520530827C314B618A41466E3ADAEBC5755F050519FA4683740DE7568428B96
                                                                                              Function 04B8C678 Relevance: .0, Instructions: 24COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a650ff97a69b82f53c5656c4f91e56c7f4ad2d0dcaf6b34882cb456de7a62750
                                                                                              • Instruction ID: f860c332038c91afb85abb0e65f16352cf2cc459d347fd55723e5860ebb4fba9
                                                                                              • Opcode Fuzzy Hash: a650ff97a69b82f53c5656c4f91e56c7f4ad2d0dcaf6b34882cb456de7a62750
                                                                                              • Instruction Fuzzy Hash: A3E026B6A00202A3C31556719404592FFAADF84290F0892B5AA004B205EE30D883C3A0
                                                                                              Function 04B836B8 Relevance: .0, Instructions: 24COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0cfa8bbc40a4569aa7e3c07af7d9aef3d38a138ce3fc30ebf22d8fba1c64544d
                                                                                              • Instruction ID: f24e548c08bf338472abe2ffc675cc45103b7cfb4fee0113eec4358669f1b9bd
                                                                                              • Opcode Fuzzy Hash: 0cfa8bbc40a4569aa7e3c07af7d9aef3d38a138ce3fc30ebf22d8fba1c64544d
                                                                                              • Instruction Fuzzy Hash: FBE0E570F0411A9F8B40EFA999005AEBBF49B44540B1095ADC919D7200F2329601CBD1
                                                                                              Function 04B83CC0 Relevance: .0, Instructions: 24COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f4374883ac5b4155d10b43448a71da34dd96a99283a6ab79710cd94b0153b9c1
                                                                                              • Instruction ID: 34bd69939e03e0bee91edea8c647a0c81e204d77bf154a3110fd6129700097f2
                                                                                              • Opcode Fuzzy Hash: f4374883ac5b4155d10b43448a71da34dd96a99283a6ab79710cd94b0153b9c1
                                                                                              • Instruction Fuzzy Hash: FCE072363002601B8310A29D302077E37C7CBC9E6230A016FEB09C3B80CE22AC020382
                                                                                              Function 04B83CFF Relevance: .0, Instructions: 22COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c68a698cac11d78d59b4af9c6e9474be22c457972ca3083b26af12704eaeee72
                                                                                              • Instruction ID: 128bd75003b1a2461ce6abdf5f230c23272ce549efc9a935a37f5a16c8a20441
                                                                                              • Opcode Fuzzy Hash: c68a698cac11d78d59b4af9c6e9474be22c457972ca3083b26af12704eaeee72
                                                                                              • Instruction Fuzzy Hash: F6E09270909288AFC700DB74BD5149D7FB5DF4620471181DDD808D7252D9302E008762
                                                                                              Function 04B8CAC0 Relevance: .0, Instructions: 21COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 97a4f53d2426d13ae87352c0d28e9cbb8d480392c6fbaf60ac92fd8396d1c1e7
                                                                                              • Instruction ID: 98b15c635047518405d6ffa285ec799ef220e7df02de446af4f9e521a6215f7c
                                                                                              • Opcode Fuzzy Hash: 97a4f53d2426d13ae87352c0d28e9cbb8d480392c6fbaf60ac92fd8396d1c1e7
                                                                                              • Instruction Fuzzy Hash: 21D05E9550A3A05FDB06A738557418A7FA68F92216F14C8CAC2864E093D924A84BC38F
                                                                                              Function 04B817F0 Relevance: .0, Instructions: 21COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b771ad9f584ed29deef5d45f7441beee5cdb6eef2b168fe9912f45123917ff72
                                                                                              • Instruction ID: 66833d509fbd5131c3dd1631e871ac206bd477e0abda3656148c1f816a20301d
                                                                                              • Opcode Fuzzy Hash: b771ad9f584ed29deef5d45f7441beee5cdb6eef2b168fe9912f45123917ff72
                                                                                              • Instruction Fuzzy Hash: 52E0C23221C2446F83062B15E8116993FA8966A16030900B7F485873A1C9216C05C7A4
                                                                                              Function 04B8C1E0 Relevance: .0, Instructions: 20COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 003075e1174a75e8a36ae90d0edb11802e0f697b180daaa537886bff14f24d64
                                                                                              • Instruction ID: 79d7d1c070b7955165a8ae7b66d40d4c8ad4cabfb4b3e8981829cdce50044094
                                                                                              • Opcode Fuzzy Hash: 003075e1174a75e8a36ae90d0edb11802e0f697b180daaa537886bff14f24d64
                                                                                              • Instruction Fuzzy Hash: 35E0C23120031857C314B75DE00457E7BDAFBC5765B04092DEA4A83B00CEB17C828B96
                                                                                              Function 04B86898 Relevance: .0, Instructions: 20COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 020ec5e73db53238b1175de96baf7b70f5d9d66099c7bbd0accc860fa286be94
                                                                                              • Instruction ID: 92fa2471a9012c885652e3303338ce15a4934deacb74d17c2228fe0b76c53984
                                                                                              • Opcode Fuzzy Hash: 020ec5e73db53238b1175de96baf7b70f5d9d66099c7bbd0accc860fa286be94
                                                                                              • Instruction Fuzzy Hash: 9EE0EC72215121ABC324863DE804A83FFAAEFDE35175586AAE2448B209DB70DC82C7D4
                                                                                              Function 04B86AC0 Relevance: .0, Instructions: 20COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: cb5d3ce71888e4a66702b367d2c5c548f46b935d1df1832cb5efb5d0c874defa
                                                                                              • Instruction ID: 942277368f95e39e48c0402e2121ac88cb3279bcc113ea6da27dcfc7c8a61b4d
                                                                                              • Opcode Fuzzy Hash: cb5d3ce71888e4a66702b367d2c5c548f46b935d1df1832cb5efb5d0c874defa
                                                                                              • Instruction Fuzzy Hash: F7E0EC753042049FD314DF5DD880C91BBE9EF592543558099E948CF712D762FD12CB90
                                                                                              Function 04B83CD0 Relevance: .0, Instructions: 20COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 84f62730be9ea088088f695efe84435c1aa2716deb8f859bd7ebdcd42f249af4
                                                                                              • Instruction ID: 7c25eab21168c55ebd5382a01bae3975d13469f0bb431b3b465158fe21ac560b
                                                                                              • Opcode Fuzzy Hash: 84f62730be9ea088088f695efe84435c1aa2716deb8f859bd7ebdcd42f249af4
                                                                                              • Instruction Fuzzy Hash: 90D0A736300224130654719E741463E77DFCBC5D61306012EEF0AC3340CE927C0143D6
                                                                                              Function 04B846D8 Relevance: .0, Instructions: 19COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 27b7739dee8d373f2f65cf8182288f18c63c30cbc273d9a240e95ca9e081f78a
                                                                                              • Instruction ID: 0eb47c91a9a172d3229954c7d1c3d84d0b7916d5ee89b8427c9eae838bda3467
                                                                                              • Opcode Fuzzy Hash: 27b7739dee8d373f2f65cf8182288f18c63c30cbc273d9a240e95ca9e081f78a
                                                                                              • Instruction Fuzzy Hash: 24E0B674E0430CAFCB44EFE9D44459DBBF5EB48301F0085AAE809E7350EA345A558F82
                                                                                              Function 04B81C29 Relevance: .0, Instructions: 19COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a862441654459fd98a2ba31c280b0c5095df15073ee6ac221a889c68c1827e7d
                                                                                              • Instruction ID: a173dee3f2de1cdcdbfe4b67789210cd7756746c2e59e41a7f134eb164856756
                                                                                              • Opcode Fuzzy Hash: a862441654459fd98a2ba31c280b0c5095df15073ee6ac221a889c68c1827e7d
                                                                                              • Instruction Fuzzy Hash: 02D0129B91B72827961530AC590268AB7584FE6A64B0248E6D558EB201500AEC4686F7
                                                                                              Function 04B80C0C Relevance: .0, Instructions: 17COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: abf3b9e2c7b8eda2c5205bf102770ac4efaeb62deed6a75abd868414641b3fdc
                                                                                              • Instruction ID: 9a0c9b2fa54988641c2e196b713db73d2cc2a5a3ea41ea7aa9c1b45116a37190
                                                                                              • Opcode Fuzzy Hash: abf3b9e2c7b8eda2c5205bf102770ac4efaeb62deed6a75abd868414641b3fdc
                                                                                              • Instruction Fuzzy Hash: 25D0A73232111C6B52147659D88696A7F99E7A93A13104477F90583350DD707C05D799
                                                                                              Function 04B83938 Relevance: .0, Instructions: 17COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e7c10baccb7d9139036b165b639adaef21ba5e6e8b339a3f52cb965ad32870d6
                                                                                              • Instruction ID: a4141567135502eea8f600780839d7d453107cb61d98362a7fb35a9ebe6eb3fa
                                                                                              • Opcode Fuzzy Hash: e7c10baccb7d9139036b165b639adaef21ba5e6e8b339a3f52cb965ad32870d6
                                                                                              • Instruction Fuzzy Hash: F7D05E56B4A7542BC72426A454142997B998B96910F0280EBDE089B242E568CC018392
                                                                                              Function 04B83C89 Relevance: .0, Instructions: 16COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1f9c8aa769cdcb577d3054f5e5e3b825a137db13a44de46880c3adace98a9513
                                                                                              • Instruction ID: 577299d9070d8ff0ae1c15378e134db69976679d4633e2c8bd2e087e90b1dc47
                                                                                              • Opcode Fuzzy Hash: 1f9c8aa769cdcb577d3054f5e5e3b825a137db13a44de46880c3adace98a9513
                                                                                              • Instruction Fuzzy Hash: 20D0237031430497CB0C5530A41577AFFCA8798901F0044FCE70683741FE29FC108E55
                                                                                              Function 04B83D10 Relevance: .0, Instructions: 16COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 115ead8651af22f5ee524b76adb4124966cbd747b764cf04b09295b62445dda9
                                                                                              • Instruction ID: 227531a96a752d6330a3c3868db11a0859cdef9c4c0cce9cc895ce5ad0564083
                                                                                              • Opcode Fuzzy Hash: 115ead8651af22f5ee524b76adb4124966cbd747b764cf04b09295b62445dda9
                                                                                              • Instruction Fuzzy Hash: E6D05E70A0020DEFCB40EFB8F90156DBBF9EB49205B1146A9E909E3240EE312F009B91
                                                                                              Function 04B8E32A Relevance: .0, Instructions: 15COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0b7180d71bb2d648bf9cbf639659df98ebe2089f9f1b30daeba49e15aee52ba0
                                                                                              • Instruction ID: 6cb7d2c3f70b12892120d2f2573a2412e8638f7ff48b01731979dfabdb6e3f6f
                                                                                              • Opcode Fuzzy Hash: 0b7180d71bb2d648bf9cbf639659df98ebe2089f9f1b30daeba49e15aee52ba0
                                                                                              • Instruction Fuzzy Hash: BEE01230A0420FDBDF15EFE0C554AAE7771BB04309F204458D405E6244DB74D946CF41
                                                                                              Function 04B82968 Relevance: .0, Instructions: 15COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b1a9558039f48fc6a3d3fb8eeea3ab56f4eaf2e20183b2cafb3d4815022f89e3
                                                                                              • Instruction ID: e8766e661e7905ef71ec73c29699ef0412d100a2af70d0668e4a216d63bda057
                                                                                              • Opcode Fuzzy Hash: b1a9558039f48fc6a3d3fb8eeea3ab56f4eaf2e20183b2cafb3d4815022f89e3
                                                                                              • Instruction Fuzzy Hash: 25D05E70901209DFCB04DFB5E94195DBFF9EB88205B2186A6E418D3210EE306E00CB80
                                                                                              Function 04B83C98 Relevance: .0, Instructions: 14COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9f493126ffa9a20e3b5ea0f4b16702aaa8b703a853463d6fdcbd14acdf36325c
                                                                                              • Instruction ID: 7709c759282a49be07ceccaec14e6256048a0d9e8234a1ba705601ab8c45b09a
                                                                                              • Opcode Fuzzy Hash: 9f493126ffa9a20e3b5ea0f4b16702aaa8b703a853463d6fdcbd14acdf36325c
                                                                                              • Instruction Fuzzy Hash: B1D0C9303143088B8B48EA64E565539B7DADB88A0430098ACA90AC7341EF27FC12CA44
                                                                                              Function 04B80F50 Relevance: .0, Instructions: 13COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f7954c1ad05b7297fe099300aa126f8999eb6f96bf574f3a96959e0b9de160b9
                                                                                              • Instruction ID: aa6668a8fb0f4ffdb7bd8528bf0d1c141dd02eec0529afe56bd1bba7bd107c8e
                                                                                              • Opcode Fuzzy Hash: f7954c1ad05b7297fe099300aa126f8999eb6f96bf574f3a96959e0b9de160b9
                                                                                              • Instruction Fuzzy Hash: 10C08CA1B527088BEA103A7E225833A358CEBE0618F008CCE680D8A000DD28F8048644
                                                                                              Function 04B8858F Relevance: .0, Instructions: 12COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 28a068bc4fbaf56fb07afd32fd4001fa01f7d324467cebaaecb8366b8c3a0cb3
                                                                                              • Instruction ID: dcb03936113c51cef3f332e500c98ad53753d371a5e84d03ab052bb0da42be88
                                                                                              • Opcode Fuzzy Hash: 28a068bc4fbaf56fb07afd32fd4001fa01f7d324467cebaaecb8366b8c3a0cb3
                                                                                              • Instruction Fuzzy Hash: 7CC012B690D3846FCB12C6A02CA99CEBF329B67700F0A408AE38158093E1A50413D773
                                                                                              Function 04B80440 Relevance: .0, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 262ee4aaa7b2f3b0cab8a30e8fe382a98a481a64864492cd5553c4cd2659afd6
                                                                                              • Instruction ID: 158d49f844ff554b8f578a47c1b9793088dfb7fa2afe5ebe169518230459e3a5
                                                                                              • Opcode Fuzzy Hash: 262ee4aaa7b2f3b0cab8a30e8fe382a98a481a64864492cd5553c4cd2659afd6
                                                                                              • Instruction Fuzzy Hash: 8EC08CB3B50A359BD504864C00802E6F360FF7060AB84818AC25800000E331202BDA94
                                                                                              Function 04B846B0 Relevance: .0, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f4f931a78ff9956275507d5926fcbb0798ddad43eb50945fdcb6c7b36fc66141
                                                                                              • Instruction ID: 7fea21f90ca5ab95215bcc4a2bd5b26e22ac46f28787e3436b27b61f052af546
                                                                                              • Opcode Fuzzy Hash: f4f931a78ff9956275507d5926fcbb0798ddad43eb50945fdcb6c7b36fc66141
                                                                                              • Instruction Fuzzy Hash: 17B092B0A0530CAF8620DA9A980185ABBACDB0A210B4001D9E9088B320D973AA1066D2
                                                                                              Function 04B80E7C Relevance: .0, Instructions: 8COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7d513923812eba9d5ce555a6b31e5a3665654253ba2812f0a12ad575c3565363
                                                                                              • Instruction ID: cee91b7cd4de44d33c1473a2bc56ae7cfa175d19d87aec8ffab4e53756fd7862
                                                                                              • Opcode Fuzzy Hash: 7d513923812eba9d5ce555a6b31e5a3665654253ba2812f0a12ad575c3565363
                                                                                              • Instruction Fuzzy Hash: 6FB01286617101127104B63948D057704C2DBC0344BC4CCC91041A00055E18F0056104

                                                                                              Non-executed Functions

                                                                                              Function 04B8F7E8 Relevance: 7.6, Strings: 6, Instructions: 144COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (bq$,bq$,bq$Hbq$`]cq$`]cq
                                                                                              • API String ID: 0-2072144370
                                                                                              • Opcode ID: bf1d6b601b197c03a01764886abd57782d4ada757e6936cb32605cf64da24c4b
                                                                                              • Instruction ID: 061f67221030856b7f1202bcc61fd5b3e2028dfde3fe2557037d9758afb38e57
                                                                                              • Opcode Fuzzy Hash: bf1d6b601b197c03a01764886abd57782d4ada757e6936cb32605cf64da24c4b
                                                                                              • Instruction Fuzzy Hash: 9C41D035B10128DFDB24AB2D941853E37E6EFCA66272504EED506DB390DE60EC42C796
                                                                                              Function 04B8C2D0 Relevance: 5.2, Strings: 4, Instructions: 181COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000003.1746522555.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_3_4b80000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (bq$(bq$(bq$Xbq
                                                                                              • API String ID: 0-2547123440
                                                                                              • Opcode ID: bb03f5054cd3beedbc926d256847cacfb2e9a0180366008a5dd768533a0a2e05
                                                                                              • Instruction ID: e4f7fd327c93fbbce25679a0fcfecd710cbdbad023cf15f1a0973de0061bd3b0
                                                                                              • Opcode Fuzzy Hash: bb03f5054cd3beedbc926d256847cacfb2e9a0180366008a5dd768533a0a2e05
                                                                                              • Instruction Fuzzy Hash: BC5144313087504FD325AB38C44052E7BE6EFC661171888EEE54ACB7A2DE34EC06C7A1

                                                                                              Executed Functions

                                                                                              Function 046850B8 Relevance: .3, Instructions: 283COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000003.1752301365.0000000004680000.00000040.00000800.00020000.00000000.sdmp, Offset: 04680000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_3_4680000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9f97bb7a5cbcd18181ee5d8d28a4f24f4e086a267ac2b379bd9a2022c5e25944
                                                                                              • Instruction ID: 7ce067a878866f9b50ef614945951adea0e1ab93ae05416eec2ce915c73caca6
                                                                                              • Opcode Fuzzy Hash: 9f97bb7a5cbcd18181ee5d8d28a4f24f4e086a267ac2b379bd9a2022c5e25944
                                                                                              • Instruction Fuzzy Hash: 4CB14C70E00219DFDB14DFA9D89579DBBF2AF88304F14862DD816A7394FB74A846CB41
                                                                                              Function 046859A8 Relevance: .3, Instructions: 268COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000003.1752301365.0000000004680000.00000040.00000800.00020000.00000000.sdmp, Offset: 04680000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_3_4680000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 312675a37dc9ae07a24b34f2bbd6b68ff9ecd8a77bd5a8e6c3d9f385351aa6a2
                                                                                              • Instruction ID: 17990c0496937c0fdf79bc778e36dd97c22c42a5826852d506a1246f1d08f13b
                                                                                              • Opcode Fuzzy Hash: 312675a37dc9ae07a24b34f2bbd6b68ff9ecd8a77bd5a8e6c3d9f385351aa6a2
                                                                                              • Instruction Fuzzy Hash: 36B13FB0E00209DFDB10DFA9D89579DBBF2AF98314F14862DD416A7354EB74A845CF81
                                                                                              Function 04681630 Relevance: 2.7, Strings: 2, Instructions: 158COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000003.1752301365.0000000004680000.00000040.00000800.00020000.00000000.sdmp, Offset: 04680000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_3_4680000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: $^q$$^q
                                                                                              • API String ID: 0-355816377
                                                                                              • Opcode ID: adf11dba4e8a9cff5cb0fa34cdf35593134187787ca5afb7e0fc9aa174168073
                                                                                              • Instruction ID: de28c49ba8930b91545504ae1c767ea9b7ddc6f747f7b25317c1372c47b76257
                                                                                              • Opcode Fuzzy Hash: adf11dba4e8a9cff5cb0fa34cdf35593134187787ca5afb7e0fc9aa174168073
                                                                                              • Instruction Fuzzy Hash: 4B51BE71B002099FDB14EF79D8406EEBBF6ABCA350B14862ED419DB350EA30AD42C791
                                                                                              Function 04681080 Relevance: 1.5, Strings: 1, Instructions: 212COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000003.1752301365.0000000004680000.00000040.00000800.00020000.00000000.sdmp, Offset: 04680000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_3_4680000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (bq
                                                                                              • API String ID: 0-149360118
                                                                                              • Opcode ID: 564c2e55be579d1d3218fdd8db8c20f372030c897b0242fc3cc2565f10f11191
                                                                                              • Instruction ID: 2639ec0b688faf95e7fb86391197f595e6b748112d4cfe56f9a4f03d33337233
                                                                                              • Opcode Fuzzy Hash: 564c2e55be579d1d3218fdd8db8c20f372030c897b0242fc3cc2565f10f11191
                                                                                              • Instruction Fuzzy Hash: EE71B575B002149BEB05AFB9C8546AEB7E7AFC9300F158529D606AB390FF34EC439751
                                                                                              Function 04680C1C Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000003.1752301365.0000000004680000.00000040.00000800.00020000.00000000.sdmp, Offset: 04680000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_3_4680000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (bq
                                                                                              • API String ID: 0-149360118
                                                                                              • Opcode ID: e603a3af0980dd6c7991f8ef3c95cde08ced579a731c82df3a678d80b1ce6381
                                                                                              • Instruction ID: 2e171dab14570dd1fb5d19b4ad38f85a8c57286e9911c9a34209a6d4d6368f33
                                                                                              • Opcode Fuzzy Hash: e603a3af0980dd6c7991f8ef3c95cde08ced579a731c82df3a678d80b1ce6381
                                                                                              • Instruction Fuzzy Hash: 3751E434B04244AFEB14AB68D8647AE7FB2EFC9314F14856ED506EB381EE746C06C791
                                                                                              Function 046850B6 Relevance: .3, Instructions: 275COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000003.1752301365.0000000004680000.00000040.00000800.00020000.00000000.sdmp, Offset: 04680000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_3_4680000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7cbdc50977188ff6b91885e36758f20125cefa8d2ac978734cc94f9b4a2542eb
                                                                                              • Instruction ID: b06117713dd2fde8ac39395e56ccb9e17a0918f7797b0927d9d7df180d36fc36
                                                                                              • Opcode Fuzzy Hash: 7cbdc50977188ff6b91885e36758f20125cefa8d2ac978734cc94f9b4a2542eb
                                                                                              • Instruction Fuzzy Hash: 7BB14B70E00219EFDB10DFA9D88579DBBF2AF48308F14862DD816A7394FB74A845CB81
                                                                                              Function 0468599C Relevance: .3, Instructions: 265COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000003.1752301365.0000000004680000.00000040.00000800.00020000.00000000.sdmp, Offset: 04680000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_3_4680000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: edcdf6a605713052545bda10a4d1511bf1b2eb7d89963d8b6a064264a87febc1
                                                                                              • Instruction ID: 0ad706e974b2c05278c68749daa608ee441a8e20dcc22c017bde2e7d656bd527
