Edit tour

Windows Analysis Report
setup_north_west_arctic_borrough.msi

Overview

General Information

Sample name:	setup_north_west_arctic_borrough.msi
Analysis ID:	1530140
MD5:	4946692d1054133187414b16847fda29
SHA1:	0bfdd52352dd3bf457543b2ce542f3a609bc36d8
SHA256:	fce7b065d52befe698a40233ccf2c9f6a3e9a99105c5b89fe671ba713094a8bf
Infos:

Detection

AteraAgent

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

System process connects to network (likely due to code injection or exploit)

Yara detected AteraAgent

AI detected suspicious sample

Creates files in the system32 config directory

Installs Task Scheduler Managed Wrapper

Queries disk data (e.g. SMART data)

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Queries sensitive service information (via WMI, MSSMBios_RawSMBiosTables, often done to detect sandboxes)

Queries sensitive service information (via WMI, WIN32_SERVICE, often done to detect sandboxes)

Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)

Queries sensitive sound device information (via WMI, Win32_SoundDevice, often done to detect virtual machines)

Reads the Security eventlog

Reads the System eventlog

Yara detected Generic Downloader

Adds / modifies Windows certificates

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks for available system drives (often done to infect USB drives)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates COM task schedule object (often to register a task for autostart)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates or modifies windows services

Deletes files inside the Windows folder

Detected potential crypto function

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Drops certificate files (DER)

Enables debug privileges

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

Is looking for software installed on the system

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file does not import any functions

Queries disk information (often used to detect virtual machines)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the product ID of Windows

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Stores large binary data to the registry

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Uses net.exe to stop services

Uses taskkill to terminate processes

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

System is w10x64

msiexec.exe (PID: 3504 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\setup_north_west_arctic_borrough.msi" MD5: E5DA170027542E25EDE42FC54C929077)

msiexec.exe (PID: 5832 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)

msiexec.exe (PID: 5344 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 6A3621A3D7CD44D53C941897192273B5 MD5: 9D09DC1EDA745A5F87553048E57620CF)

rundll32.exe (PID: 6432 cmdline: rundll32.exe "C:\Windows\Installer\MSI957D.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_7312890 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId MD5: 889B99C52A60DD49227C5E485A016679)

rundll32.exe (PID: 5760 cmdline: rundll32.exe "C:\Windows\Installer\MSI97E0.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_7313406 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart MD5: 889B99C52A60DD49227C5E485A016679)

rundll32.exe (PID: 4480 cmdline: rundll32.exe "C:\Windows\Installer\MSIA8D8.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_7317750 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation MD5: 889B99C52A60DD49227C5E485A016679)

rundll32.exe (PID: 7096 cmdline: rundll32.exe "C:\Windows\Installer\MSIBF53.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_7323531 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd MD5: 889B99C52A60DD49227C5E485A016679)

msiexec.exe (PID: 6552 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding D6F3D03429785CC702A8D4B77C4A048E E Global\MSI0000 MD5: 9D09DC1EDA745A5F87553048E57620CF)

net.exe (PID: 6524 cmdline: "NET" STOP AteraAgent MD5: 31890A7DE89936F922D44D677F681A7F)

conhost.exe (PID: 6332 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

net1.exe (PID: 6672 cmdline: C:\Windows\system32\net1 STOP AteraAgent MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1)

taskkill.exe (PID: 4836 cmdline: "TaskKill.exe" /f /im AteraAgent.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 2104 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

AteraAgent.exe (PID: 2608 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="pbell@solutionzsecurity.com" /CompanyId="20" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q3000001lTaiIAE" /AgentId="687399e7-85e9-4e3a-8465-e1cdfab81e34" MD5: 477293F80461713D51A98A24023D45E8)

msiexec.exe (PID: 4084 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 07EC56ACC4FB4E8D88E3CE21E24A8ED3 E Global\MSI0000 MD5: 9D09DC1EDA745A5F87553048E57620CF)

rundll32.exe (PID: 5820 cmdline: rundll32.exe "C:\Windows\Installer\MSI88A0.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_7375296 37 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId MD5: 889B99C52A60DD49227C5E485A016679)

AteraAgent.exe (PID: 5808 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" MD5: 477293F80461713D51A98A24023D45E8)

sc.exe (PID: 1496 cmdline: "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000 MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

conhost.exe (PID: 4144 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

AgentPackageAgentInformation.exe (PID: 7148 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "16038b3c-d35a-4c69-b34e-6367184ec3ca" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q3000001lTaiIAE MD5: 31DEF444E6135301EA3C38A985341837)

conhost.exe (PID: 2940 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

AgentPackageAgentInformation.exe (PID: 5760 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "2a1a3dc9-6072-498e-b1b6-fcd7a9da4519" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q3000001lTaiIAE MD5: 31DEF444E6135301EA3C38A985341837)

conhost.exe (PID: 6984 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

AgentPackageAgentInformation.exe (PID: 7084 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "79bc36b0-3b49-4e44-ab46-b92058304cdc" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q3000001lTaiIAE MD5: 31DEF444E6135301EA3C38A985341837)

conhost.exe (PID: 5168 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 3656 cmdline: "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 4676 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cscript.exe (PID: 6408 cmdline: cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus MD5: 24590BF74BBBBFD7D7AC070F4E3C44FD)

AgentPackageSTRemote.exe (PID: 5952 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "78309870-edc4-47c0-bbf7-c19973e138fe" agent-api.atera.com/Production 443 or8ixLi90Mf "install eyJSbW1Db2RlIjoiaFpDREZQaEs3NW1KIn0=" 001Q3000001lTaiIAE MD5: 749C51599FBF82422791E0DF1C1E841C)

conhost.exe (PID: 6192 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

AgentPackageMonitoring.exe (PID: 5784 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "bd4bff8f-27a8-4dc1-872a-980375696b10" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q3000001lTaiIAE MD5: B50005A1A62AFA85240D1F65165856EB)

conhost.exe (PID: 2944 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WMIADAP.exe (PID: 7148 cmdline: wmiadap.exe /F /T /R MD5: 1BFFABBD200C850E6346820E92B915DC)