                                                                                              • Opcode Fuzzy Hash: edcdf6a605713052545bda10a4d1511bf1b2eb7d89963d8b6a064264a87febc1
                                                                                              • Instruction Fuzzy Hash: 67B14DB0E00209DFDB10DFA8D99579DBBF1AF98314F14862DD81AA7354EB74A846CF81
                                                                                              Function 04682268 Relevance: .1, Instructions: 106COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000003.1752301365.0000000004680000.00000040.00000800.00020000.00000000.sdmp, Offset: 04680000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_3_4680000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 64f7b8c83ae193503fc187d5efcf8e4a2c84ad7ea3ffbd70a55d5435d92cd546
                                                                                              • Instruction ID: 38087d9ba2f5c169df5ae50507569ea94af2e92c2cbfff3a885d90374ebcf31d
                                                                                              • Opcode Fuzzy Hash: 64f7b8c83ae193503fc187d5efcf8e4a2c84ad7ea3ffbd70a55d5435d92cd546
                                                                                              • Instruction Fuzzy Hash: 65411D75B002149FCB54DF69D89099EBBB2FF9C714B108169E905EB360EB31ED42CB94
                                                                                              Function 04681072 Relevance: .1, Instructions: 72COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000003.1752301365.0000000004680000.00000040.00000800.00020000.00000000.sdmp, Offset: 04680000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_3_4680000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 656bfe37801805f66a7c135dedd2dcf3999b1a5639f307a261ec3d2de345f131
                                                                                              • Instruction ID: 4b38f09b158713212c1174aa29848d2cf684323321972852babceb3eb368055a
                                                                                              • Opcode Fuzzy Hash: 656bfe37801805f66a7c135dedd2dcf3999b1a5639f307a261ec3d2de345f131
                                                                                              • Instruction Fuzzy Hash: 5C11E432B0022497EF10AA7588446EEBBEADBC9240F04813ADA07DB341FE74ED078391
                                                                                              Function 04682B18 Relevance: .1, Instructions: 64COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000003.1752301365.0000000004680000.00000040.00000800.00020000.00000000.sdmp, Offset: 04680000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_3_4680000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 33e2a50942ed168c62045f934c2f943b376ff40937dfa77492d0a04cca5d2b71
                                                                                              • Instruction ID: a2a99c2dabcbbf315383d762585c829e0d2e377d9eaf9eab29f57a291b973d76
                                                                                              • Opcode Fuzzy Hash: 33e2a50942ed168c62045f934c2f943b376ff40937dfa77492d0a04cca5d2b71
                                                                                              • Instruction Fuzzy Hash: 34119E75B002184B8B94BBBD54301AE7BE29FC465A71049BDC90AD7340FF349E068BD6
                                                                                              Function 04682258 Relevance: .1, Instructions: 62COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000003.1752301365.0000000004680000.00000040.00000800.00020000.00000000.sdmp, Offset: 04680000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_3_4680000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0a61cc2d318c5e9656dbb28ee1169945f79a6c00dabc7df5aaff7a1979e0b758
                                                                                              • Instruction ID: e854845c18868a9c1d78beacc14853483409c38f91a0117b88bcc62fe7fbbaaa
                                                                                              • Opcode Fuzzy Hash: 0a61cc2d318c5e9656dbb28ee1169945f79a6c00dabc7df5aaff7a1979e0b758
                                                                                              • Instruction Fuzzy Hash: 3E2130B5E102189FCB54DF69D8809DEBBB1FF4C710B10826AE805EB320E7319942CF94
                                                                                              Function 04681958 Relevance: .1, Instructions: 57COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000003.1752301365.0000000004680000.00000040.00000800.00020000.00000000.sdmp, Offset: 04680000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_3_4680000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3e2cd68441a89ffb205e0ec66461ac13b1edecdc6f020267f28d52f794f4c49d
                                                                                              • Instruction ID: 27f3bb2cff27926ca35972731791b5273d3fbfab80cec75c8bfa88a448a6fedf
                                                                                              • Opcode Fuzzy Hash: 3e2cd68441a89ffb205e0ec66461ac13b1edecdc6f020267f28d52f794f4c49d
                                                                                              • Instruction Fuzzy Hash: BE115479A00215AFCF04DF64D455AE9BBB2EFCC320F149019D90A97340EF75AC46CB90
                                                                                              Function 04681378 Relevance: .1, Instructions: 55COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000003.1752301365.0000000004680000.00000040.00000800.00020000.00000000.sdmp, Offset: 04680000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_3_4680000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0a7890be13ddda16a1a06bbbc89545e7901c2b3e6c60df5828765dfd8ae04705
                                                                                              • Instruction ID: f6817e15964ac2d2da8f7909ceb540e5745591d8e426afa38687d9d9133cf372
                                                                                              • Opcode Fuzzy Hash: 0a7890be13ddda16a1a06bbbc89545e7901c2b3e6c60df5828765dfd8ae04705
                                                                                              • Instruction Fuzzy Hash: 5421F3B09002498EDB10DFAAC485AEEFBB0FF98324F10852ED859A7240C7756945CFA1
                                                                                              Function 04681380 Relevance: .1, Instructions: 53COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000003.1752301365.0000000004680000.00000040.00000800.00020000.00000000.sdmp, Offset: 04680000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_3_4680000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 718ff538750fff872dce7fea37eea4c6026b64caefd7402fcc97b56745c8c6f9
                                                                                              • Instruction ID: 09928776e475826a5df741ce521833284714c188c6081b9771044f6dcbb167ed
                                                                                              • Opcode Fuzzy Hash: 718ff538750fff872dce7fea37eea4c6026b64caefd7402fcc97b56745c8c6f9
                                                                                              • Instruction Fuzzy Hash: F511E3B09042098BDB10DFAAC485ADEFBF4FB88324F108519D559A7240C774A945CFA5
                                                                                              Function 04682B08 Relevance: .1, Instructions: 52COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000003.1752301365.0000000004680000.00000040.00000800.00020000.00000000.sdmp, Offset: 04680000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_3_4680000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 90540b79f9643171667cc43f3fd595186bc4493239daa63e3b3dc66b9732d177
                                                                                              • Instruction ID: 1ef8e192ae74a813f62bab7c10225886a4726c76fe0eea497149d4e9e2316895
                                                                                              • Opcode Fuzzy Hash: 90540b79f9643171667cc43f3fd595186bc4493239daa63e3b3dc66b9732d177
                                                                                              • Instruction Fuzzy Hash: F401CC74B002048F9B54BB7850641AE7BE29BC821971006BDC80AD7340FF38D9038BE6
                                                                                              Function 04681968 Relevance: .1, Instructions: 51COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000003.1752301365.0000000004680000.00000040.00000800.00020000.00000000.sdmp, Offset: 04680000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_3_4680000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a27621bdf3bd6dba4d12a433555aecd921003c5d446c972bb1793b77b8046e9f
                                                                                              • Instruction ID: de3c48dda3e281b20335ae24ed57fbea9c61970711b12088b0fa63e25fe625f3
                                                                                              • Opcode Fuzzy Hash: a27621bdf3bd6dba4d12a433555aecd921003c5d446c972bb1793b77b8046e9f
                                                                                              • Instruction Fuzzy Hash: 57111F39600215AFCB14DFA4D458AA97BB6EFCC721F149019E60BA7380EF79AC45CB90
                                                                                              Function 04681440 Relevance: .0, Instructions: 50COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000003.1752301365.0000000004680000.00000040.00000800.00020000.00000000.sdmp, Offset: 04680000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_3_4680000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 65ce58e5a20721725bde9ad638aafd7bfd139391b72f706e9e5ade5ce52dbcf3
                                                                                              • Instruction ID: 8d46b3d0252961b93662ae6e21c1ce9c7121dd52e37b8daf41c76b10c02bf545
                                                                                              • Opcode Fuzzy Hash: 65ce58e5a20721725bde9ad638aafd7bfd139391b72f706e9e5ade5ce52dbcf3
                                                                                              • Instruction Fuzzy Hash: 8E01D874A193452FCF09AF3858351667FE9DED290430509AEC64ECF252F924DC09C3D2
                                                                                              Function 0468182A Relevance: .0, Instructions: 46COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000003.1752301365.0000000004680000.00000040.00000800.00020000.00000000.sdmp, Offset: 04680000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_3_4680000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c4582929ae16a1d18127e5d248a94d853a7a128e0146b4633b80b917aa47a37f
                                                                                              • Instruction ID: 9eeb00a70df731a7483a3a986824edcb9acd0ca9235f76fea407f582c7f319d6
                                                                                              • Opcode Fuzzy Hash: c4582929ae16a1d18127e5d248a94d853a7a128e0146b4633b80b917aa47a37f
                                                                                              • Instruction Fuzzy Hash: 0A0126B1A0010997EB08BA6885563EFBBB6ABC9304F10462ED105B3380EF756C06C7D1
                                                                                              Function 043FD01D Relevance: .0, Instructions: 45COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.1752916886.00000000043FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 043FD000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_43fd000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 75ce1808f7bb8ca217e3458c30b01fa1fc9460715bbe869fc28d092600f3d342
                                                                                              • Instruction ID: d86e520378a5b0588436b69640946e8da25a76814f0c64947cb20656dd9e4fbf
                                                                                              • Opcode Fuzzy Hash: 75ce1808f7bb8ca217e3458c30b01fa1fc9460715bbe869fc28d092600f3d342
                                                                                              • Instruction Fuzzy Hash: 5A01F7711083419AE7104E25ED88B66BFD8DF51325F08D51AEE4A0B282C279A841C6B1
                                                                                              Function 043FD006 Relevance: .0, Instructions: 45COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.1752916886.00000000043FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 043FD000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_43fd000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ecb9dd10a00fef86e8069396c930ec513c680cfa2a476d6da4efdf9c2c49ffa5
                                                                                              • Instruction ID: cb40fcff3ef7b080b98cd95a8c49f3f6f533ef7e89ad35d6795a7870ca1df065
                                                                                              • Opcode Fuzzy Hash: ecb9dd10a00fef86e8069396c930ec513c680cfa2a476d6da4efdf9c2c49ffa5
                                                                                              • Instruction Fuzzy Hash: FE014C6100E3C09EE7128B259D98B52BFA4DF53224F19C1CBDD898F1A3C2699849C772
                                                                                              Function 04682A68 Relevance: .0, Instructions: 44COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000003.1752301365.0000000004680000.00000040.00000800.00020000.00000000.sdmp, Offset: 04680000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_3_4680000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 11ec5945c172e78476c482c1767505e46b27df8bf2020423f49f3dd79f6fdd64
                                                                                              • Instruction ID: edf031b16d275de1d016905f06e2c94a63f0b3a75e54262abaa0973c4d74f59f
                                                                                              • Opcode Fuzzy Hash: 11ec5945c172e78476c482c1767505e46b27df8bf2020423f49f3dd79f6fdd64
                                                                                              • Instruction Fuzzy Hash: 25018F35B402108FCB04AB38E5556AE7BF2EB88715B20417AE80ADB361EB359D43CB80
                                                                                              Function 04682997 Relevance: .0, Instructions: 42COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000003.1752301365.0000000004680000.00000040.00000800.00020000.00000000.sdmp, Offset: 04680000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_3_4680000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7a78436c5cc45a8807d8974a2f0bcc1d8bbb4d7caa03cb508d535f18426081c6
                                                                                              • Instruction ID: 76e19dd33ee1edbffb44e40d9a6aca9eb45fbc9941de4ac94996a0242d2159b1
                                                                                              • Opcode Fuzzy Hash: 7a78436c5cc45a8807d8974a2f0bcc1d8bbb4d7caa03cb508d535f18426081c6
                                                                                              • Instruction Fuzzy Hash: 2EF022342403109FEB18ABB4A9466893B62EF81715700856EE9068B282FE24A8C79391
                                                                                              Function 04682A78 Relevance: .0, Instructions: 38COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000003.1752301365.0000000004680000.00000040.00000800.00020000.00000000.sdmp, Offset: 04680000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_3_4680000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 00f336216a88a41ffc30bf0f036179bc79c6697cb1b6c50886beda517ba4b015
                                                                                              • Instruction ID: 6b102619dcbe1f972295075d292f62beedb6b7affa61f1d165f329dc8514e3a1
                                                                                              • Opcode Fuzzy Hash: 00f336216a88a41ffc30bf0f036179bc79c6697cb1b6c50886beda517ba4b015
                                                                                              • Instruction Fuzzy Hash: 97018C39B002148FCB04EF79D4166AE7BF1EB89715B20416AE50ADB351EF31AD02CB85
                                                                                              Function 04681431 Relevance: .0, Instructions: 34COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000003.1752301365.0000000004680000.00000040.00000800.00020000.00000000.sdmp, Offset: 04680000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_3_4680000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7d3b334e051d6ee49b0ee80fe09173713ab6d2102d3b32ce7f59118c23c53e75
                                                                                              • Instruction ID: 1152ada518c24120b16937967c367456f479b82b3a4d5d51b1f29359aa6661a1
                                                                                              • Opcode Fuzzy Hash: 7d3b334e051d6ee49b0ee80fe09173713ab6d2102d3b32ce7f59118c23c53e75
                                                                                              • Instruction Fuzzy Hash: FCF06D78A053461FDF09AF7854692567FA9EEE2A1430519BEC24B8F252F924DC0687C2
                                                                                              Function 046829A8 Relevance: .0, Instructions: 34COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000003.1752301365.0000000004680000.00000040.00000800.00020000.00000000.sdmp, Offset: 04680000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_3_4680000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0d09dd685e07371a8da31b020fdf9ba1f542a5aeb87281beda619cdeb69bef31
                                                                                              • Instruction ID: ab5c9e53f7f341e306c14c671fb79ebfa78134415b29867e8865a4990a20ed4d
                                                                                              • Opcode Fuzzy Hash: 0d09dd685e07371a8da31b020fdf9ba1f542a5aeb87281beda619cdeb69bef31
                                                                                              • Instruction Fuzzy Hash: EAF0B430340311ABEB18BFB4ED15A5A3B56EFC0605700892DF5069B285FF71E8C197D5
                                                                                              Function 04682A20 Relevance: .0, Instructions: 27COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000003.1752301365.0000000004680000.00000040.00000800.00020000.00000000.sdmp, Offset: 04680000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_3_4680000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: bf919a8dcc4511d03642a16781f31d48a613706f954f01fc754f5de83c5b7ce0
                                                                                              • Instruction ID: adee7f410401a38f10b094a44dbe64cde30479fc986205c883157640777de792
                                                                                              • Opcode Fuzzy Hash: bf919a8dcc4511d03642a16781f31d48a613706f954f01fc754f5de83c5b7ce0
                                                                                              • Instruction Fuzzy Hash: 19E0263138A2609FEF1627F136241FE3B99AEC2611307529BF806C2292FB0CCD438341
                                                                                              Function 04682A30 Relevance: .0, Instructions: 22COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000003.1752301365.0000000004680000.00000040.00000800.00020000.00000000.sdmp, Offset: 04680000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_3_4680000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 75d57ae6f52788d41273dd83b4ef74bf48c03b0812d914c8254fc307c7c3f78a
                                                                                              • Instruction ID: 1759208faf747b369da50aef7e4c448e0a1226f0a7f04fc15462248a6915f7fb
                                                                                              • Opcode Fuzzy Hash: 75d57ae6f52788d41273dd83b4ef74bf48c03b0812d914c8254fc307c7c3f78a
                                                                                              • Instruction Fuzzy Hash: 97D0C230351124A79F142AE665242BE368C9F81651701216DF41AC2380FF0CDD424384
                                                                                              Function 04685EB0 Relevance: .0, Instructions: 21COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000003.1752301365.0000000004680000.00000040.00000800.00020000.00000000.sdmp, Offset: 04680000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_3_4680000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 42ec881fc9aa1fae11d759a4b3114715b5a91281b6a57a9f6624c8d2fa569d67
                                                                                              • Instruction ID: 9fbd2bcc944de6cb8d2ac11f52fbfd7ea6d0e2034fe61375d1345974a5199fd9
                                                                                              • Opcode Fuzzy Hash: 42ec881fc9aa1fae11d759a4b3114715b5a91281b6a57a9f6624c8d2fa569d67
                                                                                              • Instruction Fuzzy Hash: 5EE02EB22086206FD3029768F4608D47BB8EF4A728B1140EBE10ACB363CA958C038389
                                                                                              Function 04682959 Relevance: .0, Instructions: 21COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000003.1752301365.0000000004680000.00000040.00000800.00020000.00000000.sdmp, Offset: 04680000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_3_4680000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ef70e1f7c19989e04c2d2cd61b7b86647e24480f85c2bcee25bea2fc50bb03f1
                                                                                              • Instruction ID: c02e71e2261df06c116e5d8e4d94e0ccefa3ff8ba9ebd6b8c8eab765d07bcb0f
                                                                                              • Opcode Fuzzy Hash: ef70e1f7c19989e04c2d2cd61b7b86647e24480f85c2bcee25bea2fc50bb03f1
                                                                                              • Instruction Fuzzy Hash: 63E08CB584A3089FDB04DFB4E99268C7FB4EB06209B2185E6D848D7223EA344E07D781
                                                                                              Function 046817F0 Relevance: .0, Instructions: 19COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000003.1752301365.0000000004680000.00000040.00000800.00020000.00000000.sdmp, Offset: 04680000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_3_4680000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6e6be455bca8faee6dbfdeb28211718c503bb63062d6733818e7e38242af77e7
                                                                                              • Instruction ID: 93825a01ec5a053107120fd5af9fd2ee59a2715bcde7d3ef5b99ee613475ef79
                                                                                              • Opcode Fuzzy Hash: 6e6be455bca8faee6dbfdeb28211718c503bb63062d6733818e7e38242af77e7
                                                                                              • Instruction Fuzzy Hash: 6FD02E722892506FC30AEB60B48B0947FA5BB5622030580AFE8048B2A2DC210C87C3C4
                                                                                              Function 04680C48 Relevance: .0, Instructions: 18COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000003.1752301365.0000000004680000.00000040.00000800.00020000.00000000.sdmp, Offset: 04680000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_3_4680000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c75ef3a9e392fae9161dfc8731c6946811628c69e23bef1a1a2f205e50b9e938
                                                                                              • Instruction ID: 183ca8900330c2d431f6b796e65db6d5b98fc023ac91c2866f2102bae6f49ad2
                                                                                              • Opcode Fuzzy Hash: c75ef3a9e392fae9161dfc8731c6946811628c69e23bef1a1a2f205e50b9e938
                                                                                              • Instruction Fuzzy Hash: 53D0A7313202245FD704665CD4549793799DB89729B00085AF20FC7320DD51FC010789
                                                                                              Function 04680C0C Relevance: .0, Instructions: 17COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000003.1752301365.0000000004680000.00000040.00000800.00020000.00000000.sdmp, Offset: 04680000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_3_4680000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 27d45a4a20fbb484a604cf2076942905e22e0abbfe3f32064861d32858b35360
                                                                                              • Instruction ID: 14b17d88c023c3850ba16db65843b233cc2b044cc32cb702f1c6fc700768908e
                                                                                              • Opcode Fuzzy Hash: 27d45a4a20fbb484a604cf2076942905e22e0abbfe3f32064861d32858b35360
                                                                                              • Instruction Fuzzy Hash: 8DD0A77236111C6B57087A58D88696A7F99E7D5361310882BF90693210ED707C05979D
                                                                                              Function 04682968 Relevance: .0, Instructions: 15COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000003.1752301365.0000000004680000.00000040.00000800.00020000.00000000.sdmp, Offset: 04680000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_3_4680000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d4c760fcac51a161686a126cf4f107b1335d7a2b23b0061aa49ec72bd87f7503
                                                                                              • Instruction ID: a8cc58c9387b8c3c3d9c339b3ca8fa5c44d6695e53e52aba562ca4e43d8b58ba
                                                                                              • Opcode Fuzzy Hash: d4c760fcac51a161686a126cf4f107b1335d7a2b23b0061aa49ec72bd87f7503
                                                                                              • Instruction Fuzzy Hash: EED05E74901309DFCB04DFB9E94195DBFF9EB45205B2086A6E408D3211EA305E00DB80
                                                                                              Function 04680440 Relevance: .0, Instructions: 13COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000003.1752301365.0000000004680000.00000040.00000800.00020000.00000000.sdmp, Offset: 04680000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_3_4680000_rundll32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 442d52989f0142a47eefe216c24de405d2b2cb818e6d80c2f82f5a3bf92ed089
                                                                                              • Instruction ID: bbfa080c365f87dcf678ea0931b061d4b49b0953bea8181088eb0c56a8c10d00
                                                                                              • Opcode Fuzzy Hash: 442d52989f0142a47eefe216c24de405d2b2cb818e6d80c2f82f5a3bf92ed089
                                                                                              • Instruction Fuzzy Hash: ACC080B255A7806FD303015404814D67B30E6731013C58747C04485D53F11A6427C275

                                                                                              Executed Functions

                                                                                              Function 00007FFD9B410C89 Relevance: 1.3, Instructions: 1279COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000C.00000002.1816007768.00007FFD9B410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B410000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_12_2_7ffd9b410000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 124bee726236e56475912e989fe09283e6b341fb4e11d82682a5488a57f7f7fb
                                                                                              • Instruction ID: 020e09637c3d79fa98c8738e31a6a3e3d74ec0731561b8ba88ed34d2030a39b7
                                                                                              • Opcode Fuzzy Hash: 124bee726236e56475912e989fe09283e6b341fb4e11d82682a5488a57f7f7fb
                                                                                              • Instruction Fuzzy Hash: 2BB25B70E0961D8FDBA9EB54C8A5BB9B7A1FF68308F5000EDD01ED7295DA356A81CF10
                                                                                              Function 00007FFD9B411895 Relevance: .7, Instructions: 737COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000C.00000002.1816007768.00007FFD9B410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B410000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_12_2_7ffd9b410000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8b81a4932a4c8d86e231691424adbfc654607ab0e64ea8c18c588154f79bc3a4
                                                                                              • Instruction ID: cdfdb97db0bb9fca664175811f1d0cfb216e7cff96b861a44a3b6df1089488c5
                                                                                              • Opcode Fuzzy Hash: 8b81a4932a4c8d86e231691424adbfc654607ab0e64ea8c18c588154f79bc3a4
                                                                                              • Instruction Fuzzy Hash: 5342AD70E0A66D8FD7A5DB6488657B9BBF1EF5A304F0100F9D00DE72A2DA785E84DB40
                                                                                              Function 00007FFD9B41C922 Relevance: .5, Instructions: 461COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000C.00000002.1816007768.00007FFD9B410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B410000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_12_2_7ffd9b410000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9f3217416513fe3ce416dd2fe8395db9ba6829afa21813fa8a95742ddebd44af
                                                                                              • Instruction ID: 3b7b0e18af40130ba17fb2e1e7c0f58ae3f2ffe9c86816b7333466c0289de7c2
                                                                                              • Opcode Fuzzy Hash: 9f3217416513fe3ce416dd2fe8395db9ba6829afa21813fa8a95742ddebd44af
                                                                                              • Instruction Fuzzy Hash: 20E1F630A09A4D8FEBA8DF28C8A57E937E1FF54310F04826ED84DC7296CF7499448781
                                                                                              Function 00007FFD9B411E7E Relevance: .1, Instructions: 144COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000C.00000002.1816007768.00007FFD9B410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B410000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_12_2_7ffd9b410000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ddfdef5469b36637595f3512ef187d89d7f5d33184925e675e8820efd2cef093
                                                                                              • Instruction ID: 5ada5000796eb090a3003ca785f03580445c04bb28fe2cae3645dff4bc6c75f1
                                                                                              • Opcode Fuzzy Hash: ddfdef5469b36637595f3512ef187d89d7f5d33184925e675e8820efd2cef093
                                                                                              • Instruction Fuzzy Hash: 26515A70E0A62D8FEBB5DB6488A57B9B7B1EF69304F0150F5D00CD32A2DE746E859B00
                                                                                              Function 00007FFD9B411EA1 Relevance: .1, Instructions: 125COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000C.00000002.1816007768.00007FFD9B410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B410000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_12_2_7ffd9b410000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b6902a9369848fa69749c837837ed36844aec6781210f027bb5b55c382462d1e
                                                                                              • Instruction ID: 1dbfa01e12f584d36baf1ac0c7abac74da3eaf5b049d41c312a66f3ce8ffc200
                                                                                              • Opcode Fuzzy Hash: b6902a9369848fa69749c837837ed36844aec6781210f027bb5b55c382462d1e
                                                                                              • Instruction Fuzzy Hash: BC414A70E0A62D8FEBB5DB5488A57B9B3B1EB69304F0151F5D00CD32A2DA786EC59B40
                                                                                              Function 00007FFD9B411EB6 Relevance: .1, Instructions: 119COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000C.00000002.1816007768.00007FFD9B410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B410000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_12_2_7ffd9b410000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 51e30a71d5c7a241507bb8ca0fe00a8483d228db46de6b5832dfe2c79a77142d
                                                                                              • Instruction ID: d088d94daeae05b9e1bdff5ed1f6b2ba5d997ca8760ec509bc6e5c402501fb83
                                                                                              • Opcode Fuzzy Hash: 51e30a71d5c7a241507bb8ca0fe00a8483d228db46de6b5832dfe2c79a77142d
                                                                                              • Instruction Fuzzy Hash: B7413870E0962D8FEBB5DF6888957A9B7B0EB69304F0151E5D00DD32A2CA34AEC5DF00
                                                                                              Function 00007FFD9B41596C Relevance: 1.7, Strings: 1, Instructions: 448COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000C.00000002.1816007768.00007FFD9B410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B410000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_12_2_7ffd9b410000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: K_^
                                                                                              • API String ID: 0-3865075263
                                                                                              • Opcode ID: 635d509fe85604edda1f342c862768745bc7b35aab0dcd84c3a821d01d4a165c
                                                                                              • Instruction ID: 742b59f27196a7ba254d128d2e49777070164e1d0123bf3e98e001a799ab734d
                                                                                              • Opcode Fuzzy Hash: 635d509fe85604edda1f342c862768745bc7b35aab0dcd84c3a821d01d4a165c
                                                                                              • Instruction Fuzzy Hash: E8D13D22F1F6894FE365B7B898614E87FE0EF95228F0502FBC08DCB4E3E95855498391
                                                                                              Function 00007FFD9B500853 Relevance: 1.0, Instructions: 973COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000C.00000002.1816290958.00007FFD9B500000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B500000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_12_2_7ffd9b500000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6bec8a723aafd0e105dba04e9fb3b29e1f8c41c41215a13e6ef45cbed1f06d2e
                                                                                              • Instruction ID: e1b36d7c43ff994403336102f6fb3e4c2ca1478e00800349f523f9a9b3e98221
                                                                                              • Opcode Fuzzy Hash: 6bec8a723aafd0e105dba04e9fb3b29e1f8c41c41215a13e6ef45cbed1f06d2e
                                                                                              • Instruction Fuzzy Hash: 3BF11660B0EA4D4FE7A9976C88256747BD1EF9A710B0902BED0CEC76F7DD14AC428781
                                                                                              Function 00007FFD9B41B679 Relevance: .4, Instructions: 415COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000C.00000002.1816007768.00007FFD9B410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B410000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_12_2_7ffd9b410000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 96d09588e843cc9533782945294acb0168afe76146ee247010fee9c9794024f2
                                                                                              • Instruction ID: 59c68e63dd1a5cead5bab42689085d1d6082188fce844edf8d1261f8fb1a9eb6
                                                                                              • Opcode Fuzzy Hash: 96d09588e843cc9533782945294acb0168afe76146ee247010fee9c9794024f2
                                                                                              • Instruction Fuzzy Hash: D4D1D730A19A8D8FEF68DF28C8657E977E1FF58300F04426EE84DC7295CB7499458B82
                                                                                              Function 00007FFD9B416772 Relevance: .4, Instructions: 412COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000C.00000002.1816007768.00007FFD9B410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B410000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_12_2_7ffd9b410000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4c7ef91077490ef98bed7b8b566d6a603cc1b1a12301e507f41d51845b80b3f5
                                                                                              • Instruction ID: ff1c0a895a38c928e49c34cf54c244e3aabf90fe907519f9aac8b05d4ebd82ae
                                                                                              • Opcode Fuzzy Hash: 4c7ef91077490ef98bed7b8b566d6a603cc1b1a12301e507f41d51845b80b3f5
                                                                                              • Instruction Fuzzy Hash: 60E12961E0F68E4FE765DB6888659653FE0EF22358F0911FED099CF0E3D928E9059740
                                                                                              Function 00007FFD9B417A45 Relevance: .4, Instructions: 385COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000C.00000002.1816007768.00007FFD9B410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B410000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_12_2_7ffd9b410000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d9c8fcd9889b05c9a415802107a93b3dbe0f2a2c75aa09eb994b769013225236
                                                                                              • Instruction ID: 801931101e5c8dc2eb0a17a3042b71c046888ee7fc03d36b0b56b9a139a5ad1e
                                                                                              • Opcode Fuzzy Hash: d9c8fcd9889b05c9a415802107a93b3dbe0f2a2c75aa09eb994b769013225236
                                                                                              • Instruction Fuzzy Hash: C8D128B0E0E68D8FD761DBA8C821AE9BFF0EF5A314F0501FAD049DB1A2DA285944C751
                                                                                              Function 00007FFD9B418379 Relevance: .4, Instructions: 365COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000C.00000002.1816007768.00007FFD9B410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B410000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_12_2_7ffd9b410000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8450e96d65bb61e554e4ef034ba6ba00bac806516a77b9ad6834ddf2086cc368
                                                                                              • Instruction ID: 4f9fdb4c081230e8fbc388d82a9daba05d805d0bcf19e568f0c532c0e12b551a
                                                                                              • Opcode Fuzzy Hash: 8450e96d65bb61e554e4ef034ba6ba00bac806516a77b9ad6834ddf2086cc368
                                                                                              • Instruction Fuzzy Hash: 42E18270E09A1D8FDBA4EB58C498BADBBF1EF69305F5040A9D00DE72A1DA749984CF00
                                                                                              Function 00007FFD9B500002 Relevance: .3, Instructions: 348COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000C.00000002.1816290958.00007FFD9B500000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B500000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_12_2_7ffd9b500000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 441c1fdf9f03b029630fdbba11ea57f5451977e286f41a73230f1397cbc31487
                                                                                              • Instruction ID: 4f22637162fc460411a4ffc257fa54607feacdee2e0e5a625a12719546c50bb2
                                                                                              • Opcode Fuzzy Hash: 441c1fdf9f03b029630fdbba11ea57f5451977e286f41a73230f1397cbc31487
                                                                                              • Instruction Fuzzy Hash: 14A1A361B0EA8D4FD7A6DB6C98759347BE1EF56710B0A01FBD08DC71A7DA18AC028741
                                                                                              Function 00007FFD9B413368 Relevance: .3, Instructions: 335COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000C.00000002.1816007768.00007FFD9B410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B410000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_12_2_7ffd9b410000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 52b73c22a81578121e841ae2e8d80948671df615fff04216327eb180a62d8ccd
                                                                                              • Instruction ID: 03107f15970ec65a6156fa7f5fed4fe5d4a315242093c46954e9fb63d875f0ef
                                                                                              • Opcode Fuzzy Hash: 52b73c22a81578121e841ae2e8d80948671df615fff04216327eb180a62d8ccd
                                                                                              • Instruction Fuzzy Hash: F2C1CE70E0E64D9FDBA5DB6884617A8BBF0EF65304F1101BAC00DE72A2DA796D85CB01
                                                                                              Function 00007FFD9B41C536 Relevance: .3, Instructions: 334COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000C.00000002.1816007768.00007FFD9B410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B410000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_12_2_7ffd9b410000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: af6c7b86013156ab003b4c8ed143fda21fee5086b02a36483ce1b0cdc559edf8
                                                                                              • Instruction ID: 4b68da7470e3bc8bb4bde957bf9ef106be8c7d956a7652b5b9d0f8d7d7358c86
                                                                                              • Opcode Fuzzy Hash: af6c7b86013156ab003b4c8ed143fda21fee5086b02a36483ce1b0cdc559edf8
                                                                                              • Instruction Fuzzy Hash: 29B1B630A09A4D8FEB68DF28C8957E93BD1FF55310F04426EE85DC7296CB749945CB82
                                                                                              Function 00007FFD9B41D7BE Relevance: .3, Instructions: 331COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000C.00000002.1816007768.00007FFD9B410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B410000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_12_2_7ffd9b410000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 242da9637d656d1eee80e27af4d602930a4f1a1ee6877cb6457721222797a497
                                                                                              • Instruction ID: ca18efb850a6a756ebb5779c4183ef13e0661dc0ded84f898cbb95f642ad49c5
                                                                                              • Opcode Fuzzy Hash: 242da9637d656d1eee80e27af4d602930a4f1a1ee6877cb6457721222797a497
                                                                                              • Instruction Fuzzy Hash: CBC1C770A19A5D8FDF94EF58C894BA8BBF1FF69304F0141AAD00DE7261DA74AD85CB40
                                                                                              Function 00007FFD9B416F68 Relevance: .3, Instructions: 316COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000C.00000002.1816007768.00007FFD9B410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B410000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_12_2_7ffd9b410000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 39f669cfa18ff11433a16760406d175854426a0a9d9a63b24e3aa39c6410a911
                                                                                              • Instruction ID: 227014c13cd43a184665371df7c4a1c266bb967b35636f89e1a16816ad8067cb
                                                                                              • Opcode Fuzzy Hash: 39f669cfa18ff11433a16760406d175854426a0a9d9a63b24e3aa39c6410a911
                                                                                              • Instruction Fuzzy Hash: 81916D72F0EA4C0FE768DBAC88656B97BD1EF65314B0442BFD04DC71A7DD24A9069381
                                                                                              Function 00007FFD9B41D080 Relevance: .3, Instructions: 313COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000C.00000002.1816007768.00007FFD9B410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B410000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_12_2_7ffd9b410000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 57992326031956be01ec0e8664f142b7ce7398df168a79dcc9205420f6396196
                                                                                              • Instruction ID: 22f6163722f2064cf3cd95245b576e1a5a4d213ad64abf5d1de315358dc049de
                                                                                              • Opcode Fuzzy Hash: 57992326031956be01ec0e8664f142b7ce7398df168a79dcc9205420f6396196
                                                                                              • Instruction Fuzzy Hash: 88B1C471E0DA4D8FDBA5DBA8C865AECBFF1EF69304F0501BAD009D71A2CA389945C741
                                                                                              Function 00007FFD9B411B2F Relevance: .3, Instructions: 251COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000C.00000002.1816007768.00007FFD9B410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B410000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_12_2_7ffd9b410000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e68ba2035e056651772aa9cf418a2df051459227bc3b3cb23d94ab66d425164a
                                                                                              • Instruction ID: 43b72f623ea00c689c6c70159543a3781b3c843c3c5aace938d56023bce6869d
                                                                                              • Opcode Fuzzy Hash: e68ba2035e056651772aa9cf418a2df051459227bc3b3cb23d94ab66d425164a
                                                                                              • Instruction Fuzzy Hash: 6CA14A30E0962D8FEBA5DB18C8957F8B7B1EF69304F4141B5D00DD76A5CA74AE84DB40
                                                                                              Function 00007FFD9B41E641 Relevance: .2, Instructions: 202COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000C.00000002.1816007768.00007FFD9B410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B410000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_12_2_7ffd9b410000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 61be72d087115afe3ce68aede878f86f9b214a8ceb62b0306d8967f2819a73fd
                                                                                              • Instruction ID: f92f6efa027fbe711cfeabe435aedfb11f3cd40208d68e9e11180a0235a110a6
                                                                                              • Opcode Fuzzy Hash: 61be72d087115afe3ce68aede878f86f9b214a8ceb62b0306d8967f2819a73fd
                                                                                              • Instruction Fuzzy Hash: C8618C34E4950D8FDB94EF98C4A5AFDB7B1FF69304F511479D00AE72A1DA34A940CB50
                                                                                              Function 00007FFD9B41946C Relevance: .2, Instructions: 195COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000C.00000002.1816007768.00007FFD9B410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B410000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_12_2_7ffd9b410000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: daff11b2528e401d0ae26ef5831293840009ff75b69947c787048c4866c8f9c5
                                                                                              • Instruction ID: 28927793ce7b39c3d863c82c1b55622c6af129a15b76ff60f982b57fe095b307
                                                                                              • Opcode Fuzzy Hash: daff11b2528e401d0ae26ef5831293840009ff75b69947c787048c4866c8f9c5
                                                                                              • Instruction Fuzzy Hash: C3518431D18A1C8FDB68DB58D855BE9BBF1FF59310F0082AAD04DE3252DE34A9858F81
                                                                                              Function 00007FFD9B4163FB Relevance: .2, Instructions: 154COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000C.00000002.1816007768.00007FFD9B410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B410000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_12_2_7ffd9b410000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 114c58a98f90818a35c4465f90bd80f86f2e6d3c4546805ca47a4a25f422aa49
                                                                                              • Instruction ID: 920c92c35bb723ba2661a3ef62fc5422b6ee23dabcd5806d517c3b7b5fcfab19
                                                                                              • Opcode Fuzzy Hash: 114c58a98f90818a35c4465f90bd80f86f2e6d3c4546805ca47a4a25f422aa49
                                                                                              • Instruction Fuzzy Hash: 44415C61E0EADE4FD765DF6888614F97BA0FF66318B0506BAD458CB0E7CA34AD06C340
                                                                                              Function 00007FFD9B5004DE Relevance: .1, Instructions: 148COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000C.00000002.1816290958.00007FFD9B500000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B500000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_12_2_7ffd9b500000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2a1240d315de9fa191faf020c683567c8c43545dd54bb48f0cce679184294adc
                                                                                              • Instruction ID: fba07de3d6cbd20969be8f895b4c215f6aa19d71344f21c44e40cb64d7c84057
                                                                                              • Opcode Fuzzy Hash: 2a1240d315de9fa191faf020c683567c8c43545dd54bb48f0cce679184294adc
                                                                                              • Instruction Fuzzy Hash: FA411662B0EBC94FE797977C48665603BE1EF6661030A01FBD08DC72B7E918AC46C341
                                                                                              Function 00007FFD9B417108 Relevance: .1, Instructions: 125COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000C.00000002.1816007768.00007FFD9B410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B410000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_12_2_7ffd9b410000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f33174f7e99099763a0ba00bd18f3081aec91b6e15beb1f59f497d75e0820774
                                                                                              • Instruction ID: f3987c905a1af91b991ed1fca907287fc6775c2f1f43d2336d668ad4fe2ebbd6
                                                                                              • Opcode Fuzzy Hash: f33174f7e99099763a0ba00bd18f3081aec91b6e15beb1f59f497d75e0820774
                                                                                              • Instruction Fuzzy Hash: D5317071A0CA1C8FDB68DF9CD8596F9BBE1FBA9721F00422FD009D3251CB7069568B81
                                                                                              Function 00007FFD9B41D1A5 Relevance: .1, Instructions: 100COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000C.00000002.1816007768.00007FFD9B410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B410000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_12_2_7ffd9b410000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f49661eb7c9e9d3cd590563deda70623a0545dafe75d7fbf994ba8679ad6631e
                                                                                              • Instruction ID: 0d8e173d1c8b38c97ce3b174da7e121cf12162e8280dc7f1592f87db7707750c
                                                                                              • Opcode Fuzzy Hash: f49661eb7c9e9d3cd590563deda70623a0545dafe75d7fbf994ba8679ad6631e
                                                                                              • Instruction Fuzzy Hash: 0F31C471E0EA4D9FDBA5DBA4C8606FCBBB1FF65304F41107AD019D3192CA386A45DB41
                                                                                              Function 00007FFD9B414EFA Relevance: .1, Instructions: 93COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000C.00000002.1816007768.00007FFD9B410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B410000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_12_2_7ffd9b410000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: af69ce36d7ad5ff479a27624bb5987939a243eed44a75d73763f0058f9d49cab
                                                                                              • Instruction ID: afa9b448966a48eacb97d72459990a47725129d8fc6fc7af25a834723226011e
                                                                                              • Opcode Fuzzy Hash: af69ce36d7ad5ff479a27624bb5987939a243eed44a75d73763f0058f9d49cab
                                                                                              • Instruction Fuzzy Hash: 23212432A0EA9D0FD715EFA8E8B15D67BA0FF46324B0503BBE058C72A3C9249945C791
                                                                                              Function 00007FFD9B417DC1 Relevance: .1, Instructions: 88COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000C.00000002.1816007768.00007FFD9B410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B410000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_12_2_7ffd9b410000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 867f7ef1c160020cd4736ac43e1acd74ca1f96cb15128e9673a20ebf368195f4
                                                                                              • Instruction ID: 3af9ba987f8d912b7e5db1f29101513f7ce9c7a132c7b4710ffdcc8224ddb50f
                                                                                              • Opcode Fuzzy Hash: 867f7ef1c160020cd4736ac43e1acd74ca1f96cb15128e9673a20ebf368195f4
                                                                                              • Instruction Fuzzy Hash: 9E218270E1964D9FDB91EFA8C855AED7BF1FF59314F000076D008E7196DB3459548741
                                                                                              Function 00007FFD9B41E6D9 Relevance: .1, Instructions: 81COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000C.00000002.1816007768.00007FFD9B410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B410000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_12_2_7ffd9b410000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: dc00e8b62beffae6601e6f63f90511b98928ce04fa72272c38c82d855bf90f2a
                                                                                              • Instruction ID: 815a36d5c3983a6b509da8fb5c4621d73ce2e27ddec94a0a3b75578a283e0eb4
                                                                                              • Opcode Fuzzy Hash: dc00e8b62beffae6601e6f63f90511b98928ce04fa72272c38c82d855bf90f2a
                                                                                              • Instruction Fuzzy Hash: 24212634E4965D8FDB58DFA4D820AFEB7B1FB55300F0501BAE009D72A2CB34A950CB60
                                                                                              Function 00007FFD9B4179CC Relevance: .1, Instructions: 68COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000C.00000002.1816007768.00007FFD9B410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B410000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_12_2_7ffd9b410000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: cd76de7506554c1ec9b3158dc26a5ee06ff5c03dea2e4c0377746eb1d42e3400
                                                                                              • Instruction ID: 3d2a833675f0aa13e5c366826e6fd08f48aada988c58020e1b1f37fcc67c3f0c
                                                                                              • Opcode Fuzzy Hash: cd76de7506554c1ec9b3158dc26a5ee06ff5c03dea2e4c0377746eb1d42e3400
                                                                                              • Instruction Fuzzy Hash: FD11D3A2F1E94D4FE764EBDC88629BDBBB4EF98244F4002B6E00CD719ADD5829058351
                                                                                              Function 00007FFD9B413B7D Relevance: .1, Instructions: 63COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000C.00000002.1816007768.00007FFD9B410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B410000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_12_2_7ffd9b410000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 60967acc0b7311638489a15b7844cc1423fa38b1a4792fb965edc9433d3f748d