AteraAgent.exe (PID: 5312 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" MD5: 477293F80461713D51A98A24023D45E8)

sc.exe (PID: 5572 cmdline: "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000 MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

conhost.exe (PID: 1988 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

AgentPackageAgentInformation.exe (PID: 2604 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "9126087d-b76b-4264-814a-f2ee6afd34d4" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q3000001lTaiIAE MD5: 31DEF444E6135301EA3C38A985341837)

conhost.exe (PID: 6508 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 1360 cmdline: "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 5524 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cscript.exe (PID: 6436 cmdline: cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus MD5: 24590BF74BBBBFD7D7AC070F4E3C44FD)

AgentPackageUpgradeAgent.exe (PID: 4368 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "b8b132d1-7f13-4735-aac8-7ef47e479aab" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q3000001lTaiIAE MD5: D11B2139D29E79D795054C3866898B7F)

conhost.exe (PID: 4124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

msiexec.exe (PID: 1248 cmdline: "msiexec.exe" /i C:\Windows\TEMP\ateraAgentSetup64_1_8_7_2.msi /lv* AteraSetupLog.txt /qn /norestart MD5: E5DA170027542E25EDE42FC54C929077)

AgentPackageTicketing.exe (PID: 1960 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "cbde5df1-15a4-4fef-92d1-c63c8c70d7ff" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q3000001lTaiIAE MD5: B39264220D20A5C2807CDA3EA5F6B772)

conhost.exe (PID: 1708 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

AgentPackageProgramManagement.exe (PID: 5732 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "ce61aaf7-c4bb-4ea2-b8bb-461de1d02139" agent-api.atera.com/Production 443 or8ixLi90Mf "syncinstalledapps" 001Q3000001lTaiIAE MD5: E32856BEF4126DF5FB008E0EC9E7A3DD)

conhost.exe (PID: 1272 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

AgentPackageInternalPoller.exe (PID: 6096 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "afad775b-451e-4311-9587-744c8d434acb" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q3000001lTaiIAE MD5: 01807774F043028EC29982A62FA75941)

conhost.exe (PID: 5836 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

AgentPackageMonitoring.exe (PID: 4536 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "5ee99619-9843-4e71-8ec6-100034578c04" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q3000001lTaiIAE MD5: B50005A1A62AFA85240D1F65165856EB)

conhost.exe (PID: 6484 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

AgentPackageHeartbeat.exe (PID: 4456 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "6a2bb835-f7f4-4652-b67d-6f8ee428937d" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q3000001lTaiIAE MD5: 797C9554EC56FD72EBB3F6F6BEF67FB5)

conhost.exe (PID: 6104 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sppsvc.exe (PID: 5532 cmdline: C:\Windows\system32\sppsvc.exe MD5: 320823F03672CEB82CC3A169989ABD12)

svchost.exe (PID: 528 cmdline: C:\Windows\System32\svchost.exe -k smphost MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

svchost.exe (PID: 2584 cmdline: C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

AgentPackageUpgradeAgent.exe (PID: 828 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" schedulerrun MD5: D11B2139D29E79D795054C3866898B7F)

conhost.exe (PID: 5144 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author
C:\Windows\Temp\~DF30D1C3A3F3C52661.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DF6D84DA21E88EAFF2.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DF1DAD5CE241DBBC25.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DFF9B7B2C39BDCF2F8.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Installer\MSI88A0.tmp-\AlphaControlAgentInstallation.dll	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DF11AD082751D839CE.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackages.CommonLib.dll	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.Utils.dll	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Windows\Temp\~DF9745840C1C01DA85.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackage.Common.dll	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DF809B400B5BDB2188.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.dll	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.dll	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\logs\chocolatey.log	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DFD3AFA7BC325B0CD8.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.ModelsV3.dll	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.ModelsV3.dll	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\AteraSetupLog.txt	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DF8BA79504650458FA.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DF8BA79504650458FA.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\logs\choco.summary.log	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Config.Msi\6f9475.rbs	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DF1949AFECA6666438.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\AteraAgent.exe	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\UserDetections.dll	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DF6D0646B451E9EB1D.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\netstandard.dll	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Windows\Temp\~DFF5F5D090B199066A.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.CommonLib.dll	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DFBED9AFADF480C9A1.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DFBED9AFADF480C9A1.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Config.Msi\6f947a.rbs	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Config.Msi\6f947a.rbs	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
\Device\ConDrv	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
\Device\ConDrv	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
\Device\ConDrv	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
\Device\ConDrv	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
\Device\ConDrv	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DFDB3EB0E6CE23FF85.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Installer\MSI97E0.tmp-\AlphaControlAgentInstallation.dll	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DFA618C08E10C9A02E.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DF2578F7C9837AD8AA.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DFE369163077145993.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.Utils.dll	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Windows\Temp\Microsoft_.NET_Runtime_-_6.0.32_(x64)_20241009125355_001_dotnet_hostfxr_6.0.32_win_x64.msi.log	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\Microsoft_.NET_Runtime_-_6.0.32_(x64)_20241009125355_001_dotnet_hostfxr_6.0.32_win_x64.msi.log	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\Microsoft_.NET_Runtime_-_6.0.32_(x64)_20241009125355_001_dotnet_hostfxr_6.0.32_win_x64.msi.log	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DFB03E3A2372E7CF43.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Installer\MSIAB1B.tmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Installer\MSIAE8A.tmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DFCB5B588360CD50FC.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DF93D35BD8DB6BB701.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DF6413D90088728547.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Installer\MSIA8D8.tmp-\AlphaControlAgentInstallation.dll	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DFB5AEC5BD5DED6FE8.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DF51492CE7C717C66A.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DF2CE5038A7892C755.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DF13D2EE8723F9B19A.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Installer\MSIBF53.tmp-\AlphaControlAgentInstallation.dll	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Installer\MSIBF53.tmp-\AlphaControlAgentInstallation.dll	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DF0C54FFDF209D7A2B.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DF0C54FFDF209D7A2B.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DF9A1AE7BD619E298A.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DFF316DEB06EBD2809.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Config.Msi\6f9482.rbs	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Config.Msi\6f9482.rbs	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.dll	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.Common.dll	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.dll	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Windows\Temp\~DFFEEDD9334B4A8F90.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\netstandard.dll	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Windows\Temp\~DFEF8364792F298A7B.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\choco-logs\10-09-2024 12_53_25-log.txt	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DF702159476DFB4BB0.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\Microsoft_.NET_Runtime_-_6.0.32_(x64)_20241009125355_000_dotnet_runtime_6.0.32_win_x64.msi.log	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\log.txt	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\Microsoft_.NET_Runtime_-_6.0.32_(x64)_20241009125355_002_dotnet_host_6.0.32_win_x64.msi.log	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\System32\InstallUtil.InstallLog	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Installer\MSIC998.tmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\AteraAgent.InstallLog	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DFE1EF213AB4B15E7B.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Installer\MSI957D.tmp-\AlphaControlAgentInstallation.dll	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Installer\MSI957D.tmp-\AlphaControlAgentInstallation.dll	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Installer\MSI957D.tmp-\AlphaControlAgentInstallation.dll	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Installer\MSI957D.tmp-\AlphaControlAgentInstallation.dll	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Installer\MSI957D.tmp-\AlphaControlAgentInstallation.dll	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DF1E7ADEA6E62D9FA1.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\RestartReminder.exe	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DF55EB2CC3425FD98C.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DFFD136A2343B2DC6B.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DFFD136A2343B2DC6B.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DFA4AB1E7FE9D71377.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\chocolatey.dll	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
Click to see the 105 entries