                                                                                              • Instruction ID: ebd867afe7e10f46851a486af91dbae9958f451d60ba0253d303e38f1d08e52d
                                                                                              • Opcode Fuzzy Hash: 60967acc0b7311638489a15b7844cc1423fa38b1a4792fb965edc9433d3f748d
                                                                                              • Instruction Fuzzy Hash: BF110071E0D68D9FDB54DBA4C4626FEBBB0EF55304F0142BAE009D71D3EE6865448B40
                                                                                              Function 00007FFD9B41483D Relevance: .1, Instructions: 63COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000C.00000002.1816007768.00007FFD9B410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B410000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_12_2_7ffd9b410000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8d191702ab0d957ced6ecc9c997eac0941042e16dc3fb617b2c1290fef859dec
                                                                                              • Instruction ID: 35dc15e50c2e933f96ae0e5d27b645b42884a5d66c2068c85758efa8f84b63e3
                                                                                              • Opcode Fuzzy Hash: 8d191702ab0d957ced6ecc9c997eac0941042e16dc3fb617b2c1290fef859dec
                                                                                              • Instruction Fuzzy Hash: 9111E926E0F6CD0FEB20BF6898B11E93FA0FF52218F0516B6D45C870E3DD2465468680
                                                                                              Function 00007FFD9B4132C5 Relevance: .0, Instructions: 44COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000C.00000002.1816007768.00007FFD9B410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B410000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_12_2_7ffd9b410000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: bbe219dd8fbc62ed26944d0e2aee85baf8c923c7f5d3e4fc4e21eb5e29a0d22b
                                                                                              • Instruction ID: 4ac13fee32babd29850b498b597ce5d7e1bb25b66c981c156f75d7c5aed8a2e9
                                                                                              • Opcode Fuzzy Hash: bbe219dd8fbc62ed26944d0e2aee85baf8c923c7f5d3e4fc4e21eb5e29a0d22b
                                                                                              • Instruction Fuzzy Hash: F8016270D0950D9FDB50EFA4C4566FDBBB1EF5A309F105175D008E3191CA385644DB44
                                                                                              Function 00007FFD9B414A52 Relevance: .0, Instructions: 20COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000C.00000002.1816007768.00007FFD9B410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B410000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_12_2_7ffd9b410000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 14a0ca8bba5b5f00c68c90b6e1d8fe6a5a0bb7fff0d032363f4587f42968bf7d
                                                                                              • Instruction ID: 63aa9b112018f475a58d2564ba7dcb0cd2d858e2e4451726c301949cc80e966f
                                                                                              • Opcode Fuzzy Hash: 14a0ca8bba5b5f00c68c90b6e1d8fe6a5a0bb7fff0d032363f4587f42968bf7d
                                                                                              • Instruction Fuzzy Hash: E6E0BF30A0660D8FD794EF64D46566577A2FF56304F52547CD41DC72A2CE369941CB00
                                                                                              Function 00007FFD9B416E93 Relevance: .0, Instructions: 7COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000C.00000002.1816007768.00007FFD9B410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B410000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_12_2_7ffd9b410000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4db7e997fc44cbe5bcde5953b4116c764836bf346ba6dd5c1a6b7f147ab74357
                                                                                              • Instruction ID: 9895f380516aa176d5d9cbd81ccfb8ff2c997667fa5936fa125e64b1819dd003
                                                                                              • Opcode Fuzzy Hash: 4db7e997fc44cbe5bcde5953b4116c764836bf346ba6dd5c1a6b7f147ab74357
                                                                                              • Instruction Fuzzy Hash: 5DA00202FCB46E01D45460DD78520D8B649C796175BC73572ED0C8815A989E5BD61285

                                                                                              Executed Functions

                                                                                              Function 00007FFD9B6168FB Relevance: 2.1, Strings: 1, Instructions: 865COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 79_L
                                                                                              • API String ID: 0-625708347
                                                                                              • Opcode ID: 2721a1b64668a3ba2ce561bef756d9c07266e2b8a81b0c2d1549dfd87fd66601
                                                                                              • Instruction ID: 8ff72c0bfd862f8a5ed836f8ea08039ee57a24eaafe0e57a39c94bb72dc95f3b
                                                                                              • Opcode Fuzzy Hash: 2721a1b64668a3ba2ce561bef756d9c07266e2b8a81b0c2d1549dfd87fd66601
                                                                                              • Instruction Fuzzy Hash: A7223B62B1ED5F0FEBA8AB6C64742B967D2EF9835070542BAD41DC72DADD18BD024380
                                                                                              Function 00007FFD9B61E2FA Relevance: 1.4, Instructions: 1361COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6da134553839657687f63c5499d54f300ab7801b028fb0081275d7b912d19b6f
                                                                                              • Instruction ID: bb6ae33f89fd745ca4f492d3ef1cd7f90d6645463798b8c4d9c30578fa9561df
                                                                                              • Opcode Fuzzy Hash: 6da134553839657687f63c5499d54f300ab7801b028fb0081275d7b912d19b6f
                                                                                              • Instruction Fuzzy Hash: EE92A331B19A494FEBA4EB6CC464B6577E1FF98310F0541BAD09ECB2A6DE28FC418741
                                                                                              Function 00007FFD9B40CFB8 Relevance: .8, Instructions: 756COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 24f1e63bd736968ecfdfeb5b79480266886bf09ebe6118d4c2151cfeb5cacec7
                                                                                              • Instruction ID: 543fbc63c72883daf252b9a56114de5d9e64aa4721ad3c09e15cf0801c78ecf5
                                                                                              • Opcode Fuzzy Hash: 24f1e63bd736968ecfdfeb5b79480266886bf09ebe6118d4c2151cfeb5cacec7
                                                                                              • Instruction Fuzzy Hash: 11323D30B1DB894FD765DB6884A16B67BE1FF96304F0541BED0CAC71A3DE28A942C742
                                                                                              Function 00007FFD9B61AC97 Relevance: .7, Instructions: 703COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 225d20399053d0aa2e98e6f5c993a2fcb2ed73d00087b5e345e62d17950e4e99
                                                                                              • Instruction ID: a2c2cecc9186ed8eef33c55bb2e40c9b3b0ae549ccd7e6381fec876c3c5e8f4e
                                                                                              • Opcode Fuzzy Hash: 225d20399053d0aa2e98e6f5c993a2fcb2ed73d00087b5e345e62d17950e4e99
                                                                                              • Instruction Fuzzy Hash: 3332D730B1DA4D4FDB59EBA884B56B8BBF1EF95300F1441BDC05DDB2A6CE29A942C701
                                                                                              Function 00007FFD9B620CFF Relevance: .6, Instructions: 554COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 86a674c00f0c176f7d2b76ace6c911962fd381c8e295770e8462ea300e5c1afc
                                                                                              • Instruction ID: 99a1e040a50200ee671d0e9ca9a841175426a80c0ab3272df722e6f4377026a8
                                                                                              • Opcode Fuzzy Hash: 86a674c00f0c176f7d2b76ace6c911962fd381c8e295770e8462ea300e5c1afc
                                                                                              • Instruction Fuzzy Hash: 3A02C412A0F6961FFB25B7BCA8B55E53F61EF0232870902B7D0A9CF0E7DD0875868255
                                                                                              Function 00007FFD9B620D73 Relevance: .5, Instructions: 480COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d10f3c81870a4b04086e226c57fd01d85086f78cf270d3471b8ab084162b54f4
                                                                                              • Instruction ID: f472a89240ac31dc3ffaedeffe82d3027a54aaada7aa36357d60d86498efd51a
                                                                                              • Opcode Fuzzy Hash: d10f3c81870a4b04086e226c57fd01d85086f78cf270d3471b8ab084162b54f4
                                                                                              • Instruction Fuzzy Hash: 96E1A313A0F2A61EEB15B7BC68B54E53F61EF0222871903F7D0A88F0E7DD0875868295
                                                                                              Function 00007FFD9B626922 Relevance: .3, Instructions: 341COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 35d538605e9f478576c09590f5db03affbeb6d7adb991d5d8a5e0e580bb702e2
                                                                                              • Instruction ID: 814b74e5c59b89f39abdba19e38a9c2c5a771af215309fa63f3b0bb406bfd6f3
                                                                                              • Opcode Fuzzy Hash: 35d538605e9f478576c09590f5db03affbeb6d7adb991d5d8a5e0e580bb702e2
                                                                                              • Instruction Fuzzy Hash: 9CC15E71E0A55D8FEBA5DF68C8A47E8B7B1EF55300F1041A9D01DEB2A5CE35AA85CF00
                                                                                              Function 00007FFD9B626755 Relevance: .1, Instructions: 141COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 06f14090b8022f46783a557783bd95cd6ca2b499075f6690c1d3c9851b7ec352
                                                                                              • Instruction ID: 8fd40b0cb8b4b27d1672551bafc364ce2bb5fb4850445f98cebfe7aac34686e9
                                                                                              • Opcode Fuzzy Hash: 06f14090b8022f46783a557783bd95cd6ca2b499075f6690c1d3c9851b7ec352
                                                                                              • Instruction Fuzzy Hash: 4951D870D1966D8EDBA5DF68C8957EDBBB1FF18301F5001AAD059E72A1DB386A84CF00
                                                                                              Function 00007FFD9B413B18 Relevance: 1.7, Strings: 1, Instructions: 433COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: d
                                                                                              • API String ID: 0-2564639436
                                                                                              • Opcode ID: 107b891b77ee1cf025e797d92cc21b8a27904395a0ee339dced85085ca43d19a
                                                                                              • Instruction ID: 86a23df1b4bac3f25d0a42252b86875ff9cf85d3bdf36c4bf898f9e961ef7e10
                                                                                              • Opcode Fuzzy Hash: 107b891b77ee1cf025e797d92cc21b8a27904395a0ee339dced85085ca43d19a
                                                                                              • Instruction Fuzzy Hash: 5CD14330B1DB494FD728EB5C94515B5B3E1FFA6318B1446BED08AC32A6DE35F8428B81
                                                                                              Function 00007FFD9B4103C5 Relevance: 1.6, Strings: 1, Instructions: 339COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: d
                                                                                              • API String ID: 0-2564639436
                                                                                              • Opcode ID: 8d7713f1a5ec02cee4deafc0168317da4f6c53205899291b0ee371d99731432e
                                                                                              • Instruction ID: d24c6eb9c4469d89930e4ee79881ce511b25f1e75c713366184df537c6953f73
                                                                                              • Opcode Fuzzy Hash: 8d7713f1a5ec02cee4deafc0168317da4f6c53205899291b0ee371d99731432e
                                                                                              • Instruction Fuzzy Hash: 97B1CE70B1DB098FD768DB0CD4A1575B3E1FFA8704B148A7DD48A836A6DA35F8438B81
                                                                                              Function 00007FFD9B40E9FA Relevance: 1.5, Strings: 1, Instructions: 215COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: ZL_^
                                                                                              • API String ID: 0-1300527382
                                                                                              • Opcode ID: d06e651aafbc33ef4335c15cf4c147723aa58c8d0f158e65757c68b31529cb89
                                                                                              • Instruction ID: 38ab487765f36b15a279cd4ae072bf818f40dbd79e6ebc4199067598f19d214d
                                                                                              • Opcode Fuzzy Hash: d06e651aafbc33ef4335c15cf4c147723aa58c8d0f158e65757c68b31529cb89
                                                                                              • Instruction Fuzzy Hash: 9251AD22B0E98E0FE77496AC58685B67BD1EF99A6470501FBE08DC72A3DD14AD079380
                                                                                              Function 00007FFD9B40D0B8 Relevance: 1.4, Strings: 1, Instructions: 194COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: ^L_^
                                                                                              • API String ID: 0-3269914177
                                                                                              • Opcode ID: fd36f96343ef348a6e7b0907b2adeb9c32d11e381e1cc93b09f73767942c36e1
                                                                                              • Instruction ID: 52e35c15a5c051efe6a4a2a46a676d216507649ec5925efcbda09dfa8aae3b50
                                                                                              • Opcode Fuzzy Hash: fd36f96343ef348a6e7b0907b2adeb9c32d11e381e1cc93b09f73767942c36e1
                                                                                              • Instruction Fuzzy Hash: DE51B322B1D7954FD306B7B8A4761E83BB1EF4223570942F7C189CB0E7E95828868396
                                                                                              Function 00007FFD9B40813C Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: X
                                                                                              • API String ID: 0-3081909835
                                                                                              • Opcode ID: de4bc26ff82dfef3f2f50c79a4965920f7563a772844a37538260d50db39d2d4
                                                                                              • Instruction ID: 1ed6e7bd8a5e14bea4f0f14b4eb94184bf36d77170b3e7a904cd4300f416b3ae
                                                                                              • Opcode Fuzzy Hash: de4bc26ff82dfef3f2f50c79a4965920f7563a772844a37538260d50db39d2d4
                                                                                              • Instruction Fuzzy Hash: D6615B30D0A61D8FDB64DBA8D8A47FDBBB0EF55314F5001B9D049A72E2CA382A45DB01
                                                                                              Function 00007FFD9B6100C5 Relevance: 1.4, Instructions: 1359COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1f8121585b9d2faf5c7be2a22e20fa7fcaf2e9649b3b9629f8d43303ce06d349
                                                                                              • Instruction ID: caafb63500510435645b50d1947866b94c0018bc20c5741dc392564a79a81e4e
                                                                                              • Opcode Fuzzy Hash: 1f8121585b9d2faf5c7be2a22e20fa7fcaf2e9649b3b9629f8d43303ce06d349
                                                                                              • Instruction Fuzzy Hash: 41925831A1EA8A4FEB64EB6C94A59E97BE1FF44710F0501BAD09DCB1B3DE24F8418741
                                                                                              Function 00007FFD9B611A1C Relevance: 1.0, Instructions: 1034COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8e52c1225dc0c5ed544c69c7bc63b309681a9b7724f7885f401cb37cd0d9a326
                                                                                              • Instruction ID: f641788a5dd562ec4ddf27d83b03141384f6d41416a417fdb56bb9714e416d00
                                                                                              • Opcode Fuzzy Hash: 8e52c1225dc0c5ed544c69c7bc63b309681a9b7724f7885f401cb37cd0d9a326
                                                                                              • Instruction Fuzzy Hash: 72720830B0EA4E4FEB68DBA88465AB977E2EF94304F5441BDD06DCB1A2DE25BD41C740
                                                                                              Function 00007FFD9B40CFC8 Relevance: .7, Instructions: 696COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7777bb0a3328ad34ca87bc568088ebc7c5a19831e4b5287908f556141a2f7436
                                                                                              • Instruction ID: 759bc12a29e578caffa47ee03bb94960660e22fc523c861b608659b214a8bf56
                                                                                              • Opcode Fuzzy Hash: 7777bb0a3328ad34ca87bc568088ebc7c5a19831e4b5287908f556141a2f7436
                                                                                              • Instruction Fuzzy Hash: EA221330B1D78D4FE729CB6C84A163977E1EFA6304F15557DE0EAC31A6DE28E9028742
                                                                                              Function 00007FFD9B61B2AE Relevance: .7, Instructions: 655COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ca292e19eb9c61c1b19eda80a78c255b94ce9d9c47253e0dc2dcb93631b7c93e
                                                                                              • Instruction ID: fa0618ecd870d728281dc788a699352c5dde20173c5a700a302ec7e70307a16b
                                                                                              • Opcode Fuzzy Hash: ca292e19eb9c61c1b19eda80a78c255b94ce9d9c47253e0dc2dcb93631b7c93e
                                                                                              • Instruction Fuzzy Hash: 1C22CC71B1DA4E4FDB69EB6884A59B9B7E1FF94300B0441BDC05AC71EADE28F942C740
                                                                                              Function 00007FFD9B6140E0 Relevance: .6, Instructions: 569COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 670deac959851381c81d58f96aee82c1af61bcd3f9a9cb33d9a0a946a05d602f
                                                                                              • Instruction ID: 342855d1b3eca25a49d2117799ef97e4dd4f6ff9a4c7f0526f97846d9575057c
                                                                                              • Opcode Fuzzy Hash: 670deac959851381c81d58f96aee82c1af61bcd3f9a9cb33d9a0a946a05d602f
                                                                                              • Instruction Fuzzy Hash: 5CF158A1B1DA8F4FEBAC9B6C94655B977D2EF94340B4401BEE06DC71E6DE24BD028340
                                                                                              Function 00007FFD9B614F40 Relevance: .5, Instructions: 526COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0d94e82f90db890a106e2bd3aeb0cb0f1a8eb85bd31562b25f95fe5873303edc
                                                                                              • Instruction ID: 12797319056e731aae1eaa11bd71da8f7e26d8098277d41271deee5fbf8db201
                                                                                              • Opcode Fuzzy Hash: 0d94e82f90db890a106e2bd3aeb0cb0f1a8eb85bd31562b25f95fe5873303edc
                                                                                              • Instruction Fuzzy Hash: AEF15E62B0EB8A0FD729EBBC94A55E5BBE1FF4134470942FAD0598B1E7ED14BD418380
                                                                                              Function 00007FFD9B61010D Relevance: .5, Instructions: 522COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c0bd48d90bcfa902f1f8cac67f33cae8a76d28d733d853803c5e604c74e208d3
                                                                                              • Instruction ID: 9a5a2641a03789431d5e8076f7caa3c77d7a6f66916d1f03a8d0195b8e035f68
                                                                                              • Opcode Fuzzy Hash: c0bd48d90bcfa902f1f8cac67f33cae8a76d28d733d853803c5e604c74e208d3
                                                                                              • Instruction Fuzzy Hash: 1DF11622A1E69A4FE765BB7CA4B59E53BA0FF01724F0942B6D0DD8F0E3DD64B4818340
                                                                                              Function 00007FFD9B40A020 Relevance: .5, Instructions: 476COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 13aa641593bddf6cf42dd190ccff33d8f9c529d02d15f3f66828d14eca7265d3
                                                                                              • Instruction ID: 35be14ecf38d32f78044dd47f11ffdd010b74bdf86729d011001779d63616f2c
                                                                                              • Opcode Fuzzy Hash: 13aa641593bddf6cf42dd190ccff33d8f9c529d02d15f3f66828d14eca7265d3
                                                                                              • Instruction Fuzzy Hash: F3E1B671B1DB4D4FE764EF1884656AAB7D1FFA8314F00457EE08DC32A2DE34A9428742
                                                                                              Function 00007FFD9B6101D3 Relevance: .5, Instructions: 465COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 523aa0f079fd25ede47163d8de3605315a99988cd6a2268fdacf462220c601a1
                                                                                              • Instruction ID: a03c061de54d883af4c25d4874d86d62123f21b705cb4ca0133fcf70fdd127df
                                                                                              • Opcode Fuzzy Hash: 523aa0f079fd25ede47163d8de3605315a99988cd6a2268fdacf462220c601a1
                                                                                              • Instruction Fuzzy Hash: EDE10422A1E6994FE765BB7CA4B59E53BA0FF05724F0942BAD0DD8F0A3DD64B4818340
                                                                                              Function 00007FFD9B61C865 Relevance: .5, Instructions: 456COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7995aeec4770e33c4ab2343d23cf739ecee3f35be7ede94d56d4e48769a7caf2
                                                                                              • Instruction ID: 92b767da0d8dfe2366f22bc149fa4c42a3a5765c00ef53029a45ee73571f1a43
                                                                                              • Opcode Fuzzy Hash: 7995aeec4770e33c4ab2343d23cf739ecee3f35be7ede94d56d4e48769a7caf2
                                                                                              • Instruction Fuzzy Hash: 6EE14B30A09A4D8FDFD4EF58C4A4AA937E2FFA8744F151169E41DDB2A5CE31E841CB81
                                                                                              Function 00007FFD9B6102DD Relevance: .4, Instructions: 441COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f71e59def0d6e85695d8abc919f880c0591f72ae098657f4f35bfee9c04a1fab
                                                                                              • Instruction ID: ad6f95d1b5215470db186cd20494c98f1d1ed97bd18803f1d0e313f6f8d1dc54
                                                                                              • Opcode Fuzzy Hash: f71e59def0d6e85695d8abc919f880c0591f72ae098657f4f35bfee9c04a1fab
                                                                                              • Instruction Fuzzy Hash: 9CD13322A1EB894FE765EB7C94649E57BE0EF05714F0901BAD09DCF1A3DD24B8818341
                                                                                              Function 00007FFD9B40D9E9 Relevance: .4, Instructions: 439COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d31e457e2e507a460e3a12da7cd3f968107efdb964d139729951443ce0e1623a
                                                                                              • Instruction ID: d2a73751fea4b96d82e7a69e6aeb322f86290c4aea3453e161986a6d252ba651
                                                                                              • Opcode Fuzzy Hash: d31e457e2e507a460e3a12da7cd3f968107efdb964d139729951443ce0e1623a
                                                                                              • Instruction Fuzzy Hash: B5D1663170DB4D4FDB68DB58D855AA1B7E1EFA5310F04027ED48DC32A2DE26E84AC782
                                                                                              Function 00007FFD9B613F90 Relevance: .4, Instructions: 412COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 20e54aa1b66701a21393938b9c169ad3e75d090172b54f52dc762857dcd5e5e4
                                                                                              • Instruction ID: 46f5b777798b90df84a9427319cf1ceef6469046766680a342ab5155091371a0
                                                                                              • Opcode Fuzzy Hash: 20e54aa1b66701a21393938b9c169ad3e75d090172b54f52dc762857dcd5e5e4
                                                                                              • Instruction Fuzzy Hash: 65C10762B1DE4E4FEB6C9BAC94A5579B7D2EF94300B4501BDD02ECB1E6ED25FD018280
                                                                                              Function 00007FFD9B40AAE8 Relevance: .4, Instructions: 409COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c0cbb5aed648a17e60195c0b904306b95a414048928864a2fd4842dd9d22e728
                                                                                              • Instruction ID: 4fcf88fd6b418b5d072d8008b5e6d321b386e2bf719ff682cbb1f8055dd6e2c6
                                                                                              • Opcode Fuzzy Hash: c0cbb5aed648a17e60195c0b904306b95a414048928864a2fd4842dd9d22e728
                                                                                              • Instruction Fuzzy Hash: 29C10521B0EA4E0FEBA9DB6C846877477D1EF55304F0641BAD48DCB2E3DE18AD059345
                                                                                              Function 00007FFD9B58208C Relevance: .4, Instructions: 387COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2972902578.00007FFD9B580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B580000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b580000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0db549e59ba74acff164129cce7f0b130c430dded2a56ccb3c74fb4c974223cc
                                                                                              • Instruction ID: 8b916fa3386ac16933a390b9151d43b09518342cc13e57d487cc681174451cc7
                                                                                              • Opcode Fuzzy Hash: 0db549e59ba74acff164129cce7f0b130c430dded2a56ccb3c74fb4c974223cc