Memory Dumps

Source	Rule	Description	Author
00000039.00000002.2952874607.000001ADFB91F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000022.00000002.2354573385.000001DCD88D0000.00000004.00000020.00040000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000034.00000002.2855793234.00000206A0E3F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002C.00000002.2879114266.000002521B997000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000032.00000002.2760893246.00000284E956E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001A.00000002.2412488511.0000019080237000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001F.00000002.2821624873.000001F01948F000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000034.00000002.2855793234.00000206A0E48000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000032.00000002.2760893246.00000284E957C000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001F.00000002.2886888877.000001F031A90000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000039.00000002.2970797378.000001ADFD9F9000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002F.00000000.2620572865.0000027477D62000.00000002.00000001.01000000.00000028.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001A.00000002.2412488511.0000019080209000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2555885176.000001A907AA9000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000029.00000003.2578829905.000001D1FDC40000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001A.00000002.2418789755.00000190F93A0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000037.00000002.2748921844.0000027F6F5B0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2555885176.000001A907EDB000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000027.00000002.2745515250.000001CD672F0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000039.00000002.2952874607.000001ADFB8E8000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2555885176.000001A907C1F000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000005.00000002.2076672562.0000000005041000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000D.00000002.2131297055.000001E201A42000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000029.00000002.2638898710.000001D1FDB2C000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000017.00000002.2933069437.0000024FC63B6000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000011.00000002.2185549667.0000000004C41000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000013.00000002.2239054946.000001F399A30000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000027.00000002.2762276165.000001CD675BF000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001A.00000002.2417534448.00000190F9053000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001F.00000002.2820363756.000001F018CA0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000027.00000002.2746641380.000001CD6731D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2555885176.000001A907DBD000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000032.00000002.2698224529.0000028480485000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000017.00000002.2772005780.0000024FAE0B1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2569096756.000001A9204E5000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002C.00000002.2895950348.000002521BA85000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000027.00000002.2694483826.000001CD4E425000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000037.00000002.2748921844.0000027F6F623000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000017.00000002.2921074159.0000024FC5EBA000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002F.00000002.3286337377.0000027400062000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000037.00000002.2732675066.0000027F6E500000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001F.00000002.2805553580.000001F018AC0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2555885176.000001A90782E000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000017.00000002.2772005780.0000024FADE52000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000017.00000002.2762901914.0000024FACE60000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000003B.00000002.2722169194.00000291872E0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002C.00000002.2879114266.000002521B9E0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000017.00000002.2772005780.0000024FADEBB000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000039.00000002.2852389985.000001AD806F1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000017.00000002.2772005780.0000024FAE03E000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000D.00000002.2133638170.000001E27F670000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000017.00000002.2762901914.0000024FACE9E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000005.00000003.2037606500.0000000004E4C000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000022.00000002.2355864450.000001DCD8CA0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002E.00000002.2632395203.00000204389A5000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000015.00000002.2259374577.0000018323563000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001E.00000002.2332955481.000002A05A9F0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000039.00000002.2952874607.000001ADFB964000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000022.00000002.2357000469.000001DCD93A9000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000029.00000002.2638898710.000001D1FDB43000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000017.00000002.2772005780.0000024FAE088000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000027.00000002.2701402484.000001CD4EA33000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000032.00000002.2774262893.00000284EA500000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000027.00000002.2701402484.000001CD4E9C1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000039.00000002.2852389985.000001AD806BE000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2567768051.000001A92047E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000032.00000002.2698224529.0000028480632000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000027.00000002.2701402484.000001CD4EFAB000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000D.00000002.2131297055.000001E201A76000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000D.00000002.2133638170.000001E27F5E6000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000017.00000002.2771153244.0000024FAD100000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000039.00000002.2852389985.000001AD80439000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002C.00000002.2945196478.00000252349D7000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000027.00000002.2694483826.000001CD4E3E0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000017.00000002.2772005780.0000024FADD70000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000003B.00000002.2757395932.00000291A02D0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002C.00000002.2896600166.000002521BC40000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000013.00000002.2240195040.000001F39A3E3000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2555885176.000001A907BDC000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000015.00000002.2259374577.0000018323573000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000017.00000002.2762901914.0000024FACEE6000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000037.00000002.2748921844.0000027F6F606000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001F.00000000.2277452564.000001F0188B2000.00000002.00000001.01000000.0000001A.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000017.00000002.2772005780.0000024FADB13000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000034.00000003.2806116888.00000206A0D70000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001C.00000002.2334594137.0000015681BDB000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000032.00000002.2698224529.0000028480245000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002C.00000002.2944848489.0000025234976000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002C.00000002.2879114266.000002521B995000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002C.00000002.2901298634.000002521C31D000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002E.00000002.2632395203.000002043893F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002E.00000002.2636285066.0000020438BC0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2566330920.000001A92008A000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000027.00000002.2757310614.000001CD674B7000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000022.00000002.2376302276.00007FF8A0099000.00000004.00000001.01000000.0000001C.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000027.00000002.2701402484.000001CD4EA07000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000027.00000002.2693599901.000001CD4E340000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000027.00000002.2694483826.000001CD4E462000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000032.00000002.2698224529.0000028480363000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002C.00000002.2942674637.0000025234940000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000039.00000002.2852389985.000001AD800E6000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2567768051.000001A92043A000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002C.00000002.2901298634.000002521C0B1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000013.00000002.2240195040.000001F39A3D3000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002E.00000002.2632395203.0000020438920000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000013.00000002.2239875932.000001F39A1D2000.00000002.00000001.01000000.00000018.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000037.00000002.2744316303.0000027F6E710000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000036.00000003.2656762957.000000000404B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000039.00000002.2970445601.000001ADFD9E8000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000013.00000002.2239054946.000001F399A78000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000D.00000002.2133638170.000001E27F60C000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000022.00000002.2354693153.000001DCD89FC000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2554366052.000001A907016000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000017.00000002.2772005780.0000024FAD70C000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000015.00000002.2258664739.0000018322D1C000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000015.00000002.2258664739.0000018322CCC000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000022.00000002.2363956600.000001DCF29C5000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000015.00000002.2259374577.00000183234F1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000032.00000002.2698224529.0000028480629000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000015.00000002.2258664739.0000018322C99000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2567768051.000001A92046E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000039.00000002.2852389985.000001AD80291000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001A.00000002.2419452759.00000190FA2C7000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000005.00000002.2076672562.00000000050E4000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000037.00000002.2696231813.0000027F0023B000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000015.00000002.2258664739.0000018322C90000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002C.00000002.2901298634.000002521C32E000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000003B.00000002.2742395744.0000029187550000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2555885176.000001A907BFA000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001A.00000002.2423765558.00000190FA4BD000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000039.00000002.2852389985.000001AD8051C000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000003B.00000002.2722169194.00000291873C0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000D.00000002.2131297055.000001E201A8C000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002E.00000002.2637452817.0000020439243000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000017.00000002.2933069437.0000024FC6354000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001C.00000002.2334594137.0000015681BD0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000011.00000002.2185549667.0000000004CE4000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000017.00000002.2772005780.0000024FAD8C8000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000034.00000002.2855135925.00000206A0390000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000029.00000002.2638898710.000001D1FDB20000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000006.00000003.2079152395.0000000004403000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000037.00000002.2696231813.0000027F0022F000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000013.00000002.2239576380.000001F399B70000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000039.00000002.2852389985.000001AD803CD000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000003B.00000002.2745116449.0000029187D5E000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001F.00000002.2886888877.000001F031B19000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000027.00000002.2701402484.000001CD4EF63000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000039.00000002.2852389985.000001AD806A7000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000027.00000002.2694483826.000001CD4E3FF000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000034.00000003.2853143706.00000206A037B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001A.00000002.2422198804.00000190FA3C8000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000039.00000002.2952874607.000001ADFB8FB000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002F.00000002.3286337377.0000027400001000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000039.00000002.2970114929.000001ADFD7D7000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000037.00000002.2696231813.0000027F00239000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002C.00000002.2879114266.000002521BA42000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002B.00000002.2635451187.0000024036000000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2554366052.000001A906FCC000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000037.00000002.2732675066.0000027F6E58D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000039.00000002.2852389985.000001AD806EB000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000039.00000002.2965428168.000001ADFC960000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000039.00000002.2970203862.000001ADFD9D5000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000032.00000002.2780389507.00000284EA829000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000017.00000002.2772005780.0000024FAE144000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2555885176.000001A907A59000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000022.00000002.2364494832.000001DCF2BF0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000032.00000002.2776222572.00000284EA574000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2555885176.000001A907BF7000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000013.00000002.2239054946.000001F399B05000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000D.00000002.2131297055.000001E201999000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000022.00000000.2316796496.000001DCD87E2000.00000002.00000001.01000000.0000001B.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000039.00000002.2960254708.000001ADFBBA0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000039.00000002.2852389985.000001AD8057B000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000022.00000002.2354693153.000001DCD8A32000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002C.00000002.2879114266.000002521B970000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000039.00000002.2852389985.000001AD80298000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000034.00000002.2855135925.00000206A0395000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000034.00000003.2853404465.00000206A038E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2555885176.000001A907AF2000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000017.00000002.2921074159.0000024FC5E70000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000022.00000002.2357595267.000001DCD99F2000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002E.00000002.2637452817.00000204391C1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000039.00000002.2852389985.000001AD80667000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001C.00000002.2334594137.0000015681BF3000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000D.00000002.2133163408.000001E21A4B0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000032.00000000.2625090760.00000284E9352000.00000002.00000001.01000000.00000029.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000017.00000002.2921074159.0000024FC5E9D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000013.00000002.2239054946.000001F399A70000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002C.00000002.2945196478.0000025234982000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000037.00000002.2732675066.0000027F6E5CF000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000013.00000002.2239054946.000001F399ABC000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2553981970.000001A906EC0000.00000004.00000020.00040000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2555574617.000001A9072D0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001A.00000002.2417534448.00000190F904D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000003B.00000002.2743014013.00000291876B2000.00000002.00000001.01000000.00000032.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000017.00000002.2772005780.0000024FADB9E000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000017.00000002.2933069437.0000024FC636D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000003B.00000002.2745116449.0000029187C11000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000022.00000002.2354693153.000001DCD8A3C000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000D.00000002.2131297055.000001E2019CA000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001F.00000002.2805553580.000001F018B0A000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000039.00000002.2952874607.000001ADFB91B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2572723144.000001A9208E2000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000D.00000002.2131297055.000001E2019C2000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000017.00000002.2772005780.0000024FAD6A1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2554366052.000001A906F90000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000032.00000002.2760893246.00000284E95B7000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001A.00000002.2421857675.00000190FA397000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000017.00000002.2772005780.0000024FADA07000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000039.00000002.2852389985.000001AD806B5000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001C.00000002.2334684601.0000015681CD0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000039.00000002.2852389985.000001AD80001000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000037.00000002.2696231813.0000027F0001E000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000037.00000002.2696231813.0000027F00237000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000027.00000002.2694483826.000001CD4E41B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000039.00000002.2972589705.000001ADFDBA7000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2555885176.000001A907E8F000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000032.00000002.2698224529.000002848034A000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000017.00000002.2762619531.0000024FACE00000.00000004.00000020.00040000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000034.00000003.2853143706.00000206A0395000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000017.00000002.2772005780.0000024FAE082000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000032.00000002.2698224529.000002848063C000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000017.00000002.2752382923.000000C390DB5000.00000004.00000010.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2567768051.000001A9204AF000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000013.00000000.2222107135.000001F3998A2000.00000002.00000001.01000000.00000016.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000D.00000002.2133638170.000001E27F5E0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000029.00000002.2639146065.000001D1FDC20000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000017.00000002.2772005780.0000024FAE07B000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000037.00000002.2696231813.0000027F00170000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000027.00000002.2701402484.000001CD4EFAE000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000032.00000002.2698224529.000002848062E000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000017.00000002.2933069437.0000024FC63C5000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002C.00000002.2876800438.000002521B950000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002F.00000002.3280691949.000000B0112F1000.00000004.00000010.