                                                                                              • Instruction Fuzzy Hash: 2EC17362A1FBC94FDB939BB448795957FB0EF12200F4A41EBC098CB1E3D9296545C711
                                                                                              Function 00007FFD9B40A7FA Relevance: .4, Instructions: 384COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 17a33b4c41554a86cba7aad527b52f2f9740fbcab5f36ce9ad21e97dfa1909f8
                                                                                              • Instruction ID: 2dd20a5f7ee144491daa867bbb5681c262ce65820dc3d69998050c46c8dd9205
                                                                                              • Opcode Fuzzy Hash: 17a33b4c41554a86cba7aad527b52f2f9740fbcab5f36ce9ad21e97dfa1909f8
                                                                                              • Instruction Fuzzy Hash: E1B11B53B0FADE0BE77563FCA8311BC7F61EF416A470902FBD0D8460E79C096A466292
                                                                                              Function 00007FFD9B61FDFA Relevance: .4, Instructions: 372COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3611ed581f9618810afb9df66482edd326bb71feec823e158828389bad2b5e5a
                                                                                              • Instruction ID: 1db2940529d355839221788af42695a722316c96e5ce3ee2e0dc6241a6d9d253
                                                                                              • Opcode Fuzzy Hash: 3611ed581f9618810afb9df66482edd326bb71feec823e158828389bad2b5e5a
                                                                                              • Instruction Fuzzy Hash: D4B1D722A1E6965FE715BB7CA4F58E53FA0EF0222871903B7D0ED8B0E7DD0875868345
                                                                                              Function 00007FFD9B4133F3 Relevance: .4, Instructions: 357COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b1036afee28e8e954d44905b3f9126449aeb1fdbba8d691c0d788656e20853c5
                                                                                              • Instruction ID: a9e4eae8a78b33e7eaa73dbceca842dc5369ae36e289ff801fbad18d3363a6c2
                                                                                              • Opcode Fuzzy Hash: b1036afee28e8e954d44905b3f9126449aeb1fdbba8d691c0d788656e20853c5
                                                                                              • Instruction Fuzzy Hash: 34B14962E0FAC91FE7669BAC58651B83FE1FFA6354B0801FBD088871F7E9156A05C740
                                                                                              Function 00007FFD9B40B8D8 Relevance: .4, Instructions: 356COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: bec27dc6f955c739704ea6ca0a0ea5127a21fe0d9d975a2320ee27bd3ca0c6f1
                                                                                              • Instruction ID: 63c71a16db6d031f9a640621299f4622cddf5790e923bc87bb7937d4ccced900
                                                                                              • Opcode Fuzzy Hash: bec27dc6f955c739704ea6ca0a0ea5127a21fe0d9d975a2320ee27bd3ca0c6f1
                                                                                              • Instruction Fuzzy Hash: C4B11831B0DA4D0FDBA9EBA894606B577E1FF49324B0542BEC48DC71E7CD18A946E341
                                                                                              Function 00007FFD9B4086DA Relevance: .4, Instructions: 354COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: cc5f41810985d8308ad24110ba6328d0c7ea4dd764766c26fb7152f77d9dffc5
                                                                                              • Instruction ID: 1e8eebf7cce5670d483861d6af40e0851b7ccd00ace2a25e520da45c44bd985e
                                                                                              • Opcode Fuzzy Hash: cc5f41810985d8308ad24110ba6328d0c7ea4dd764766c26fb7152f77d9dffc5
                                                                                              • Instruction Fuzzy Hash: C7C1F731E0E65D4FE764DBA8C8657E8BBF1EF46314F0502BAD08DD71A2CA381946DB41
                                                                                              Function 00007FFD9B61CCD2 Relevance: .4, Instructions: 350COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 88b520b4b141a74a21310c9d875fffbd5d33d925fb8e9e46c2f96c6fcb57f703
                                                                                              • Instruction ID: bd1426b5b2056ead8d26e7276d631bc78c856b3dc8459c77ae99dad35053ea46
                                                                                              • Opcode Fuzzy Hash: 88b520b4b141a74a21310c9d875fffbd5d33d925fb8e9e46c2f96c6fcb57f703
                                                                                              • Instruction Fuzzy Hash: 0BA14931B0EB8D0FD7659B6894A56797BE1EF95310F0501BED49DCB2A2CE19B902C382
                                                                                              Function 00007FFD9B61FE88 Relevance: .3, Instructions: 340COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 510956048979d2aa433123ee166ff6fb039de76c4a97ae7103002e022765e15d
                                                                                              • Instruction ID: cc85a6280fa3ffdd52a85e1a02ebfd7543b228ddc76a057c6394c3f8aaed8bb5
                                                                                              • Opcode Fuzzy Hash: 510956048979d2aa433123ee166ff6fb039de76c4a97ae7103002e022765e15d
                                                                                              • Instruction Fuzzy Hash: 27A1F622A0E69A5FE715EB6C98F58E43FA0FF0622871903B6D0ADCB0E7DD14B5468345
                                                                                              Function 00007FFD9B413BF8 Relevance: .3, Instructions: 331COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d7d7fbde2407b33665a6470e5c591b908c4aa427474fb62a169a6f48c0d512e2
                                                                                              • Instruction ID: 1362cf771bca27490be3612134e5109b398985a811b4d37e5249948f9101c4a1
                                                                                              • Opcode Fuzzy Hash: d7d7fbde2407b33665a6470e5c591b908c4aa427474fb62a169a6f48c0d512e2
                                                                                              • Instruction Fuzzy Hash: 14A13430B1DE498FDB69DB6CC4A4AB177E1EF65314B1506BDC08EC71A6DA25F842CB80
                                                                                              Function 00007FFD9B40DE79 Relevance: .3, Instructions: 326COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 15bb12c36c8669365ab2f4ee922878f5e2a9dbdd4763f589d9cb23c01f3f9e5a
                                                                                              • Instruction ID: 4180f8469c42e2709326b5283275a3b48530fef68a3135fc4205fb4912d5d449
                                                                                              • Opcode Fuzzy Hash: 15bb12c36c8669365ab2f4ee922878f5e2a9dbdd4763f589d9cb23c01f3f9e5a
                                                                                              • Instruction Fuzzy Hash: 9E917971B1DA890FE758EB2C986597537E0EFA9314B0441BEE4CDC32A7DE14EC028382
                                                                                              Function 00007FFD9B415760 Relevance: .3, Instructions: 313COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: cd3b536bf17cbbd56cbe6bb72255b8320d3013b11811569c820fabb5eff88502
                                                                                              • Instruction ID: acfaa3bdee77bc21455592606f45480ac307cfc9121a170cdcbcbbb5f4a28d9a
                                                                                              • Opcode Fuzzy Hash: cd3b536bf17cbbd56cbe6bb72255b8320d3013b11811569c820fabb5eff88502
                                                                                              • Instruction Fuzzy Hash: 40816853F0FA9E0FF7B195AD68B55F52BE0EFB16A870A52B7D089C60A3EC0859034351
                                                                                              Function 00007FFD9B619E9D Relevance: .3, Instructions: 312COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e91189b2a15281f2744226073c93f4c200a172fb6dddf1199e8f66ca67b7242e
                                                                                              • Instruction ID: 160c9a68c245da0f071630bb095357e908ef58ff689667df33c297a16784961f
                                                                                              • Opcode Fuzzy Hash: e91189b2a15281f2744226073c93f4c200a172fb6dddf1199e8f66ca67b7242e
                                                                                              • Instruction Fuzzy Hash: 93A14630B0E68B0FE329976888651B87BD5EF82315F1591BEC4AACE1E7DD2875868301
                                                                                              Function 00007FFD9B40E960 Relevance: .3, Instructions: 310COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f7d686bb543f559482b47002d9ed7597d7b62dec185a6db420f6459e60552afe
                                                                                              • Instruction ID: 7d6e77f790bb65f8d657abac87c655e926d8c712040418b852c7bf0a0edcf4a1
                                                                                              • Opcode Fuzzy Hash: f7d686bb543f559482b47002d9ed7597d7b62dec185a6db420f6459e60552afe
                                                                                              • Instruction Fuzzy Hash: E5811C71B1DD0D0FE7A8E75C98657B923C2EFA8365F0601BAE44DC72E6DE18AD424341
                                                                                              Function 00007FFD9B612CA9 Relevance: .3, Instructions: 309COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2f5970252acfb4956637f4e9bc7baa4a469c7eefdb51b2dfca7969b8cf4ff5ad
                                                                                              • Instruction ID: 603bcbbaa1ea042c130da60c4545809c3a798a5384ae11a118d8ee375e38b05c
                                                                                              • Opcode Fuzzy Hash: 2f5970252acfb4956637f4e9bc7baa4a469c7eefdb51b2dfca7969b8cf4ff5ad
                                                                                              • Instruction Fuzzy Hash: 8C912862B0EACA0FE7659BBC54642B17BE1EF96344B0501FAC4A8CF2A7DD197D428341
                                                                                              Function 00007FFD9B414894 Relevance: .3, Instructions: 305COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 97c7ff3314d9bb43a811cd14d4254ff692244eec6e5423914c773ab0945273c9
                                                                                              • Instruction ID: 99df0d92e2f9d00c3e6a31933c1b84156acd781e56280db96fbc75b0776882ee
                                                                                              • Opcode Fuzzy Hash: 97c7ff3314d9bb43a811cd14d4254ff692244eec6e5423914c773ab0945273c9
                                                                                              • Instruction Fuzzy Hash: 8F913630B2DB4E4FD768DF6884955B6B3E0FF66314B11167DD09AC31A6EE24F8428B80
                                                                                              Function 00007FFD9B413C20 Relevance: .3, Instructions: 297COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f5823e048e53ad159f57715b6aac438a9a3850d25898ca8149c2759cbd678722
                                                                                              • Instruction ID: 17940c3b15cfb7e728abcffe7fe38acffc4938fb9aeeb24fd6bdb530652cc4bf
                                                                                              • Opcode Fuzzy Hash: f5823e048e53ad159f57715b6aac438a9a3850d25898ca8149c2759cbd678722
                                                                                              • Instruction Fuzzy Hash: 4E916830B2EB4D4FD728DF6884955B677E0EF66314F11167ED48AC31A2DE24F8428B81
                                                                                              Function 00007FFD9B4073E1 Relevance: .3, Instructions: 294COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d8edb20546738d7ee4347ea4c29dad0ce03e6806b82b58b99fb8cd118642f61d
                                                                                              • Instruction ID: 598cf40a826f71c13458bff2445e167f0e2838b403d5f35a6e153fea4c150a4e
                                                                                              • Opcode Fuzzy Hash: d8edb20546738d7ee4347ea4c29dad0ce03e6806b82b58b99fb8cd118642f61d
                                                                                              • Instruction Fuzzy Hash: 37B12A70E09A5D8FDB95DFA8C4A4BEDBBB1FF59304F1041A9C04DE72A1CA34A981DB41
                                                                                              Function 00007FFD9B6135E0 Relevance: .3, Instructions: 290COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 462e567eb48a11a9d15577b63d0ed60b31a344de884dc60fb5aa0615db92afe5
                                                                                              • Instruction ID: 7aee2eb36e0e844f6afd9434f0b3f9c0b7306a0181c9b0c0d294a5007d568047
                                                                                              • Opcode Fuzzy Hash: 462e567eb48a11a9d15577b63d0ed60b31a344de884dc60fb5aa0615db92afe5
                                                                                              • Instruction Fuzzy Hash: 92912B31B0DA4D5FEBA5DB6C84647A97BE2EF99300F0900BDD05ECB2A6DE25B941C740
                                                                                              Function 00007FFD9B43E7B0 Relevance: .3, Instructions: 285COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 98a10bb7d8dcee5441f799427f83de84191dbd4a48a9bbbfb5117db7740718f0
                                                                                              • Instruction ID: 5c888924cdb2c7ddef9b43278831b6f566b2586cb2d5bf8542d14b68cfd58bfd
                                                                                              • Opcode Fuzzy Hash: 98a10bb7d8dcee5441f799427f83de84191dbd4a48a9bbbfb5117db7740718f0
                                                                                              • Instruction Fuzzy Hash: 5B81F331B0EA0D4FEBA8DB58D8556B573E1FF95324B19067ED04EC32A2DA35B8438750
                                                                                              Function 00007FFD9B403FFD Relevance: .3, Instructions: 285COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 738e9b05c83051bf6371c78c9ad7d5a0083465a497dda206cce136e0c54f1701
                                                                                              • Instruction ID: 99520e252d4154ed5b099a090f0f8bf7837554882523a65233492fa6d3abd343
                                                                                              • Opcode Fuzzy Hash: 738e9b05c83051bf6371c78c9ad7d5a0083465a497dda206cce136e0c54f1701
                                                                                              • Instruction Fuzzy Hash: 42912631E0A64D4FE764DBA4D4652F8BBB0EF56314F45027EC09D971E2CA382A46DB81
                                                                                              Function 00007FFD9B40A015 Relevance: .3, Instructions: 278COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: cddd95b6e8ebc497025f80cbd28d1d061e677a7180e547ce0e046f62fb5e4a13
                                                                                              • Instruction ID: da9d3441eb8512e2eb50f4a0628bdad00fddec656c83a90acddd0023cf4feb2e
                                                                                              • Opcode Fuzzy Hash: cddd95b6e8ebc497025f80cbd28d1d061e677a7180e547ce0e046f62fb5e4a13
                                                                                              • Instruction Fuzzy Hash: 81816B72A0EF8D4FE764AB5884697A5B7D1FFB4354F04067ED08DC71A2CE28B9429341
                                                                                              Function 00007FFD9B4070FB Relevance: .3, Instructions: 265COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 71b0cc5e43a05ea09fc72226e03057b9ba5e5b1ea3ba7765eb90a70a08163d41
                                                                                              • Instruction ID: fe8673832cbdd9165f997c8a03e94fce173f42e81f25ebe5ae4b14c149f40ad5
                                                                                              • Opcode Fuzzy Hash: 71b0cc5e43a05ea09fc72226e03057b9ba5e5b1ea3ba7765eb90a70a08163d41
                                                                                              • Instruction Fuzzy Hash: 7E717D22F0A9190BE365BBACE8665F87BD0FF95364B050277D04DCB2E7CD14684683C2
                                                                                              Function 00007FFD9B40A0A0 Relevance: .3, Instructions: 261COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a3dffba3826fe8bd28d80fd05af7322fd9f0be3eb0e6d1f1d777f2040a88fcbd
                                                                                              • Instruction ID: a594d77ffa83e64a78bc2595a260660b4ba2260211e46422c5b75ffddc3043cc
                                                                                              • Opcode Fuzzy Hash: a3dffba3826fe8bd28d80fd05af7322fd9f0be3eb0e6d1f1d777f2040a88fcbd
                                                                                              • Instruction Fuzzy Hash: 5C713761F0D94D0FE7A8EB6C947967877D2EFA8310B4101BEE44EC32A7DD28AD024341
                                                                                              Function 00007FFD9B419C10 Relevance: .3, Instructions: 258COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8bdefa3933cedc70c8599798eaa75a2d5a2f5cc9ec7af0aaa1e67e39f5d6a48b
                                                                                              • Instruction ID: 39f55939e40744ba253d450453c87924b8d33b7b4209ba1407c964ca9869b100
                                                                                              • Opcode Fuzzy Hash: 8bdefa3933cedc70c8599798eaa75a2d5a2f5cc9ec7af0aaa1e67e39f5d6a48b
                                                                                              • Instruction Fuzzy Hash: FE71F430F1AA4E4FEB799B6C84AD57577D1FF69304B0514BED08EC32A6ED28B8429341
                                                                                              Function 00007FFD9B439AC0 Relevance: .2, Instructions: 242COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2b039192a8e553ecf6d365323075316c5176a8d50d7fe664ccc3e02df3ed3606
                                                                                              • Instruction ID: 688dc9de7230fb6605a1e07408568ae4f6b44cae4c92e8f4e8885c292faa1fb6
                                                                                              • Opcode Fuzzy Hash: 2b039192a8e553ecf6d365323075316c5176a8d50d7fe664ccc3e02df3ed3606
                                                                                              • Instruction Fuzzy Hash: 86713920A1E28D1FE325A7B8487A9BABBE1DF86314F0804FDD099C71F7DC1D69428342
                                                                                              Function 00007FFD9B40D76E Relevance: .2, Instructions: 235COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9a7f2afc66ceae15c0aaab41f9bba63b59f9f9a998ae438c6c4cf6467c6c8c1d
                                                                                              • Instruction ID: 6df1ff32f8391fd60534da74645796977e768cfc27b4d2f52af4e6a68b669271
                                                                                              • Opcode Fuzzy Hash: 9a7f2afc66ceae15c0aaab41f9bba63b59f9f9a998ae438c6c4cf6467c6c8c1d
                                                                                              • Instruction Fuzzy Hash: 30517B73A0E98D0FE77596ACDC661B97BE0EF46364B0101BAD49DC71E3DD29290A8381
                                                                                              Function 00007FFD9B58218B Relevance: .2, Instructions: 232COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2972902578.00007FFD9B580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B580000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b580000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c00c81ceb1a6920e3ecc2518caec12f133432b85c6b436eabafa0b368350cf03
                                                                                              • Instruction ID: b7ffbb36a7e614daee57f6f2b8bc328cc0c21833d9356358b53c19e38d8813e2
                                                                                              • Opcode Fuzzy Hash: c00c81ceb1a6920e3ecc2518caec12f133432b85c6b436eabafa0b368350cf03
                                                                                              • Instruction Fuzzy Hash: 34618462A1EBC94FEB939BB848B95957FB0EF16200F4A45EBC094CB0A3D9296546C701
                                                                                              Function 00007FFD9B619BF8 Relevance: .2, Instructions: 230COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d3aadef70dfe2917e4c4f6565ba782623146b26125b430a935d8ff3634086a6c
                                                                                              • Instruction ID: 89fd8c1ae12497ccdc28ea848531a16fb3b7cb6b765f3f2a55ebfe6ac7be2f41
                                                                                              • Opcode Fuzzy Hash: d3aadef70dfe2917e4c4f6565ba782623146b26125b430a935d8ff3634086a6c
                                                                                              • Instruction Fuzzy Hash: 10710470D08A1D8FDB98DF58C885BE9BBB1FB59300F1092AAD04DE3255DB74A985CF81
                                                                                              Function 00007FFD9B6135A0 Relevance: .2, Instructions: 229COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 054a94d6fc844e2a9a44348461dab8f3edc72232c3737bb3505bc41f4f583af1
                                                                                              • Instruction ID: e732a2c27546a813846ce2fb0f6647be9741717b3d6809a63f4518681a09799a
                                                                                              • Opcode Fuzzy Hash: 054a94d6fc844e2a9a44348461dab8f3edc72232c3737bb3505bc41f4f583af1
                                                                                              • Instruction Fuzzy Hash: 7161F931B0DA4D5FEBA4DB6C88647B97BE2EF98300F0501BED05ED72A6DE24A941C740
                                                                                              Function 00007FFD9B404667 Relevance: .2, Instructions: 228COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1e90466b12e8551e1825630e3a730d8e20196d05bc5de1d7703daed6b5ef990a
                                                                                              • Instruction ID: 2f147b6b80043168f5d0a4da83e149ee88d0ec5340f16fad4462f9f24045994e
                                                                                              • Opcode Fuzzy Hash: 1e90466b12e8551e1825630e3a730d8e20196d05bc5de1d7703daed6b5ef990a
                                                                                              • Instruction Fuzzy Hash: E681E870A19A8D4FDB84EFA8C855AEDBBF1FF19304F1406B9D458D72A6DB34A842C740
                                                                                              Function 00007FFD9B40A820 Relevance: .2, Instructions: 227COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: cfc3562a16a6c058223e1f75b25020114e7b01a9b5f89272109feec21abb5758
                                                                                              • Instruction ID: 6db00b7326ec1fe2730019fa48d965dac34120b48048c161b18848adb7539d9a
                                                                                              • Opcode Fuzzy Hash: cfc3562a16a6c058223e1f75b25020114e7b01a9b5f89272109feec21abb5758
                                                                                              • Instruction Fuzzy Hash: CE61D743F0F99E0AFB7572F8A8314B87B61AF417A870947B7D0DC460E79C496A466282
                                                                                              Function 00007FFD9B414BF0 Relevance: .2, Instructions: 225COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7884d912a7578eb910a967447b1ce4003d5d541c939e608b0ed60842dbd18344
                                                                                              • Instruction ID: d67529fda9763c0c74ff38003e79ad73ad11b43585d69b41f20c28ace4475c49
                                                                                              • Opcode Fuzzy Hash: 7884d912a7578eb910a967447b1ce4003d5d541c939e608b0ed60842dbd18344
                                                                                              • Instruction Fuzzy Hash: 64510B21F0AD5D0FE7B9D76C8464B7977D1EFA9344B0A01BED04EC32A6DE14AD428781
                                                                                              Function 00007FFD9B408A55 Relevance: .2, Instructions: 224COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 68eff7a942dbc8a92cc4f7ce184e48993464455beefaac2ed0e1ba6e0aabaf9b
                                                                                              • Instruction ID: b9f0f33bde30e6cf2953deeb7c53479ec86d9c6a6c48ff4453e792aa9cb93179
                                                                                              • Opcode Fuzzy Hash: 68eff7a942dbc8a92cc4f7ce184e48993464455beefaac2ed0e1ba6e0aabaf9b
                                                                                              • Instruction Fuzzy Hash: 76710230E0E68D8FDB65DBA4D8656F9BBB0EF06314F0501BAD089EB5A2CA3D1641DB41
                                                                                              Function 00007FFD9B61725D Relevance: .2, Instructions: 220COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 00bb189dda0c3fd5820a8be69318edde31b7b400aa53849756eeb42d248fe11a
                                                                                              • Instruction ID: c47526d4778a26d060abd3e64fa0c3e7451595eda01e2ff62a02538899e0548c
                                                                                              • Opcode Fuzzy Hash: 00bb189dda0c3fd5820a8be69318edde31b7b400aa53849756eeb42d248fe11a
                                                                                              • Instruction Fuzzy Hash: 926149B171DB8E4FEBA8DB6C84A95767BD1EFA4300B5401BEE45DC71A2EE24BD018341
                                                                                              Function 00007FFD9B40A828 Relevance: .2, Instructions: 220COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c0ce5f5895f7f9af9a6deba59acd9e63cafa89209d5276c9da3d4eed7527ac37
                                                                                              • Instruction ID: 8535b4645a126eb64355dae3465e9976b93846dfe1a5694dfddc3dedf1619467
                                                                                              • Opcode Fuzzy Hash: c0ce5f5895f7f9af9a6deba59acd9e63cafa89209d5276c9da3d4eed7527ac37
                                                                                              • Instruction Fuzzy Hash: 8951F843F0F99E0BFB7573F8A8314B87B61AF4136870A07B7D0DC460E79C496A466282
                                                                                              Function 00007FFD9B40C65D Relevance: .2, Instructions: 207COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8f32215655cab493c16409fd5e78dce4939c07ac5f94fb406396072cb8b71320
                                                                                              • Instruction ID: 6c4dc3386f853da7fbd49c879272150a53be144472fa22bae841c28a8e4c88a5
                                                                                              • Opcode Fuzzy Hash: 8f32215655cab493c16409fd5e78dce4939c07ac5f94fb406396072cb8b71320
                                                                                              • Instruction Fuzzy Hash: D551A231729C0D4FE7B8EB9C9865A7937D1EF59318B1100B9E48EC72A2DD14EC429781
                                                                                              Function 00007FFD9B6262C5 Relevance: .2, Instructions: 203COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9f0e13c134e04907473d0fa1e47f59cd94bd3f29794475401da4678987f9ebbd
                                                                                              • Instruction ID: 06cda171ef726864fe243427b5e51d02a0aa01eccbc0ed7c970d2c2a7745d36c