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001A.00000002.2412488511.0000019080001000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2555885176.000001A907A9A000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000022.00000002.2357000469.000001DCD9340000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000017.00000002.2772005780.0000024FADF79000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002E.00000002.2632395203.0000020438928000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000032.00000002.2698224529.0000028480218000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001A.00000002.2412488511.000001908023B000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001A.00000002.2412488511.0000019080173000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002F.00000002.3286337377.000002740007F000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001F.00000002.2886888877.000001F031B2A000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000039.00000002.2970886953.000001ADFD9FD000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000037.00000002.2696231813.0000027F00020000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001F.00000002.2805553580.000001F018B02000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000037.00000002.2696231813.0000027F00001000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000017.00000002.2772005780.0000024FAE0A9000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2555885176.000001A9077C1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2555885176.000001A907D7F000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000017.00000002.2772005780.0000024FADF51000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002E.00000002.2632395203.000002043895E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000039.00000002.3030901880.00007FF8A13D9000.00000004.00000001.01000000.0000001C.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2552517246.00000097EB0F5000.00000004.00000010.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000037.00000000.2663182188.0000027F6E2F2000.00000002.00000001.01000000.00000030.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000022.00000002.2355757363.000001DCD8C72000.00000002.00000001.01000000.0000001D.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000037.00000002.2732675066.0000027F6E50C000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2555885176.000001A907908000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002C.00000000.2592799756.000002521B762000.00000002.00000001.01000000.00000027.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2569096756.000001A9204F5000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000017.00000002.2772005780.0000024FADB70000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000032.00000002.2760893246.00000284E954F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000D.00000002.2131297055.000001E2019D9000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000015.00000002.2259208916.0000018322E60000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000032.00000002.2698224529.000002848050F000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000017.00000002.2772005780.0000024FAD9BF000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000022.00000002.2354693153.000001DCD8A7E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000022.00000002.2363859046.000001DCF27C7000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000034.00000003.2854093820.00000206A038A000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001F.00000002.2821624873.000001F019311000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000D.00000002.2133194920.000001E21A500000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000032.00000002.2698224529.00000284803FA000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2567768051.000001A920400000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001C.00000003.2270612319.0000015681CF0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000039.00000002.2852389985.000001AD80287000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000022.00000002.2357595267.000001DCD9451000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000017.00000002.2921074159.0000024FC5F37000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000039.00000002.2952426101.000001ADFB850000.00000004.00000020.00040000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000022.00000002.2354693153.000001DCD89F0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000003B.00000002.2722169194.00000291872EC000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000017.00000002.2762901914.0000024FACF34000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000034.00000002.2854984976.00000206A038B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001A.00000002.2417534448.00000190F9097000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000032.00000002.2698224529.000002848022C000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001A.00000002.2412488511.0000019080299000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2555885176.000001A907CA9000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000039.00000002.2965428168.000001ADFCA29000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000003B.00000002.2722169194.0000029187368000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002C.00000002.2870195156.000000C778D83000.00000004.00000010.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000D.00000002.2134536514.00007FF848B34000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000017.00000002.2772005780.0000024FADD3D000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000004.00000003.2030969120.0000000004D16000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000015.00000002.2258664739.0000018322CAC000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000D.00000002.2133638170.000001E27F604000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000D.00000002.2133638170.000001E27F62D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000011.00000003.2136712582.0000000004859000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000022.00000002.2364282339.000001DCF29D6000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2555885176.000001A907B01000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2555885176.000001A907E5A000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002C.00000002.2901298634.000002521C224000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000D.00000002.2134145731.000001E27F980000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000032.00000002.2770327397.00000284E9810000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2566330920.000001A920040000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001A.00000002.2417534448.00000190F9010000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000039.00000002.2952874607.000001ADFB8E0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000003B.00000002.2722169194.0000029187321000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000D.00000002.2133638170.000001E27F622000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000D.00000000.2096756526.000001E27F4A2000.00000002.00000001.01000000.0000000F.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000034.00000003.2853404465.00000206A0395000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000017.00000002.2772005780.0000024FAD9AE000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000D.00000002.2131297055.000001E20199C000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000017.00000002.2933069437.0000024FC6408000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000017.00000002.2772005780.0000024FADDA7000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000032.00000002.2760893246.00000284E9530000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000037.00000002.2732675066.0000027F6E540000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000D.00000002.2131297055.000001E2019C4000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000032.00000002.2760893246.00000284E9538000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001F.00000002.2821624873.000001F019388000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001F.00000002.2805553580.000001F018B4E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000017.00000002.2772005780.0000024FAD82F000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000032.00000002.2698224529.0000028480001000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000017.00000002.2772005780.0000024FAD787000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001A.00000002.2412488511.0000019080094000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000D.00000002.2131297055.000001E201911000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000027.00000002.2701402484.000001CD4EB92000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000013.00000002.2240195040.000001F39A361000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001F.00000002.2821624873.000001F019519000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000027.00000002.2701402484.000001CD4EA43000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000022.00000002.2357595267.000001DCD953D000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: rundll32.exe PID: 6432	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: rundll32.exe PID: 5760	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: rundll32.exe PID: 4480	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: AteraAgent.exe PID: 2608	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: AteraAgent.exe PID: 5808	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: rundll32.exe PID: 7096	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: AgentPackageAgentInformation.exe PID: 7148	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: AgentPackageAgentInformation.exe PID: 5760	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: AteraAgent.exe PID: 5312	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: AgentPackageAgentInformation.exe PID: 7084	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: cmd.exe PID: 3656	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: cscript.exe PID: 6408	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: AgentPackageSTRemote.exe PID: 5952	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: AgentPackageMonitoring.exe PID: 5784	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: AgentPackageAgentInformation.exe PID: 2604	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: cmd.exe PID: 1360	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: cscript.exe PID: 6436	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: AgentPackageUpgradeAgent.exe PID: 4368	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: AgentPackageUpgradeAgent.exe PID: 828	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: AgentPackageTicketing.exe PID: 1960	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: AgentPackageProgramManagement.exe PID: 5732	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: msiexec.exe PID: 1248	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: rundll32.exe PID: 5820	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: AgentPackageInternalPoller.exe PID: 6096	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: AgentPackageMonitoring.exe PID: 4536	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: AgentPackageHeartbeat.exe PID: 4456	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Click to see the 353 entries