                                                                                              • Opcode Fuzzy Hash: 9f0e13c134e04907473d0fa1e47f59cd94bd3f29794475401da4678987f9ebbd
                                                                                              • Instruction Fuzzy Hash: 9661EF31E0A65D8FDB94EFA8D4606EDBBB1FF45314F1401BAD05DDB292CA39A981CB40
                                                                                              Function 00007FFD9B61F551 Relevance: .2, Instructions: 202COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7af9cfc91b9f4691a7d1b3ef9e43d4b5ee5dea46e931135ce0f62ab3e4402e40
                                                                                              • Instruction ID: 76dc8cfebcc5cf0b145c23f4d74d1e624241f00c32413f170ff891f2fb755f82
                                                                                              • Opcode Fuzzy Hash: 7af9cfc91b9f4691a7d1b3ef9e43d4b5ee5dea46e931135ce0f62ab3e4402e40
                                                                                              • Instruction Fuzzy Hash: B1616D71A19A4D8FDF94EF5CC8A5AA93BE1FF68340F450069E45DC72A2CA34F841CB81
                                                                                              Function 00007FFD9B404C41 Relevance: .2, Instructions: 200COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 387a5c84cb825cad5be03fc940114ae2de78973b6ee99e4d712d633c1317c18a
                                                                                              • Instruction ID: 8a418ed167739bb03cbc9acad3d95cb5fac86a90600abe833fbd3c08c6f7c9df
                                                                                              • Opcode Fuzzy Hash: 387a5c84cb825cad5be03fc940114ae2de78973b6ee99e4d712d633c1317c18a
                                                                                              • Instruction Fuzzy Hash: 04513531A0EA8C4FE7A5DBA8D8646E87BF1EF45310F0501FED08DDB2A6CE286941C741
                                                                                              Function 00007FFD9B61FFD3 Relevance: .2, Instructions: 197COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4588a8b2ef8bedd5e2fde24ef3a248c003d160a139f8316386b1001959b7f15b
                                                                                              • Instruction ID: 347c03624ec3a2e2a0e97c293301a57ef0ff47d752c72e3199a1fab8251bcd8c
                                                                                              • Opcode Fuzzy Hash: 4588a8b2ef8bedd5e2fde24ef3a248c003d160a139f8316386b1001959b7f15b
                                                                                              • Instruction Fuzzy Hash: 7351083260EB8A5FE754EB6CD8E59E07BE0FF1532471902B6D0ADCB0E7DA15B9428740
                                                                                              Function 00007FFD9B61FF88 Relevance: .2, Instructions: 196COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a955716990e3e0ebfb84e215a6ccbfac76a58a751ca4e376b8ea4c8687d6a3d4
                                                                                              • Instruction ID: 68267d1d6a1c1951087e818be441413b34bcd3aac2ac4dc0e30c92c2558e01dd
                                                                                              • Opcode Fuzzy Hash: a955716990e3e0ebfb84e215a6ccbfac76a58a751ca4e376b8ea4c8687d6a3d4
                                                                                              • Instruction Fuzzy Hash: 53510932A0DB4A5FE764EB6CD8E59E07BE0FF1522471502B6D0ADCB0E7DE15B9428740
                                                                                              Function 00007FFD9B406451 Relevance: .2, Instructions: 195COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5ac324feba3efa42ea0a3544ef64167200a4484b73fe5ae32e1ce5ba42756c3c
                                                                                              • Instruction ID: 2605264eed0174ee2e0b95ce395ddfb18fa3bcee4b64a211450401ebdf945a26
                                                                                              • Opcode Fuzzy Hash: 5ac324feba3efa42ea0a3544ef64167200a4484b73fe5ae32e1ce5ba42756c3c
                                                                                              • Instruction Fuzzy Hash: 0C612B30E0D55D8FDBA8DBA4C4A57BCBBB1EF55304F5140ADC04EEB292CA386A85DB00
                                                                                              Function 00007FFD9B62167D Relevance: .2, Instructions: 192COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 575d52d590f7902e6dbd102a4e8d62ec5011392a169a0d1df3490189c19af559
                                                                                              • Instruction ID: 0799453ab69a7fcd8b40af728b00cb6ed331c9395972e5d97663d529cb0ff9a7
                                                                                              • Opcode Fuzzy Hash: 575d52d590f7902e6dbd102a4e8d62ec5011392a169a0d1df3490189c19af559
                                                                                              • Instruction Fuzzy Hash: 1B510872B0EA4D0FFF659A5CD8691B937E2EFD6360B05017BD198C71A2ED22BD128341
                                                                                              Function 00007FFD9B615438 Relevance: .2, Instructions: 191COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ea4d777322e6bc895dad4a19ddcf732b5f922e360eb0e13084d06d9706bc2d3b
                                                                                              • Instruction ID: 27434ffb1355acbbb1641c45b0b7e05be5319c52bb2c2111ccf05b00d56868ed
                                                                                              • Opcode Fuzzy Hash: ea4d777322e6bc895dad4a19ddcf732b5f922e360eb0e13084d06d9706bc2d3b
                                                                                              • Instruction Fuzzy Hash: 7251EB61B29E4F4FE76C9B6C50B5979B3D2EF9434074500BDE46EC71E6ED29BD018280
                                                                                              Function 00007FFD9B6102D3 Relevance: .2, Instructions: 190COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ef322387b7b0c5a959ee93d6fc02ad0071423accffbf73aa20a057ba34f58518
                                                                                              • Instruction ID: 69861ec560f5ac9cc0828897526d1a1f9bccad995cc3562249ba427de660c6c4
                                                                                              • Opcode Fuzzy Hash: ef322387b7b0c5a959ee93d6fc02ad0071423accffbf73aa20a057ba34f58518
                                                                                              • Instruction Fuzzy Hash: 9D512332B1DE0D0FEBA8EB9894657B977D2EFA4310F11417AC45DC72AADD24BC428780
                                                                                              Function 00007FFD9B61FFE8 Relevance: .2, Instructions: 187COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 034899b12d3133b3ab126a04ca334a673e62d5a8d1a31880a131afa399a7e600
                                                                                              • Instruction ID: ce09c933df86c08803d973cb7fe21e19b2f80ad565ebcfcfa562b0effd1e6298
                                                                                              • Opcode Fuzzy Hash: 034899b12d3133b3ab126a04ca334a673e62d5a8d1a31880a131afa399a7e600
                                                                                              • Instruction Fuzzy Hash: 7B51193260EA8A5FE754EB6CD8E59E07BE0FF1522471903B6D0ADCB0E7DE15B9428740
                                                                                              Function 00007FFD9B40382E Relevance: .2, Instructions: 187COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4aa648c9d40d9602b4cfa9fabb2dce481e14d6af537245c44eb80c173be48cdd
                                                                                              • Instruction ID: 078d3409ecc1983245148a34b454d569f2e10d12914b03598a08167651e3eba2
                                                                                              • Opcode Fuzzy Hash: 4aa648c9d40d9602b4cfa9fabb2dce481e14d6af537245c44eb80c173be48cdd
                                                                                              • Instruction Fuzzy Hash: FF510731A0E68C8FDB51DBA8D455AFDBFF0EF5A310F0405FAD088EB1A2DA285541CB41
                                                                                              Function 00007FFD9B405B6A Relevance: .2, Instructions: 185COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 25ef540df22881d776de59b0bd583cfcdedfac6ceebe6a7f46f45db339754841
                                                                                              • Instruction ID: bcbde6c150e7f1eeb1d481cf70329a55bb73ba641498378a285d23d26fa52daf
                                                                                              • Opcode Fuzzy Hash: 25ef540df22881d776de59b0bd583cfcdedfac6ceebe6a7f46f45db339754841
                                                                                              • Instruction Fuzzy Hash: 6951D43194F6C94FD752CBB48868BD97FF0EF46210F0801EED089DB1A2CA6D5986CB50
                                                                                              Function 00007FFD9B61A20A Relevance: .2, Instructions: 183COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 150533d1c5551aca1ab106c8d8ce87d7469109c8f4a54374b9a3186e7e3e6916
                                                                                              • Instruction ID: f171663bfffbcf9e8030a5288ba6abfcde47e499f5096e3d0e5f1df0b32f2b3b
                                                                                              • Opcode Fuzzy Hash: 150533d1c5551aca1ab106c8d8ce87d7469109c8f4a54374b9a3186e7e3e6916
                                                                                              • Instruction Fuzzy Hash: EC515420B1E69E0FE765D7B884616F53BE2AF41300F0984BAC0ADCF1E3D91DB9828340
                                                                                              Function 00007FFD9B617FF0 Relevance: .2, Instructions: 181COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6fc09d959ff03a17cdb9ee4c1faf89968f180505b2d99c028bebddd9605d212f
                                                                                              • Instruction ID: ae8b1c033351a33a893a6fd1a08ef2c4a776232ced4d2547ba1ce98577266dfb
                                                                                              • Opcode Fuzzy Hash: 6fc09d959ff03a17cdb9ee4c1faf89968f180505b2d99c028bebddd9605d212f
                                                                                              • Instruction Fuzzy Hash: B7615670D4992D8FDFA8DB08C898BADB7B5FB68301F1151EA901DE3661CB756A808F44
                                                                                              Function 00007FFD9B610FF4 Relevance: .2, Instructions: 176COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7c75922a248027730f0b6700aad30d1e0d86b376d4d2b42fcd524426cd914579
                                                                                              • Instruction ID: 4fd5451cbcd1e72b3c40fd40874a35a23dac58c7333266d7a08054506c644491
                                                                                              • Opcode Fuzzy Hash: 7c75922a248027730f0b6700aad30d1e0d86b376d4d2b42fcd524426cd914579
                                                                                              • Instruction Fuzzy Hash: A7412431F1DF4D4FEB68DA5C442657AB7E2FB98711B14027AE499C7261DE20FC028381
                                                                                              Function 00007FFD9B408AA5 Relevance: .2, Instructions: 175COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a869abf7f2461d73d55e05fdf47a6c920e97fc1f88a6fe301f77d4e6dea68048
                                                                                              • Instruction ID: 804531fb618b701ff62561c1b57739003e65dc6ab0e101a89ebbd1ad6228f3af
                                                                                              • Opcode Fuzzy Hash: a869abf7f2461d73d55e05fdf47a6c920e97fc1f88a6fe301f77d4e6dea68048
                                                                                              • Instruction Fuzzy Hash: 89510370E0E68D4FDB66DBA4D8656E97FF0EF06314F0801BAD089DB5A2CA3D1642C751
                                                                                              Function 00007FFD9B614C24 Relevance: .2, Instructions: 174COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 03ddcca6aec5753628341db2cc401ab07e788c0b8ffa06afd5119f636ccd2db3
                                                                                              • Instruction ID: 6322552d1c206bac50208235a497349bedcbdfd9c63446152a2678cc1180a651
                                                                                              • Opcode Fuzzy Hash: 03ddcca6aec5753628341db2cc401ab07e788c0b8ffa06afd5119f636ccd2db3
                                                                                              • Instruction Fuzzy Hash: D1417D32B0EF0E0FEB688A5D546617277E1EF96320B05417FD45AC72A6DD29FC428781
                                                                                              Function 00007FFD9B611D22 Relevance: .2, Instructions: 174COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b5cac6f9f2f6f64e80948ac48b042f7f6dfc319f2968ac88c5b59671c6396a70
                                                                                              • Instruction ID: f1a97439962a3b7971e7212c420fa9e8b96d663b671b7438e7b828330306af41
                                                                                              • Opcode Fuzzy Hash: b5cac6f9f2f6f64e80948ac48b042f7f6dfc319f2968ac88c5b59671c6396a70
                                                                                              • Instruction Fuzzy Hash: 40510530B0E6495FE325DBF48865DBDBBA2FF85304B1545BCD05A8F1A6CD29B942C740
                                                                                              Function 00007FFD9B611D16 Relevance: .2, Instructions: 174COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b5cac6f9f2f6f64e80948ac48b042f7f6dfc319f2968ac88c5b59671c6396a70
                                                                                              • Instruction ID: f1a97439962a3b7971e7212c420fa9e8b96d663b671b7438e7b828330306af41
                                                                                              • Opcode Fuzzy Hash: b5cac6f9f2f6f64e80948ac48b042f7f6dfc319f2968ac88c5b59671c6396a70
                                                                                              • Instruction Fuzzy Hash: 40510530B0E6495FE325DBF48865DBDBBA2FF85304B1545BCD05A8F1A6CD29B942C740
                                                                                              Function 00007FFD9B413C30 Relevance: .2, Instructions: 172COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3bea833ff646d9093915930d734989c461f99215fefcea609ffaf47df17e5e34
                                                                                              • Instruction ID: 61ade50613910ba03e7a411c9889a02f621c470e6475fa25f7846b406bacb6a7
                                                                                              • Opcode Fuzzy Hash: 3bea833ff646d9093915930d734989c461f99215fefcea609ffaf47df17e5e34
                                                                                              • Instruction Fuzzy Hash: C8410330B1AE0E4FD7659B98C894AB177E4FF69304B15067DD44DC72A6DA35F882CB80
                                                                                              Function 00007FFD9B417126 Relevance: .2, Instructions: 159COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 09fbb2c7690e08e09a8be407e629e85379ffd0d88b1b0046326742827bee37d7
                                                                                              • Instruction ID: 0d078cd13675656efd4ed6873943e89f792212b90ee2b0e4ae706404fe5eb465
                                                                                              • Opcode Fuzzy Hash: 09fbb2c7690e08e09a8be407e629e85379ffd0d88b1b0046326742827bee37d7
                                                                                              • Instruction Fuzzy Hash: BA5140B0A09B498FE768EF288459676B7E1EFA9305F01456EE489C3262DE34A4418B42
                                                                                              Function 00007FFD9B40E150 Relevance: .2, Instructions: 159COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 121a739f7c236b2566235bb768779a3251f83133cd2adbdd8939d9da52d7962b
                                                                                              • Instruction ID: d5997b4fa6b9ac2401ca8e53ef2c925307d35524c9ee9e987c467a1e75b18389
                                                                                              • Opcode Fuzzy Hash: 121a739f7c236b2566235bb768779a3251f83133cd2adbdd8939d9da52d7962b
                                                                                              • Instruction Fuzzy Hash: 2A416931B189494FE399EB7C84796B977D2EFD9310B0542BED09EC72E7DD2868028341
                                                                                              Function 00007FFD9B40A010 Relevance: .1, Instructions: 147COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 64f6e27191e4068a6aabdf54f6c0703a64a2b5f7ab6c88717d27c4784416594d
                                                                                              • Instruction ID: 3ef2cf248b4ad466dcb75fff91509b25f56e1a7d6097d7868ad956d50fc4825d
                                                                                              • Opcode Fuzzy Hash: 64f6e27191e4068a6aabdf54f6c0703a64a2b5f7ab6c88717d27c4784416594d
                                                                                              • Instruction Fuzzy Hash: 0D41C230B1DA898FDBA5EB6CC0A4EB277E1EF64304B0545B9D08EC72A6CE25F945D740
                                                                                              Function 00007FFD9B403C3D Relevance: .1, Instructions: 144COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0826787b5ac49a74a6f1f3cbd3dba3a70895cfa67f4771f2bd729a7faf51a496
                                                                                              • Instruction ID: 08f8b8fb090c08223dd2aca0be3ceba7c241bbfecac6eab785b6108c6d0ca2ab
                                                                                              • Opcode Fuzzy Hash: 0826787b5ac49a74a6f1f3cbd3dba3a70895cfa67f4771f2bd729a7faf51a496
                                                                                              • Instruction Fuzzy Hash: 1241A031E0A64D8FDB68DBA8D8656EDBBF1FF59304F40017AD449E72A2CA386941DB40
                                                                                              Function 00007FFD9B40A01D Relevance: .1, Instructions: 144COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: db5012ecd3d40f55bf76a8a11f08b6dd0934e36b884426aabb78627fa8cf5076
                                                                                              • Instruction ID: 5098984eaae42f55e039337b902e57f5593eca803362967b5de46c680eb0b4eb
                                                                                              • Opcode Fuzzy Hash: db5012ecd3d40f55bf76a8a11f08b6dd0934e36b884426aabb78627fa8cf5076
                                                                                              • Instruction Fuzzy Hash: CD411330B1DA498FDBA5EB6CC0A0EB577E1EF65304B0545B9D08EC72A6CA24F845DB40
                                                                                              Function 00007FFD9B410210 Relevance: .1, Instructions: 143COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a14ae6544bee781468faebcbd3611429b1afcc2ba82abca5c882ae29b070aa8b
                                                                                              • Instruction ID: 39563fe4b461c4147bf7086907649c9c161cc1f01f1a47edd5dddf5d64e9c445
                                                                                              • Opcode Fuzzy Hash: a14ae6544bee781468faebcbd3611429b1afcc2ba82abca5c882ae29b070aa8b
                                                                                              • Instruction Fuzzy Hash: 81418230F19A0D4FDBA8DF58846567A37D1FFA8318F11017AE41DD3295CE34E9029781
                                                                                              Function 00007FFD9B40B925 Relevance: .1, Instructions: 143COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d741665f53364e11d639ea7ad0e05bcd2c0a552aff3ee047acd9d7b1db4f990d
                                                                                              • Instruction ID: f5c417fda0dc2ab5ca397f25a657c47cd772cac54f650038c62fe11289379c2d
                                                                                              • Opcode Fuzzy Hash: d741665f53364e11d639ea7ad0e05bcd2c0a552aff3ee047acd9d7b1db4f990d
                                                                                              • Instruction Fuzzy Hash: CA414732B1D6050BD729FBACE4A28FA7BB1EF4432430442BED09E87497DE1474868685
                                                                                              Function 00007FFD9B415138 Relevance: .1, Instructions: 134COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3b66eeedd20dde8d3a5a30831c7dbd4138c47264d369eeb53faa10d3eacc42b6
                                                                                              • Instruction ID: acad134bc4183fa805443ee6b794957cfc754bbe06162047da6a50de2afbd724
                                                                                              • Opcode Fuzzy Hash: 3b66eeedd20dde8d3a5a30831c7dbd4138c47264d369eeb53faa10d3eacc42b6
                                                                                              • Instruction Fuzzy Hash: CE41D630B1DA498FDBA5EB6CC0A4EB177E1EF64304B0545A9D08EC72B6CE25F945DB40
                                                                                              Function 00007FFD9B412959 Relevance: .1, Instructions: 134COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6c9d8a8e944639c547f2704997d6d811315920596ff4718454ba99feb25959bd
                                                                                              • Instruction ID: 3bd63a1c72073ff3aa107f4833429c0377639cc35cf17f8dc9b1c6fccddf0f55
                                                                                              • Opcode Fuzzy Hash: 6c9d8a8e944639c547f2704997d6d811315920596ff4718454ba99feb25959bd
                                                                                              • Instruction Fuzzy Hash: 8D310412B1E69A0FD31667B868754E53FB1DF9222870E42F7D098CB0E3D90D69878355
                                                                                              Function 00007FFD9B626BB3 Relevance: .1, Instructions: 133COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 58cbed52d23a14c4a8456bdfbcff602259669990113bd52e9b4dc49da03106c8
                                                                                              • Instruction ID: 92484edc690c6497f1c39f1f23a61c3385c90e870f7e0c48cba4285eb068bfe8
                                                                                              • Opcode Fuzzy Hash: 58cbed52d23a14c4a8456bdfbcff602259669990113bd52e9b4dc49da03106c8
                                                                                              • Instruction Fuzzy Hash: D4415D71E0A55D8FEBA5EF688895AE8B7B1EF59304F5004E9C01DD72A5CE35AE81CB00
                                                                                              Function 00007FFD9B40BF69 Relevance: .1, Instructions: 130COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0cdd4292dccb1933bd2037d4c458cb8d70fcb048f730eb56afaaadf3f4020a90
                                                                                              • Instruction ID: 81f29dc6bdb09878e3d9095fb6f3878c35976410a0f184ef353107da12116ee7
                                                                                              • Opcode Fuzzy Hash: 0cdd4292dccb1933bd2037d4c458cb8d70fcb048f730eb56afaaadf3f4020a90
                                                                                              • Instruction Fuzzy Hash: 1131E921B1EBC94FD7A697A888355657BF1EF9624470E41FBC0C9CB1E7DE0CA8068312
                                                                                              Function 00007FFD9B405783 Relevance: .1, Instructions: 130COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9da281e79b49153770cc0538c19de181dd9f775893d66fe5d1a5842b73a1b001
                                                                                              • Instruction ID: 6350db78614c960115d272381c8fcc603ba81f04474f07b2302707b60df3993c
                                                                                              • Opcode Fuzzy Hash: 9da281e79b49153770cc0538c19de181dd9f775893d66fe5d1a5842b73a1b001
                                                                                              • Instruction Fuzzy Hash: 2041D331A0EA4D8FDB64DFA8D4656FCBBB1FF4A300F10047AD049E72A2CA796841D700
                                                                                              Function 00007FFD9B61CF15 Relevance: .1, Instructions: 129COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b11535ee05ae750ad671e23e5a48c4867e0416af717c787f58e3f8f5ba4734a6
                                                                                              • Instruction ID: e32b8f99e1a7594fcd755531b808a248b16929fa8247039532d08d0df0721a1d
                                                                                              • Opcode Fuzzy Hash: b11535ee05ae750ad671e23e5a48c4867e0416af717c787f58e3f8f5ba4734a6
                                                                                              • Instruction Fuzzy Hash: F0310820B0DB5C4FD764965C986577A77E1EF95710F0552AFE44DC72A2CE24BC4183C2
                                                                                              Function 00007FFD9B617939 Relevance: .1, Instructions: 128COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: eb1ed3e3d9069a3c3f6e553592ab674d651be1879ea86119621dbc1516549a26
                                                                                              • Instruction ID: 9ae15662e4fcef3b698fbe8443407f7ad6610c9c90552c055a799dbc102b1b55
                                                                                              • Opcode Fuzzy Hash: eb1ed3e3d9069a3c3f6e553592ab674d651be1879ea86119621dbc1516549a26
                                                                                              • Instruction Fuzzy Hash: 0741667020F68D4FD756EF688865AB27BE0EF42304F0908FAD099CF1A3D929BA45C351
                                                                                              Function 00007FFD9B40BAFB Relevance: .1, Instructions: 128COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9db933f4699bcdc870ecaaf2821211b43f30b41681573d96059223a1d3256e39
                                                                                              • Instruction ID: 0f4f9e12e37b677d885715f3f9c4cc55bbf0dbc67be1ab0c8746cf4d3a81f64c
                                                                                              • Opcode Fuzzy Hash: 9db933f4699bcdc870ecaaf2821211b43f30b41681573d96059223a1d3256e39
                                                                                              • Instruction Fuzzy Hash: D6415F61A0E6CE5FE366ABB898766E97FB0EF12210F0406F9D0999B0F3DD182545C741
                                                                                              Function 00007FFD9B41CAC8 Relevance: .1, Instructions: 124COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 93c61d0f0a879b460a51b47dc40685abae62f0ffeef3ac3a8b7dd1babffaf903
                                                                                              • Instruction ID: 9b367823431a64203dc96b3541f7475caa2d4d113b8ce9f3686ec10b9c0aa2b2
                                                                                              • Opcode Fuzzy Hash: 93c61d0f0a879b460a51b47dc40685abae62f0ffeef3ac3a8b7dd1babffaf903
                                                                                              • Instruction Fuzzy Hash: FF316712F4EA8E0FEBA997AC44756A57BD2DFA526074952FAD08DC31E6DC08AC038340
                                                                                              Function 00007FFD9B61BE26 Relevance: .1, Instructions: 123COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2a8e2a2ba2e4e6878bde4dd8a0bc72467792cec648ef6c9ee449aedcdcf82aaa
                                                                                              • Instruction ID: 3ae65a9af5da443050b5b12eac86455f30e58d437e68fd3470169a50fbe7acbf