Unpacked PEs

Source	Rule	Description	Author
23.2.AteraAgent.exe.24fadd93f58.1.raw.unpack	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
50.0.AgentPackageProgramManagement.exe.284e9350000.0.unpack	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
19.0.AgentPackageAgentInformation.exe.1f3998a0000.0.unpack	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
19.0.AgentPackageAgentInformation.exe.1f3998a0000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
19.2.AgentPackageAgentInformation.exe.1f39a1d0000.1.unpack	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
47.0.AgentPackageTicketing.exe.27477d60000.0.unpack	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
13.0.AteraAgent.exe.1e27f4a0000.0.unpack	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
44.0.AgentPackageUpgradeAgent.exe.2521b760000.0.unpack	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
23.2.AteraAgent.exe.24fadb80da0.0.raw.unpack	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
55.0.AgentPackageInternalPoller.exe.27f6e2f0000.0.unpack	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
34.0.AgentPackageMonitoring.exe.1dcd87e0000.0.unpack	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
31.0.AgentPackageSTRemote.exe.1f0188b0000.0.unpack	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
34.2.AgentPackageMonitoring.exe.1dcd8c70000.1.unpack	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
59.2.AgentPackageHeartbeat.exe.291876b0000.1.unpack	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
50.2.AgentPackageProgramManagement.exe.284ead20000.5.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
Click to see the 10 entries

Sigma Signatures

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Source: Process started

Author: Michael Haag: Data: Command: cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus, CommandLine: cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus, CommandLine|base64offset|contains: r+, Image: C:\Windows\System32\cscript.exe, NewProcessName: C:\Windows\System32\cscript.exe, OriginalFileName: C:\Windows\System32\cscript.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 3656, ParentProcessName: cmd.exe, ProcessCommandLine: cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus, ProcessId: 6408, ProcessName: cscript.exe

Sigma detected: Net.exe Execution

Source: Process started

Author: Michael Haag, Mark Woan (improvements), James Pemberton / @4A616D6573 / oscd.community (improvements): Data: Command: "NET" STOP AteraAgent, CommandLine: "NET" STOP AteraAgent, CommandLine|base64offset|contains: I3, Image: C:\Windows\SysWOW64\net.exe, NewProcessName: C:\Windows\SysWOW64\net.exe, OriginalFileName: C:\Windows\SysWOW64\net.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding D6F3D03429785CC702A8D4B77C4A048E E Global\MSI0000, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 6552, ParentProcessName: msiexec.exe, ProcessCommandLine: "NET" STOP AteraAgent, ProcessId: 6524, ProcessName: net.exe

Sigma detected: Stop Windows Service Via Net.EXE

Source: Process started

Author: Jakob Weinzettl, oscd.community, Nasreddine Bencherchali (Nextron Systems): Data: Command: "NET" STOP AteraAgent, CommandLine: "NET" STOP AteraAgent, CommandLine|base64offset|contains: I3, Image: C:\Windows\SysWOW64\net.exe, NewProcessName: C:\Windows\SysWOW64\net.exe, OriginalFileName: C:\Windows\SysWOW64\net.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding D6F3D03429785CC702A8D4B77C4A048E E Global\MSI0000, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 6552, ParentProcessName: msiexec.exe, ProcessCommandLine: "NET" STOP AteraAgent, ProcessId: 6524, ProcessName: net.exe

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Windows\System32\svchost.exe -k smphost, CommandLine: C:\Windows\System32\svchost.exe -k smphost, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k smphost, ProcessId: 528, ProcessName: svchost.exe

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for dropped file

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

ReversingLabs: Detection: 26%

Multi AV Scanner detection for submitted file

Source: setup_north_west_arctic_borrough.msi

ReversingLabs: Detection: 21%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 96.1% probability

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF14BC0 CryptAcquireContextW,GetLastError,CryptReleaseContext,CryptReleaseContext,CryptReleaseContext,	34_2_00007FF89FF14BC0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF14DE0 CryptReleaseContext,	34_2_00007FF89FF14DE0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF14E20 CryptCreateHash,GetLastError,CryptHashData,GetLastError,CryptDeriveKey,GetLastError,CryptEncrypt,GetLastError,CryptDecrypt,GetLastError,CryptDestroyKey,CryptDestroyHash,	34_2_00007FF89FF14E20

Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\ATERA Networks	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\ATERA Networks\AteraAgent	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe.config	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\ATERA Networks\AteraAgent\Newtonsoft.Json.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\ATERA Networks\AteraAgent\Pubnub.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\ATERA Networks\AteraAgent\System.ValueTuple.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.WebHeaderCollection.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-fibers-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Buffers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Linq.Expressions.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-time-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Collections.Specialized.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Windows.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Resources.Reader.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Reflection.Extensions.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Threading.Overlapped.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\coreclr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.Cryptography.Primitives.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Reflection.Metadata.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-private-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-math-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Memory.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.Handles.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Xml.XDocument.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\msquic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.HttpListener.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\Microsoft.NETCore.App.deps.json	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.Compression.ZipFile.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\ucrtbase.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.Compression.Native.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.WebSockets.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Web.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.Compression.FileSystem.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.WebProxy.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-debug-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Xml.Linq.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-string-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.Cryptography.OpenSsl.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.Compression.Brotli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.WebSockets.Client.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.ValueTuple.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\Microsoft.DiaSymReader.Native.amd64.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Threading.Timer.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Transactions.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Linq.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.Cryptography.Algorithms.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Threading.Tasks.Extensions.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.MemoryMappedFiles.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Reflection.DispatchProxy.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.ComponentModel.TypeConverter.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\createdump.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-heap-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Diagnostics.StackTrace.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.Serialization.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.ComponentModel.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.ServicePoint.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.IsolatedStorage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-util-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.NetworkInformation.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Collections.Immutable.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.Compression.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Private.Uri.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Configuration.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Linq.Queryable.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Drawing.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-conio-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.WebClient.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Data.DataSetExtensions.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\Microsoft.VisualBasic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.Extensions.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.Serialization.Primitives.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Linq.Parallel.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-processthreads-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.Requests.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Diagnostics.Tools.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.AppContext.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.Sockets.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Collections.NonGeneric.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Web.HttpUtility.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-interlocked-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Text.Json.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Threading.Tasks.Parallel.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-profile-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Diagnostics.Debug.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-convert-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\mscorlib.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Xml.XPath.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Data.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Collections.Concurrent.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\Microsoft.Win32.Primitives.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.Principal.Windows.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Diagnostics.TextWriterTraceListener.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-handle-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\netstandard.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.FileSystem.Watcher.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Xml.XPath.XDocument.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.FileSystem.Primitives.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-synch-l1-2-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-utility-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.NameResolution.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Globalization.Extensions.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Text.Encodings.Web.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Threading.Tasks.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.Http.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-file-l1-2-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Drawing.Primitives.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.Serialization.Xml.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.AccessControl.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Collections.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.ComponentModel.DataAnnotations.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Text.Encoding.Extensions.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.Principal.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-heap-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.ComponentModel.EventBasedAsync.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Text.RegularExpressions.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Numerics.Vectors.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Dynamic.Runtime.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Reflection.Primitives.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\Microsoft.Win32.Registry.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.Claims.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Threading.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Private.Xml.Linq.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\hostpolicy.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Resources.Writer.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.Cryptography.Csp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Diagnostics.TraceSource.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.InteropServices.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Reflection.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-processthreads-l1-1-1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Private.DataContractSerialization.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.Mail.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\mscordbi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.Http.Json.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Reflection.TypeExtensions.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.FileSystem.AccessControl.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.Cryptography.X509Certificates.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-localization-l1-2-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Xml.XmlSerializer.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Threading.Thread.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.FileSystem.DriveInfo.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\mscordaccore_amd64_amd64_6.0.3224.31407.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Diagnostics.Process.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Xml.ReaderWriter.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.Loader.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-environment-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Data.Common.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.Intrinsics.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.ObjectModel.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Resources.ResourceManager.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Numerics.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.Pipes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Xml.XmlDocument.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Reflection.Emit.ILGeneration.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Xml.Serialization.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.CompilerServices.VisualC.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.UnmanagedMemoryStream.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Formats.Asn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Threading.Channels.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-timezone-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.Quic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-runtime-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Threading.Tasks.Dataflow.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.Security.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.Serialization.Json.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Transactions.Local.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Console.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\Microsoft.VisualBasic.Core.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.Serialization.Formatters.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Diagnostics.Tracing.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\dbgshim.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-locale-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\WindowsBase.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\clrjit.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-datetime-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.Cryptography.Cng.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Globalization.Calendars.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Core.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Xml.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\mscordaccore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-file-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-console-l1-2-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\Microsoft.NETCore.App.runtimeconfig.json	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-string-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\clretwrc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.CompilerServices.Unsafe.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.ServiceModel.Web.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.SecureString.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\Microsoft.CSharp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.Numerics.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-memory-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.Cryptography.Encoding.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Diagnostics.FileVersionInfo.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Diagnostics.Contracts.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Text.Encoding.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-file-l2-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\mscorrc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Private.Xml.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.InteropServices.RuntimeInformation.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.Primitives.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.Ping.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-synch-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.ServiceProcess.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.ComponentModel.Primitives.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.FileSystem.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.Pipes.AccessControl.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.ComponentModel.Annotations.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Diagnostics.DiagnosticSource.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-stdio-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Threading.ThreadPool.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Private.CoreLib.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Globalization.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Reflection.Emit.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Text.Encoding.CodePages.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\.version	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-console-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Reflection.Emit.Lightweight.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-process-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\host	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\host\fxr	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\host\fxr\6.0.32	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\host\fxr\6.0.32\hostfxr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\dotnet.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\LICENSE.txt	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\ThirdPartyNotices.txt	Jump to behavior

Source: C:\Windows\System32\msiexec.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6B2921FF-79C1-4EBF-81B4-C606D4E5BEF4}

Jump to behavior

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\InstallUtil.InstallLog
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\AteraAgent.InstallLog
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\TEMP\AteraSetupLog.txt

Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\LICENSE.txt	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\LICENSE.txt
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\tools\7zip.license.txt
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\tools\checksum.license.txt
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\tools\shimgen.license.txt