                                                                                              • Opcode Fuzzy Hash: 2a8e2a2ba2e4e6878bde4dd8a0bc72467792cec648ef6c9ee449aedcdcf82aaa
                                                                                              • Instruction Fuzzy Hash: 69316631B1D90E4FEB98EF5CD4A19B973E2EFA4350B145179D01AC719ADE24F9438780
                                                                                              Function 00007FFD9B410248 Relevance: .1, Instructions: 119COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4eac20ff0d86185f4e749c13e7a44ecc128efc5f059687afb75f2d1419b36c64
                                                                                              • Instruction ID: bd4de261733fa20bce9ccb221f638ea7c9eeab3dff5b27f3982ebe873ec7f3e0
                                                                                              • Opcode Fuzzy Hash: 4eac20ff0d86185f4e749c13e7a44ecc128efc5f059687afb75f2d1419b36c64
                                                                                              • Instruction Fuzzy Hash: 85312671F1DA494EE7A0C6689494276B7C1EFB4328F05067BE44CC22B1CA18EAD0D386
                                                                                              Function 00007FFD9B4172BE Relevance: .1, Instructions: 115COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d2013d2c2314eb011764dafbdde79f68d959bf657768ebad8b0e5b3852f82417
                                                                                              • Instruction ID: b031abdb35bff418a32671bbc417afb54244a9ef2801ea8afb51f53f677c0ce6
                                                                                              • Opcode Fuzzy Hash: d2013d2c2314eb011764dafbdde79f68d959bf657768ebad8b0e5b3852f82417
                                                                                              • Instruction Fuzzy Hash: 3D3129A0F1EA8E0FD7A4A76844366A5B7D2EFA8304F4441BDD48DC72E6DD18B9129343
                                                                                              Function 00007FFD9B61ECB2 Relevance: .1, Instructions: 114COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: cec11c84223f3f27f01d85f35f0bf59329429a40c1982396183ff43f4c3a6b2e
                                                                                              • Instruction ID: e568e1a8e62e14e40a8a9b1a6908fa379833fda4cc1cd3ef7383bd80ab2ba4ae
                                                                                              • Opcode Fuzzy Hash: cec11c84223f3f27f01d85f35f0bf59329429a40c1982396183ff43f4c3a6b2e
                                                                                              • Instruction Fuzzy Hash: 5F31B430719E494FEBA4E76CD4A4FA6B3D2EF98300F05457AE09EC72A6CE24F9458741
                                                                                              Function 00007FFD9B41606B Relevance: .1, Instructions: 113COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a62d23f28fcc81b8f50088ac75fe510dc2cfa5f421c5b8799f4b5d68ae2c1a26
                                                                                              • Instruction ID: 249679ed9057a1aed4e03dd8f2a731bd26521910196a1008f5daa0bbefd3f468
                                                                                              • Opcode Fuzzy Hash: a62d23f28fcc81b8f50088ac75fe510dc2cfa5f421c5b8799f4b5d68ae2c1a26
                                                                                              • Instruction Fuzzy Hash: BF314522F0ED8E0FE7A9C6BC68655753AC2DFA521470A10FED44DCB1B2DD25DD418341
                                                                                              Function 00007FFD9B61E93F Relevance: .1, Instructions: 112COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4fd26b964e635779dd7aeb3061c1b9a5965ac876c1a85445050f56b520cf861e
                                                                                              • Instruction ID: f83d979629912cc01283eb55b57dfb0726f3d5c9a2c1d88cf714ba474a0a0321
                                                                                              • Opcode Fuzzy Hash: 4fd26b964e635779dd7aeb3061c1b9a5965ac876c1a85445050f56b520cf861e
                                                                                              • Instruction Fuzzy Hash: 5D41C131719E898FD7A4EB68C064BA6B7E1FF54304F0449B9D09EC72A6CE24F945C741
                                                                                              Function 00007FFD9B618C5C Relevance: .1, Instructions: 110COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7dad2f2671193c40d18682ca4554487a287eca4a9664b26b977c62e1121b0c61
                                                                                              • Instruction ID: fa2a5557a58b7f4b8f5b7bf2d3bef063ae2613e30a61f4eaa0b062c80f6b38e6
                                                                                              • Opcode Fuzzy Hash: 7dad2f2671193c40d18682ca4554487a287eca4a9664b26b977c62e1121b0c61
                                                                                              • Instruction Fuzzy Hash: 5431F431E1F7CE4FD7528BA498695A8BFB0FF16300F0900BBD059DB1E2DA696845C752
                                                                                              Function 00007FFD9B4389C0 Relevance: .1, Instructions: 109COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7071477af9695fb5afcffeb7c5a0e2166e14cb3c438f895b4d5c613939f9f616
                                                                                              • Instruction ID: bfee40df0a1aa7541af3a9ad6efb4a0abd65baf77a25026ead18b6da4b62605c
                                                                                              • Opcode Fuzzy Hash: 7071477af9695fb5afcffeb7c5a0e2166e14cb3c438f895b4d5c613939f9f616
                                                                                              • Instruction Fuzzy Hash: F4316130B18A0C8FDBA4EB68D855AE9B7E1FF98314F14067ED01ED3295DE35E8458781
                                                                                              Function 00007FFD9B610B3A Relevance: .1, Instructions: 98COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d3449fafd3ae92f475973aef298671cbdc38aa016fdd2e92ad0caed9d691e46c
                                                                                              • Instruction ID: 39b1a3a898666dcf476bca00a4e02f7ebc9118a0d74bfe6a045a29fe48d5d80e
                                                                                              • Opcode Fuzzy Hash: d3449fafd3ae92f475973aef298671cbdc38aa016fdd2e92ad0caed9d691e46c
                                                                                              • Instruction Fuzzy Hash: 8A315E3062DE4E8FDB94EB68C064AA977E1FF58700B0145B9E05ECB2A6DE34F940CB41
                                                                                              Function 00007FFD9B40EAD5 Relevance: .1, Instructions: 96COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: aca5696d733c831cc25a0dfa40501926c7b56f127ffbada36a606f7bff0212b5
                                                                                              • Instruction ID: d896c6eb1de07c31e6a113b779c0d42cc90d8cca3c669843cf438afb32871441
                                                                                              • Opcode Fuzzy Hash: aca5696d733c831cc25a0dfa40501926c7b56f127ffbada36a606f7bff0212b5
                                                                                              • Instruction Fuzzy Hash: 9D21D571E0AA8D8FEBA9DA68C8652E977B1FF54304F0101BAD44DC6192DE342E82CB40
                                                                                              Function 00007FFD9B403AA5 Relevance: .1, Instructions: 95COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f5305f143ee7bb7c4ef8dba3978a7b5c70e53a6cd45dda3c13f4fd3876eef99e
                                                                                              • Instruction ID: e520a33002ca692c0ef83900fe327f23d13387fcce72a5888b3dc8044dfd39cc
                                                                                              • Opcode Fuzzy Hash: f5305f143ee7bb7c4ef8dba3978a7b5c70e53a6cd45dda3c13f4fd3876eef99e
                                                                                              • Instruction Fuzzy Hash: A831D671A0EA8C9FDB61DBA8D4655EDBFF0EF59310F0401FAD088EB2A2CA395541DB41
                                                                                              Function 00007FFD9B405201 Relevance: .1, Instructions: 92COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b4f930a9ee75d7e99c936c6184a2242812ad6cad6a44a203189bdaa3c89ccb93
                                                                                              • Instruction ID: 30c3e97e1eab53f48cb75d2aabefc33198e4d91ff4b1607b20581f9878763cb7
                                                                                              • Opcode Fuzzy Hash: b4f930a9ee75d7e99c936c6184a2242812ad6cad6a44a203189bdaa3c89ccb93
                                                                                              • Instruction Fuzzy Hash: A021F471D09A8C4FDB55EFA8D8A56ED7BF0FF69310F0001AFD049E32A1DA246941CB81
                                                                                              Function 00007FFD9B412B6A Relevance: .1, Instructions: 89COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ca32cc21c237d8aa8448222e5701cc9b4ac14ee34746c9f85bb04de5c6c549a8
                                                                                              • Instruction ID: fcff83f1d301155566efe615bd207b0b257374545db5dd614160ae08855c9348
                                                                                              • Opcode Fuzzy Hash: ca32cc21c237d8aa8448222e5701cc9b4ac14ee34746c9f85bb04de5c6c549a8
                                                                                              • Instruction Fuzzy Hash: B5210B72F0EE4E06F7B545E828B50B467C1EF9565870A01BAF45CC62B2EC476D529382
                                                                                              Function 00007FFD9B40D31D Relevance: .1, Instructions: 89COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 82369be6185846d1203cc082b1c05ac94d1145ef92d5654ebf32d8bebe4c673f
                                                                                              • Instruction ID: 05e7ecbe6d7ed94c54411a6d86df3411665852faf9695f6e5521aae7449988ab
                                                                                              • Opcode Fuzzy Hash: 82369be6185846d1203cc082b1c05ac94d1145ef92d5654ebf32d8bebe4c673f
                                                                                              • Instruction Fuzzy Hash: AD317B11A1E7C60ED326B378A8706F57FA1AF82218F0905FBD0DECB1E7DD6864888351
                                                                                              Function 00007FFD9B405220 Relevance: .1, Instructions: 89COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: eef008c4ced4149647f92757047a41e108168e02d303e3ad0901ec0aaf03588d
                                                                                              • Instruction ID: cf7237f6d5ff34b555aea69c16d9f09c8416b32103899ccd769db31276294326
                                                                                              • Opcode Fuzzy Hash: eef008c4ced4149647f92757047a41e108168e02d303e3ad0901ec0aaf03588d
                                                                                              • Instruction Fuzzy Hash: 8021A170D09A4D9FDB55EFA8D865AFEBBF0EF59310F0005AED019E32A5CA346541CB81
                                                                                              Function 00007FFD9B404F67 Relevance: .1, Instructions: 87COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 01737e620a549e76a0b0304cea449ee3134f53c736bf272e4cdc921dd23b8359
                                                                                              • Instruction ID: c5e0ae4e3eedbee37d211983f1ac6ee0200e380ad050fb5ac505ac7ecd84a4c7
                                                                                              • Opcode Fuzzy Hash: 01737e620a549e76a0b0304cea449ee3134f53c736bf272e4cdc921dd23b8359
                                                                                              • Instruction Fuzzy Hash: D721B430A0F68D4FE764DBA4D8697B8B7B1EF56344F4104BDD08D971A3CE6929409741
                                                                                              Function 00007FFD9B4089A5 Relevance: .1, Instructions: 85COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 65cbccd28d0b94ce79999a6151cf5d1b0bed48e30d59304ca24c7214a4c039ba
                                                                                              • Instruction ID: cb09a09c51dadc3091ef4c96af772068faa16619f167a4f757c50a6a699ecd78
                                                                                              • Opcode Fuzzy Hash: 65cbccd28d0b94ce79999a6151cf5d1b0bed48e30d59304ca24c7214a4c039ba
                                                                                              • Instruction Fuzzy Hash: AB212730D0E64E8FD774AAA4D0506F8BBB0EF46314F150279C48C975A1DB396A85DB41
                                                                                              Function 00007FFD9B40425B Relevance: .1, Instructions: 84COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5fd46b3d2e2e111eecc4e39694d559afac3972e450e4c29aa9d8c13c7708307e
                                                                                              • Instruction ID: dd2c896943b14e7d12ea5e0b5e646d63b2351e59dc003ed6990f1ed28714d721
                                                                                              • Opcode Fuzzy Hash: 5fd46b3d2e2e111eecc4e39694d559afac3972e450e4c29aa9d8c13c7708307e
                                                                                              • Instruction Fuzzy Hash: BF216F3198E3C94FD32257A0A8225F57F789F03255F1B01EBD088DB4A3C51D5A9AC7A2
                                                                                              Function 00007FFD9B414078 Relevance: .1, Instructions: 84COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 08a320da17d4cf6c0b30a6ea915cf7cbbe96be9257eddf612a25729eb2d808c6
                                                                                              • Instruction ID: 77800876f3e5fbd36d45ec8c6714acd5fea30e108ef6be02a2e3c666cf267c9f
                                                                                              • Opcode Fuzzy Hash: 08a320da17d4cf6c0b30a6ea915cf7cbbe96be9257eddf612a25729eb2d808c6
                                                                                              • Instruction Fuzzy Hash: E7112C03F0FA9A1FE355B6BD78B54F56FA1EF9523970853BBD08CC21A7EC0419968281
                                                                                              Function 00007FFD9B61456D Relevance: .1, Instructions: 83COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9fe2d5e570a328342fcb3de4150a5ec18e354de708196e74b838bfbab69c6fec
                                                                                              • Instruction ID: 5026c9de0d03bd991533c9dcd544b822a6f2ac71de822c70925ba832d7346297
                                                                                              • Opcode Fuzzy Hash: 9fe2d5e570a328342fcb3de4150a5ec18e354de708196e74b838bfbab69c6fec
                                                                                              • Instruction Fuzzy Hash: 5321DAA2A0EBCD0FE75A8B7818685A57FE1EF9B19070941FEC098CF1B6ED1479068741
                                                                                              Function 00007FFD9B61E20D Relevance: .1, Instructions: 83COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 973b220f0aa2e4b4eec1d77c6b768b1de9a566de91cd4d266ff1286aa9d457df
                                                                                              • Instruction ID: 33e12a7d7fdb5cf0361e498f066f2f5f138023d71202500bf960947900923b06
                                                                                              • Opcode Fuzzy Hash: 973b220f0aa2e4b4eec1d77c6b768b1de9a566de91cd4d266ff1286aa9d457df
                                                                                              • Instruction Fuzzy Hash: EA21DA62F0EA5D0FDBA0DBA858652EC7BE1FF6D310B0611B7D448D71A2DE186D018391
                                                                                              Function 00007FFD9B4160C1 Relevance: .1, Instructions: 81COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2b6e25b0dd023f9bc2471c99e6ad5cbdeec75eb52166f9c8fa566a1481a94570
                                                                                              • Instruction ID: 341bd5c31da5e187b0f1d65522dfd12bb4c93345ed06c43e8d0dd7e0103de35f
                                                                                              • Opcode Fuzzy Hash: 2b6e25b0dd023f9bc2471c99e6ad5cbdeec75eb52166f9c8fa566a1481a94570
                                                                                              • Instruction Fuzzy Hash: A611B222F0FA9D1FE7E585A92CB91743AC2EF6960470B11FBE448CB2B3ED25DD018241
                                                                                              Function 00007FFD9B617960 Relevance: .1, Instructions: 78COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 255d0d7872a6d6881122df4087a159837bd91a09ad7eb3a840a7e6f848ea9acc
                                                                                              • Instruction ID: 0fd971cf01761f766205d1018161be89ec589449c3e34af9d65d11b54e335875
                                                                                              • Opcode Fuzzy Hash: 255d0d7872a6d6881122df4087a159837bd91a09ad7eb3a840a7e6f848ea9acc
                                                                                              • Instruction Fuzzy Hash: 56216B3020B64D5FD765EFA8C899AB677E1EF45304F0409F8D029CF1A6C939BA51C380
                                                                                              Function 00007FFD9B610C73 Relevance: .1, Instructions: 77COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9d76c5e6309ccc04359f569376d8cf69c2b304ca953f3d9bd0159d6ae9185f32
                                                                                              • Instruction ID: d6157e834689e0681ae9180c6e41272eeccd0417da01587d0b6e44ffa0a0529e
                                                                                              • Opcode Fuzzy Hash: 9d76c5e6309ccc04359f569376d8cf69c2b304ca953f3d9bd0159d6ae9185f32
                                                                                              • Instruction Fuzzy Hash: 4A21D330A1DA8D8FDBA8EF88D010AB9B7E0EF54300F01417AE05EC7292DE78F9858741
                                                                                              Function 00007FFD9B4160E0 Relevance: .1, Instructions: 77COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: bb14ebbf007674748fb92f3ab401ac8f44ce5fb965914720648b692822f21719
                                                                                              • Instruction ID: 90e2cefe967ab458035a540260633dd9b272efa742b3a1a447050b8ba916957c
                                                                                              • Opcode Fuzzy Hash: bb14ebbf007674748fb92f3ab401ac8f44ce5fb965914720648b692822f21719
                                                                                              • Instruction Fuzzy Hash: 3311E532F0FD5D0FE6E484AD3CA917536C2DFA965570601BBE84CC7276DC66DD418281
                                                                                              Function 00007FFD9B618CB0 Relevance: .1, Instructions: 76COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0285d4133ae2c4349732b5606d8e249a25f8753e1744de563e8863a621e7b538
                                                                                              • Instruction ID: 921de6d0221cc2d1a6d49e925f56ffa63111305b19a6dc6b9717b8dcc1cf4824
                                                                                              • Opcode Fuzzy Hash: 0285d4133ae2c4349732b5606d8e249a25f8753e1744de563e8863a621e7b538
                                                                                              • Instruction Fuzzy Hash: 8F112432E16A4D8FDB64DF69D8299EDBBB5FF55300F01007AE019E7190DE3538408781
                                                                                              Function 00007FFD9B40E928 Relevance: .1, Instructions: 74COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e852078a99de5af1fe47a84a67f70ec40210794858cff1c270446e28426b9eb6
                                                                                              • Instruction ID: 353c35ac2a8f671f7dd97425da18abe1aa81fdff9792d04b0a8aaa98844fd831
                                                                                              • Opcode Fuzzy Hash: e852078a99de5af1fe47a84a67f70ec40210794858cff1c270446e28426b9eb6
                                                                                              • Instruction Fuzzy Hash: 27113611B0FACD0FE3A1E76C98A86A53FE1DFA6680B0945F9D088CF1B6D924ED05D340
                                                                                              Function 00007FFD9B415312 Relevance: .1, Instructions: 70COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5670811f53c19eca2747cf5e710c827f803758180e7ff5631e663f27c0f4a674
                                                                                              • Instruction ID: e4c23045baf3cd4a624320c561a56bbeef7ce5f11e47f731cc58210f32d1b60b
                                                                                              • Opcode Fuzzy Hash: 5670811f53c19eca2747cf5e710c827f803758180e7ff5631e663f27c0f4a674
                                                                                              • Instruction Fuzzy Hash: FC117C72F0EE4F4FFBB8DA9C90642A463D2EBB83A471455BAD00EC31A5DE51AC069740
                                                                                              Function 00007FFD9B4070F0 Relevance: .1, Instructions: 67COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 812d9134b317d35299783ba0e562cb2c57add0026b69c24934ec4b898c350679
                                                                                              • Instruction ID: a0fa661e2930a80752fb15bcf76c3a3d4ff5fb649e23916103e4c4b90d1c38d6
                                                                                              • Opcode Fuzzy Hash: 812d9134b317d35299783ba0e562cb2c57add0026b69c24934ec4b898c350679
                                                                                              • Instruction Fuzzy Hash: C9118071A1DA885FE329977C581D4BA7BE4DF59214B04017FF48AC71B3DD1415069381
                                                                                              Function 00007FFD9B40CEAE Relevance: .1, Instructions: 67COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5dd0f0bde13db250c0e16cc57e52f3a63236f0daf2ed4f8b309709a40c020302
                                                                                              • Instruction ID: 647a6aa80a2bc0843fff4381c9731305642782da711bef5c71cfd9a848e0414d
                                                                                              • Opcode Fuzzy Hash: 5dd0f0bde13db250c0e16cc57e52f3a63236f0daf2ed4f8b309709a40c020302
                                                                                              • Instruction Fuzzy Hash: D5112531B5D91D9FD768EB5CE86656C77E1FF98711B0101AAE04DC32A7CE20AC0297C1
                                                                                              Function 00007FFD9B4009D0 Relevance: .1, Instructions: 66COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 622daf722dc12dd6d760fc294d7c749e35302616fe4ec65fa24b82744b584d9a
                                                                                              • Instruction ID: 56c835228cdea1525393e7e99b7298be72b7c85db52745d1f07bff4f7addce93
                                                                                              • Opcode Fuzzy Hash: 622daf722dc12dd6d760fc294d7c749e35302616fe4ec65fa24b82744b584d9a
                                                                                              • Instruction Fuzzy Hash: CD11DA3050EACD9FE7229BB884699E9BFB0EF06220F0806FDD0D99B1A3CD196541C741
                                                                                              Function 00007FFD9B40D965 Relevance: .1, Instructions: 65COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8b12fa83879473b81ecd055e95bf17bf8821be481909b62c9b728f6a4a95fdae
                                                                                              • Instruction ID: acf000396ec03c77e434e7dc098984c8c86bbf4f32a50b1c09ac195137dd970a
                                                                                              • Opcode Fuzzy Hash: 8b12fa83879473b81ecd055e95bf17bf8821be481909b62c9b728f6a4a95fdae
                                                                                              • Instruction Fuzzy Hash: 9211666150F7C84FD3069B6888649517FB0AF6720470A86EFD488CB1B3CA29A94AC322
                                                                                              Function 00007FFD9B620A75 Relevance: .1, Instructions: 62COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 573df31e720d811b7959197fdf0bac9aa44c315beb6e3be061f8de7768d1d7e7
                                                                                              • Instruction ID: 85266cc0c38cfb3e532d910f1b32b441b42774623542ea2ab0b8e0e2f13e6464
                                                                                              • Opcode Fuzzy Hash: 573df31e720d811b7959197fdf0bac9aa44c315beb6e3be061f8de7768d1d7e7
                                                                                              • Instruction Fuzzy Hash: 6301F730608E198FDF54EA1DC094EB533D0EF6830130510EAD49ACB2B2C628E9818751
                                                                                              Function 00007FFD9B40A0F3 Relevance: .1, Instructions: 62COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a5009eac9d457814fa88fd58f1cce2b9453d2009e9618eb3e22a0af007c2d88f
                                                                                              • Instruction ID: 1e28c6c6247deb85afc1b53c78104552cebd14b5868e3548319d00ecf52da32b
                                                                                              • Opcode Fuzzy Hash: a5009eac9d457814fa88fd58f1cce2b9453d2009e9618eb3e22a0af007c2d88f
                                                                                              • Instruction Fuzzy Hash: 32014532B1AA4D1FEB659BACD8795F93FA0EF84625F0402B6D0E9871B2ED5126018742
                                                                                              Function 00007FFD9B418403 Relevance: .1, Instructions: 59COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 24c0b167b6b136ca6a2b3823bff7c3d205977dfa38937cc5cbc1170ddc387c6e
                                                                                              • Instruction ID: 971c70b7ff25337fa6e647508db3523c871ed9544cc9a8758da82e17d7c27c60
                                                                                              • Opcode Fuzzy Hash: 24c0b167b6b136ca6a2b3823bff7c3d205977dfa38937cc5cbc1170ddc387c6e
                                                                                              • Instruction Fuzzy Hash: 5601A932B4DD1C4FE7D8EA0CA8556B073C2EB6832031515E7D44DC7662ED15EC424782
                                                                                              Function 00007FFD9B40D33D Relevance: .1, Instructions: 59COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a8bc6b8309e2af7bbfdc92282770a49dc84bf485fdfff492a2e3edb6c9a2d2ae
                                                                                              • Instruction ID: 84cb82ffb15fba2b9904e3c1e51caca5cbe85dfe7e7d732927b41dc0ed907b10
                                                                                              • Opcode Fuzzy Hash: a8bc6b8309e2af7bbfdc92282770a49dc84bf485fdfff492a2e3edb6c9a2d2ae
                                                                                              • Instruction Fuzzy Hash: 7811591272DE8A0AD324A378D821BF567D1FF90318F44057AC0DE871D7DEA875499341
                                                                                              Function 00007FFD9B61B651 Relevance: .1, Instructions: 56COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9ab8e17b41f971ecd21d56becf52da4cf198fa0a85a1cfebf500c86caf1e9ee3
                                                                                              • Instruction ID: 4cd04ccb0c34f13db223118d2f4a9854f458e8b315f5180076d95e0d87a069ed
                                                                                              • Opcode Fuzzy Hash: 9ab8e17b41f971ecd21d56becf52da4cf198fa0a85a1cfebf500c86caf1e9ee3
                                                                                              • Instruction Fuzzy Hash: 6511CA31A0E5998FDB65EB6884B1A787BF1EF55310B1800FDC45EDF2E6CD296942CB01
                                                                                              Function 00007FFD9B6117A2 Relevance: .1, Instructions: 53COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0b7fc835cddaa0287759a3bd67c5a2947b7cfe99c0f817e14760846eef412774
                                                                                              • Instruction ID: 599aa8258d527b29ec1802d29d18ed7aab53ef488e431acdcc3b96261aa380b6
                                                                                              • Opcode Fuzzy Hash: 0b7fc835cddaa0287759a3bd67c5a2947b7cfe99c0f817e14760846eef412774
                                                                                              • Instruction Fuzzy Hash: AA01F2A3A0E6890FEBA996AC68A61F47FE1EF5221070400AFD1E6C7266E91925038700
                                                                                              Function 00007FFD9B614549 Relevance: .1, Instructions: 53COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 82840ddae1d8556f29c03a298b248c8b2c69aeee83f6aaca75a653f051a1f577
                                                                                              • Instruction ID: 1f3c9accfb5cf8be40fe846839500e33e2f17ad184925adccd881eb4f04c7fc9
                                                                                              • Opcode Fuzzy Hash: 82840ddae1d8556f29c03a298b248c8b2c69aeee83f6aaca75a653f051a1f577
                                                                                              • Instruction Fuzzy Hash: D201F7B3E09A4D0FEBADCE9954A81B53BE2EBA9280705413EC059DB271ED24B9028741
                                                                                              Function 00007FFD9B4179A1 Relevance: .1, Instructions: 53COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8e47dee8c6a04e1acd729785cc0fbf766591ef7407fd7b218d0c93c331c54f9c
                                                                                              • Instruction ID: 3c8a90e8ec980b4f3f7e5e8d936c3f54b16a82e2b5344dc9ee47cbbf75f2c253
                                                                                              • Opcode Fuzzy Hash: 8e47dee8c6a04e1acd729785cc0fbf766591ef7407fd7b218d0c93c331c54f9c
                                                                                              • Instruction Fuzzy Hash: 98F05062B1D54C0FE394996CAC5D9723FD4DB6A13530602FFE448C7173E9029C068354
                                                                                              Function 00007FFD9B613AC4 Relevance: .1, Instructions: 51COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 87290c750f6ddab819a0057d5ce9317d38b40e109ac103e05968542965e48a1b
                                                                                              • Instruction ID: 42278589a37bf5cfed673f578f1164d041806013c725a94c854375a86ab6ca2d
                                                                                              • Opcode Fuzzy Hash: 87290c750f6ddab819a0057d5ce9317d38b40e109ac103e05968542965e48a1b
                                                                                              • Instruction Fuzzy Hash: 57018F31B2CA0D4FEB98E76C9861BA873D2FB88314F1540B6C00DC72A6DE25AD418781
                                                                                              Function 00007FFD9B616CD7 Relevance: .0, Instructions: 49COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9207ceabba8223125259853249285d3bea8c73d8ed3f6c35d73c2648836a5bbc
                                                                                              • Instruction ID: 897de0cebb2eac8433eba97f1f30fcfc5231327b8572e679881341589a6a7c98
                                                                                              • Opcode Fuzzy Hash: 9207ceabba8223125259853249285d3bea8c73d8ed3f6c35d73c2648836a5bbc
                                                                                              • Instruction Fuzzy Hash: D2F0F665F6FD5E0BF6B89E9C202227962C3EB98650751457AC82DC22A5DD19BC034280
                                                                                              Function 00007FFD9B626884 Relevance: .0, Instructions: 49COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 06f1cd4be41c2df02cfaade52bcfcfa1e775dcc2f7f4dc8ea737cfb45cbb70dd
                                                                                              • Instruction ID: d104b4c6770c61128bb9fd74b5e7733b5984bd98184a18318a72c1c78feb10da
                                                                                              • Opcode Fuzzy Hash: 06f1cd4be41c2df02cfaade52bcfcfa1e775dcc2f7f4dc8ea737cfb45cbb70dd
                                                                                              • Instruction Fuzzy Hash: 0611173191962D8ADF58DF98D8956FEB7B1FF58301F60052AD00AE7291DB785A44CB80
                                                                                              Function 00007FFD9B413230 Relevance: .0, Instructions: 49COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f748d8a43aa94017e243d288c941ee6cba9e7d9b73a4ec7ebdb505ed7851686d
                                                                                              • Instruction ID: ba71122ae1d7d5c5cd1b3d1f4fa7385c3dde8a8e83e0d6ace7d979db28b4bcf2
                                                                                              • Opcode Fuzzy Hash: f748d8a43aa94017e243d288c941ee6cba9e7d9b73a4ec7ebdb505ed7851686d
                                                                                              • Instruction Fuzzy Hash: 2B01F530A09B484FD7A4EB6880586B77BE1DFD4314F04097EE88DC3370DA389541C781
                                                                                              Function 00007FFD9B404228 Relevance: .0, Instructions: 49COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 936102325533882fec8c753b90c3036a3a3aecd3aad08961d19027e36d1cd2de
                                                                                              • Instruction ID: fdb7f3e38150d855e5903a7604696fcef67bf0a5639adb1d938d7faf52de820f
                                                                                              • Opcode Fuzzy Hash: 936102325533882fec8c753b90c3036a3a3aecd3aad08961d19027e36d1cd2de
                                                                                              • Instruction Fuzzy Hash: 4FF0F035E4950C8BEB20AED4F4003F8F7B8EB82398F01203EC00CA7150D73A9A95CB88
                                                                                              Function 00007FFD9B408A22 Relevance: .0, Instructions: 49COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 560904fe4729301fea7cf8d807c215f6fead7ad01e77a6cdbebb984286c656c5
                                                                                              • Instruction ID: b39db637650e3855b57eb962169927dd0244cd9781dcc1fd61da44da65d11a1f
                                                                                              • Opcode Fuzzy Hash: 560904fe4729301fea7cf8d807c215f6fead7ad01e77a6cdbebb984286c656c5
                                                                                              • Instruction Fuzzy Hash: 23F02B35E4A50D4BD7309E94E4002F9F7B4EF42314F01113AC04CE7150D73AD695DB45
                                                                                              Function 00007FFD9B40BF80 Relevance: .0, Instructions: 49COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9d25fc756b7c73e63499f5624b3ccc47276c8fe03578387a128c4eab3d087b76
                                                                                              • Instruction ID: a60f1e27073b5421724b3c3ee20ccfecd46166811e6687a0218fe149defd7887
                                                                                              • Opcode Fuzzy Hash: 9d25fc756b7c73e63499f5624b3ccc47276c8fe03578387a128c4eab3d087b76
                                                                                              • Instruction Fuzzy Hash: 0B01A931B29D4F4FDBA8EB1C9460DB6B3E1FFA834474446BAD05DC3299EE24E9418741
                                                                                              Function 00007FFD9B61773F Relevance: .0, Instructions: 47COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 39024c7134da38b1fe7bcc6e64b616c5bd814bbec536e98ded60a86f7dafc728
                                                                                              • Instruction ID: eeae0871f2c70f5ebbcba7d3b378783fa1889a62b517fbc50751298f34914840
                                                                                              • Opcode Fuzzy Hash: 39024c7134da38b1fe7bcc6e64b616c5bd814bbec536e98ded60a86f7dafc728
                                                                                              • Instruction Fuzzy Hash: 1DF027D3F0F91E0AF5B8514C38521F563C1DB89AB0B4612BAE41E8A697DC063D430080
                                                                                              Function 00007FFD9B404B89 Relevance: .0, Instructions: 47COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0983a6dc1b83970f736e5f2f6e5da6b0048b661a67c61fc556ffa805793cefc2
                                                                                              • Instruction ID: 2d075a4aac9c0e00829f5cd147d51d4fe9c5fef63925c1f869a9a2d1535b15b1
                                                                                              • Opcode Fuzzy Hash: 0983a6dc1b83970f736e5f2f6e5da6b0048b661a67c61fc556ffa805793cefc2
                                                                                              • Instruction Fuzzy Hash: 7B012B2190E7CD1FE7129B6888752F97FB0EF05210F4505FBD099CB0B3E9292A44C742
                                                                                              Function 00007FFD9B612254 Relevance: .0, Instructions: 46COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 17e2c01c78408d76c790524a0e445e521122468d45369f846ea0817ee6023026
                                                                                              • Instruction ID: 4ac803cd27ad7f420f28d330c16b3363cd67697f4dbf2b876c775cee8b884585
                                                                                              • Opcode Fuzzy Hash: 17e2c01c78408d76c790524a0e445e521122468d45369f846ea0817ee6023026
                                                                                              • Instruction Fuzzy Hash: 5EF04C32A0F65D4EEB3162E874565FD7BD0EF41328F02127AC4564B072C819758242C2
                                                                                              Function 00007FFD9B40AF99 Relevance: .0, Instructions: 44COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b56c2dde395e59f6e012c6b37defa57fb15c86159ff5b51f6ed08f2bbefa91ac
                                                                                              • Instruction ID: f4e79aa0d0eefc0eabada6ce0b2d478112321a985245eea2047752b5c24689db
                                                                                              • Opcode Fuzzy Hash: b56c2dde395e59f6e012c6b37defa57fb15c86159ff5b51f6ed08f2bbefa91ac
                                                                                              • Instruction Fuzzy Hash: F101D170A1DB8D4FDB45DF6888640FD7FB0FF55200B0005EBD468C32A2DA7959148700
                                                                                              Function 00007FFD9B414121 Relevance: .0, Instructions: 43COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ff76985e63d7625293162dc627a34cc9e0a52161ea4d51a4869e70442c451306
                                                                                              • Instruction ID: e256b0394240da2e6738c8b4cc9ad8b88d2caec6a1106143bc787ae1b870e0bb
                                                                                              • Opcode Fuzzy Hash: ff76985e63d7625293162dc627a34cc9e0a52161ea4d51a4869e70442c451306
                                                                                              • Instruction Fuzzy Hash: 55F0FC6294E6CD1FEB718A68D4753E63BA1EFA2310F0501F7D08CD7193EE241A05CB80
                                                                                              Function 00007FFD9B410B02 Relevance: .0, Instructions: 41COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4e1b9948908d0de1b3b54edc610642477294715e9a947cae9635c4f8a56b92eb
                                                                                              • Instruction ID: ba1d7b75e1ddf095f4d828bebd273d697d0e032317a3a540b8e96b6b94f14361
                                                                                              • Opcode Fuzzy Hash: 4e1b9948908d0de1b3b54edc610642477294715e9a947cae9635c4f8a56b92eb
                                                                                              • Instruction Fuzzy Hash: F3F02821A0EBCE0FE32697BC94645A07BE1EF55314B4E45F7C488CB2A7DA18E985C341
                                                                                              Function 00007FFD9B404B1D Relevance: .0, Instructions: 40COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7674fea490739d031489b64b8a809417da4f8ef4f9ee232c901b3309bebb4aa5
                                                                                              • Instruction ID: b1058e2d59d388804535257e9ed162a02be8b92ce2e44148eb08de7c4e8a2f3a
                                                                                              • Opcode Fuzzy Hash: 7674fea490739d031489b64b8a809417da4f8ef4f9ee232c901b3309bebb4aa5
                                                                                              • Instruction Fuzzy Hash: 9501D63090A68D8FDB54EF14D8612E97BB1FF55304F02047EE44CC7692DA75E950C780
                                                                                              Function 00007FFD9B61180D Relevance: .0, Instructions: 39COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 63ca7051240ef125ef8f86ea05b87e2e48254865d99e192fb2f8aad185e4e766
                                                                                              • Instruction ID: 8cee4a3e62e7d56c60d7dae163fb33b17c2d48a688f528192fb3019594dc959f
                                                                                              • Opcode Fuzzy Hash: 63ca7051240ef125ef8f86ea05b87e2e48254865d99e192fb2f8aad185e4e766
                                                                                              • Instruction Fuzzy Hash: C0F03032B0C5098FEB68DA58E8566F873E5FB94321F50417BC016C61A6EA35F5868BC0
                                                                                              Function 00007FFD9B405038 Relevance: .0, Instructions: 37COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 70235836ce9be39b1a07fb94dcf781182d9b559cd111398d36c3877d48484a11
                                                                                              • Instruction ID: efc8254f9c228a9c349e04e7df8100480ceafa4573fd6959b81eaa5084acd4be
                                                                                              • Opcode Fuzzy Hash: 70235836ce9be39b1a07fb94dcf781182d9b559cd111398d36c3877d48484a11
                                                                                              • Instruction Fuzzy Hash: D0F01D31F1592D8EDBA4DF58D860AFCB372FB45214F4041B6D05DD3295CE3569458B41
                                                                                              Function 00007FFD9B40A008 Relevance: .0, Instructions: 34COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 17c2a5b16e7a1eeaf5b933e0b733c9013d879647fb2c15d2d57ab06090cbc505
                                                                                              • Instruction ID: ba88a56fbab2d17d229064d2f35beeb4096c3c044a369a78d4bad6e9c635d0b4
                                                                                              • Opcode Fuzzy Hash: 17c2a5b16e7a1eeaf5b933e0b733c9013d879647fb2c15d2d57ab06090cbc505
                                                                                              • Instruction Fuzzy Hash: DBE0D847F4FD4D16E9B4A05C24542A419C2CBD827476907F6E44CC3199E8092D4313C0
                                                                                              Function 00007FFD9B4080DD Relevance: .0, Instructions: 33COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 800ef2ea4a817371ee16bc4c8e3a76de1c76d048bd8459839a74e7a69a80b45b
                                                                                              • Instruction ID: 40366c51fca6398895daf806dc441aad16cf48493022ba162e4a1312ad4d08b2
                                                                                              • Opcode Fuzzy Hash: 800ef2ea4a817371ee16bc4c8e3a76de1c76d048bd8459839a74e7a69a80b45b
                                                                                              • Instruction Fuzzy Hash: A0F0BE70A0968D4EE7B9AA6884253FA73A1EF44300F0008BB900DE3292DF395A84CB40
                                                                                              Function 00007FFD9B6281B5 Relevance: .0, Instructions: 31COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 786b5389d3273fbc93af0974130ffd062e6bc58c43cbbcb00a9ee9a0f233295b
                                                                                              • Instruction ID: 10e00785eaebdb00f40f1ca7680c1fc71755e5f50a66f71574b7c647f50e2e0b
                                                                                              • Opcode Fuzzy Hash: 786b5389d3273fbc93af0974130ffd062e6bc58c43cbbcb00a9ee9a0f233295b
                                                                                              • Instruction Fuzzy Hash: 66E09B6294E78E1FE711D66C4C795957BC0FF75314F4503FAD088CB5A3D54CA5064342
                                                                                              Function 00007FFD9B61563C Relevance: .0, Instructions: 31COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: cd0f2a1416ce398479223c7e97da66e74e2b7885963420e5a33959395abd4d3b
                                                                                              • Instruction ID: cbdc7d9558e20b9685b5ac9f69e2b982ca80c6bc148496cd489cf234931773d8
                                                                                              • Opcode Fuzzy Hash: cd0f2a1416ce398479223c7e97da66e74e2b7885963420e5a33959395abd4d3b
                                                                                              • Instruction Fuzzy Hash: E7E0D873B2D60E4BFB1459C9F4961F8B3D0EB54370F004037D51982572CB26741686C0
                                                                                              Function 00007FFD9B40BC4A Relevance: .0, Instructions: 31COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f8b77d1c7cfb79aca6fba62fb5b134ffc108baa26f30d322bededd253a7b833c
                                                                                              • Instruction ID: 605d99b1c1cff704d7203fcd173389b03047c79227ec414b829dcb7fbc1337de
                                                                                              • Opcode Fuzzy Hash: f8b77d1c7cfb79aca6fba62fb5b134ffc108baa26f30d322bededd253a7b833c
                                                                                              • Instruction Fuzzy Hash: A3F05475E2550D5BEB94FB98C895DAC77B2FFD8B50F814034E088932A2DE296C019711
                                                                                              Function 00007FFD9B40AF5E Relevance: .0, Instructions: 28COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: cd6fd528894d40bd45c91cfc189b58d2c7903144d40db69bb70daac9006380ab
                                                                                              • Instruction ID: 79b195e30a272b7f61552a10f09f8e8df665722b33e3d74d6c42fb8ee426c5f5
                                                                                              • Opcode Fuzzy Hash: cd6fd528894d40bd45c91cfc189b58d2c7903144d40db69bb70daac9006380ab
                                                                                              • Instruction Fuzzy Hash: BBE0CD8150F6CD5FEB2657B84C6B9947FA0DF1711074D42F6C0C8CF1A7D44D65499312
                                                                                              Function 00007FFD9B617773 Relevance: .0, Instructions: 27COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 019f66d36a6ee6ffd6d1e5db82ddba99d358d03230b5d140b172b167f5378193
                                                                                              • Instruction ID: 9457404267f9030e48b37e8849ff527a1acef7d9590c02eb04fc973388fd5964
                                                                                              • Opcode Fuzzy Hash: 019f66d36a6ee6ffd6d1e5db82ddba99d358d03230b5d140b172b167f5378193
                                                                                              • Instruction Fuzzy Hash: F2D05E73B9DA4D0EAA4CB65C78531F9B3C1D782130740427BD54BC298BEC5BA8530285
                                                                                              Function 00007FFD9B40CE72 Relevance: .0, Instructions: 26COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9a385322240f09f82913341bb5955054f4d511ad910a000482748fd85469f324
                                                                                              • Instruction ID: 69c01519e7be47da8021aedfd65a07716a7c240f4f03518b1fcf2aac72e3cb45
                                                                                              • Opcode Fuzzy Hash: 9a385322240f09f82913341bb5955054f4d511ad910a000482748fd85469f324
                                                                                              • Instruction Fuzzy Hash: 32E0D821B2C7C54BD349877C58654A5B7E0EF99214B0446BCE4CACB2C3CE28A90A8686
                                                                                              Function 00007FFD9B6265B4 Relevance: .0, Instructions: 25COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2809bef0e81b04f8593fcbce255764e1a70b0fafbbb36598094ead35aa606616
                                                                                              • Instruction ID: 3c1b06e0b86a6c6dd50155edf87e1d1921890c55dfd16e8b0aa4b01b56fa8d31
                                                                                              • Opcode Fuzzy Hash: 2809bef0e81b04f8593fcbce255764e1a70b0fafbbb36598094ead35aa606616
                                                                                              • Instruction Fuzzy Hash: 62E0E611F5F41E89FB609B84A4615FDB665EF4B200F512430D43DE71A6CD18B5015384
                                                                                              Function 00007FFD9B408075 Relevance: .0, Instructions: 24COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b84fdc4eafedcc0c3b9e0e7afc5feb84b12a1835acd940f4a0db5f6d7b21b7bf
                                                                                              • Instruction ID: fb2d092526a7112c4051149bc4022136f0860696172f294e096a993bc2efeac2
                                                                                              • Opcode Fuzzy Hash: b84fdc4eafedcc0c3b9e0e7afc5feb84b12a1835acd940f4a0db5f6d7b21b7bf
                                                                                              • Instruction Fuzzy Hash: 81E0E531E1441C8ECB54EF68E851BECB7B1FF44205F4040BAE01CE3286CA7969818B00
                                                                                              Function 00007FFD9B580228 Relevance: .0, Instructions: 22COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2972902578.00007FFD9B580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B580000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b580000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 86997d6716df0a99800092c2624698a61f3a62770cdca1f09bbb3bdf2cd57dcc
                                                                                              • Instruction ID: 3f79e5ea7d3855811826b62c336887f5764a2b0e8b141d7f54097a79a077d402
                                                                                              • Opcode Fuzzy Hash: 86997d6716df0a99800092c2624698a61f3a62770cdca1f09bbb3bdf2cd57dcc
                                                                                              • Instruction Fuzzy Hash: 14E08C31A0984E8BDF85EF98C4559EDBBB1EFA8300F5540B5E82DC31A2CE30A9409B80
                                                                                              Function 00007FFD9B414190 Relevance: .0, Instructions: 22COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d003355b1f62127785ee79205d9789dc92b7378ca375a23ab64d0af6823b9b81
                                                                                              • Instruction ID: d208e62ecb4b7677ef3a53a9d29124a9405814e3fa694271b05fa082da6474b3
                                                                                              • Opcode Fuzzy Hash: d003355b1f62127785ee79205d9789dc92b7378ca375a23ab64d0af6823b9b81
                                                                                              • Instruction Fuzzy Hash: 16E01A70E0541D8AEB68EAA888547ACA3A1FF64304F10017AD00DD3292CF3459028B40
                                                                                              Function 00007FFD9B41E9F0 Relevance: .0, Instructions: 21COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3982a254b875b166819a550fe4d4268b3dd30aca9d1bb7d46d70a0db59bc194e
                                                                                              • Instruction ID: 1ee8caa8146c9f5f86d215641de1d7abd287ceb26f40d23040d673953e0e41c1
                                                                                              • Opcode Fuzzy Hash: 3982a254b875b166819a550fe4d4268b3dd30aca9d1bb7d46d70a0db59bc194e
                                                                                              • Instruction Fuzzy Hash: 63E08C1090F6CE5FDE52B7FC44AA0DA3FB05E0B184B0944E9C08A9F0B3D50C160EC302
                                                                                              Function 00007FFD9B610C28 Relevance: .0, Instructions: 19COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2973804640.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 04904506757da6511cbe0e917df726923346430af2568cd2cb187a6f22c16f4d
                                                                                              • Instruction ID: ea4d6d74a8759b64da1313020c77b1db8933916126515d4788b6db340b8fa8cb
                                                                                              • Opcode Fuzzy Hash: 04904506757da6511cbe0e917df726923346430af2568cd2cb187a6f22c16f4d
                                                                                              • Instruction Fuzzy Hash: 07D0175510E9C86FDA6393F824B54E66FE4AF4B02474D85E9C4EA4F1B3C82C2A03C300
                                                                                              Function 00007FFD9B40AAE0 Relevance: .0, Instructions: 11COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9d276c24fc5349df3f750725a1f6a4de57c31a99dc0445ecfa0ac70e4171310f
                                                                                              • Instruction ID: 312a0d8a94de6d5512d2090335a807f67bbd499f496679d31a19ceb61d736ada
                                                                                              • Opcode Fuzzy Hash: 9d276c24fc5349df3f750725a1f6a4de57c31a99dc0445ecfa0ac70e4171310f
                                                                                              • Instruction Fuzzy Hash: 86C08C20A2590D8AC728B76884810187690FF08204FC001F4E44CC2284DA6D91445706
                                                                                              Function 00007FFD9B4081AE Relevance: .0, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.2970539443.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7af8e6b370b6a199492327b0ff43961ac209d314fdbbd81fd1e9701e82af44eb
                                                                                              • Instruction ID: 402dbeab88a2ffc8d2d4a7c6004e062292cf018461791876795262bff0e28b00
                                                                                              • Opcode Fuzzy Hash: 7af8e6b370b6a199492327b0ff43961ac209d314fdbbd81fd1e9701e82af44eb
                                                                                              • Instruction Fuzzy Hash: 10C09B50A0559C5FD3539BB9547C7D57FF04F15001B0804DF449DDB1E1C92855868704