Source:	Binary string: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 0000002C.00000002.2870195156.000000C778D83000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: AgentPackageUpgradeAgent.exe, 0000002C.00000002.2945196478.00000252349D7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.FileSystem.Primitives\net6.0-Release\System.IO.FileSystem.Primitives.pdb source: System.IO.FileSystem.Primitives.dll.1.dr
Source:	Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdb source: AgentPackageAgentInformation.exe, 00000013.00000002.2239875932.000001F39A1D2000.00000002.00000001.01000000.00000018.sdmp, AgentPackageProgramManagement.exe, 00000032.00000002.2769151325.00000284E97D6000.00000002.00000001.01000000.0000003A.sdmp, AgentPackageHeartbeat.exe, 0000003B.00000002.2743014013.00000291876B2000.00000002.00000001.01000000.00000032.sdmp
Source:	Binary string: D:\a\1\s\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent\obj\Release\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 0000002C.00000002.2945196478.0000025234982000.00000004.00000020.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000002C.00000000.2592799756.000002521B762000.00000002.00000001.01000000.00000027.sdmp
Source:	Binary string: C:\projects\nlog\src\NLog\obj\Release\net45\NLog.pdb source: AgentPackageMonitoring.exe, 00000022.00000002.2362483331.000001DCF1BF2000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: C:\projects\structuremap\src\StructureMap\obj\Release\net45\StructureMap.pdb source: AgentPackageMonitoring.exe, 00000022.00000002.2356080768.000001DCD8E42000.00000002.00000001.01000000.0000001E.sdmp
Source:	Binary string: D:\a\1\s\Atera.AgentCommunication.Models\obj\Release\net45\Atera.AgentCommunication.Models.pdbSHA256G source: AgentPackageInternalPoller.exe, 00000037.00000002.2746141235.0000027F6F3F2000.00000002.00000001.01000000.00000035.sdmp
Source:	Binary string: \??\C:\Windows\exe\AgentPackageUpgradeAgent.pdb5i source: AgentPackageUpgradeAgent.exe, 0000002C.00000002.2945196478.00000252349D7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netstandard1.1\System.Memory.pdb source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FADD70000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\LiorKovarsky\Downloads\sharpsnmplib-11.3.0\sharpsnmplib-11.3.0\SharpSnmpLib\obj\Release\net45\win\SharpSnmpLib.pdbSHA256 source: AgentPackageInternalPoller.exe, 00000037.00000002.2746621117.0000027F6F492000.00000002.00000001.01000000.00000037.sdmp
Source:	Binary string: D:\A\_work\39\s\bin\obj\Windows_NT.AnyCPU.Release\System.Runtime.InteropServices.RuntimeInformation\net45\System.Runtime.InteropServices.RuntimeInformation.pdb source: System.Runtime.InteropServices.RuntimeInformation.dll0.23.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Data.Common\net6.0-Release\System.Data.Common.pdb source: System.Data.Common.dll.1.dr
Source:	Binary string: \??\C:\Windows\exe\AgentPackageUpgradeAgent.pdbces source: AgentPackageUpgradeAgent.exe, 0000002C.00000002.2945196478.00000252349D7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-processenvironment-l1-1-0.pdbGCTL source: api-ms-win-core-processenvironment-l1-1-0.dll.1.dr
Source:	Binary string: System.Private.DataContractSerialization.ni.pdb source: System.Private.DataContractSerialization.dll.1.dr
Source:	Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdb source: AteraAgent.exe, 0000000E.00000002.2570995304.000001A9207B2000.00000002.00000001.01000000.00000026.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.FileSystem.DriveInfo\4.0.2.0\System.IO.FileSystem.DriveInfo.pdb source: System.IO.FileSystem.DriveInfo.dll.23.dr
Source:	Binary string: D:\a\1\s\AgentPackageProgramManagement\AgentPackageProgramManagement\obj\Release\AgentPackageProgramManagement.pdb source: AgentPackageProgramManagement.exe, 00000032.00000000.2625090760.00000284E9352000.00000002.00000001.01000000.00000029.sdmp
Source:	Binary string: D:\a\1\s\AgentPackageProgramManagement\ThirdPartyPackageManager\obj\Release\ThirdPartyPackageManager.pdb source: AgentPackageProgramManagement.exe, 00000032.00000002.2768567340.00000284E9792000.00000002.00000001.01000000.00000039.sdmp
Source:	Binary string: C:\projects\polly\src\Polly\obj\Release\netstandard1.1\Polly.pdb source: AgentPackageMonitoring.exe, 00000022.00000002.2356796575.000001DCD92A2000.00000002.00000001.01000000.00000020.sdmp
Source:	Binary string: D:\a\1\s\AgentPackageAgentInformation\AgentPackageAgentInformation\obj\Release\AgentPackageAgentInformation.pdb source: AteraAgent.exe, 0000000E.00000002.2567768051.000001A9204AF000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000000.2222107135.000001F3998A2000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: D:\a\1\s\AlphaControlAgentInstallation\obj\Release\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000004.00000003.2030969120.0000000004D16000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E4C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004403000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.0000000004859000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000036.00000003.2656762957.000000000404B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: symbols\exe\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 0000002C.00000002.2870195156.000000C778D83000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Primitives\net6.0-Release\System.Reflection.Primitives.pdb8+N+ @+_CorDllMainmscoree.dll source: System.Reflection.Primitives.dll.1.dr
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: AgentPackageUpgradeAgent.exe, 0000002C.00000002.2897146553.000002521C012000.00000002.00000001.01000000.00000040.sdmp
Source:	Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: api-ms-win-core-processenvironment-l1-1-0.dll.1.dr
Source:	Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: setup_north_west_arctic_borrough.msi
Source:	Binary string: D:\a\1\s\AgentPackageHeartbeat\AgentPackageHeartbeat\obj\Release\AgentPackageHeartbeat.pdb source: AgentPackageHeartbeat.exe, 0000003B.00000000.2677633669.0000029187152000.00000002.00000001.01000000.00000031.sdmp
Source:	Binary string: c:\borrar\EmptyDll\Release\EmptyDll.pdb source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp
Source:	Binary string: C:\buildAgent\work\1b72bc6dac87fa71\code_drop\merge\chocolatey.pdb source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.1.dr
Source:	Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: rundll32.exe, 00000004.00000003.2030969120.0000000004D16000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E4C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004403000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.0000000004859000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000036.00000003.2656762957.000000000404B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\projects\structuremap\src\StructureMap\obj\Release\net45\StructureMap.pdbSHA256`{f source: AgentPackageMonitoring.exe, 00000022.00000002.2356080768.000001DCD8E42000.00000002.00000001.01000000.0000001E.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit\net6.0-Release\System.Reflection.Emit.pdb source: System.Reflection.Emit.dll.1.dr
Source:	Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdbPf source: AgentPackageAgentInformation.exe, 00000013.00000002.2239875932.000001F39A1D2000.00000002.00000001.01000000.00000018.sdmp, AgentPackageProgramManagement.exe, 00000032.00000002.2769151325.00000284E97D6000.00000002.00000001.01000000.0000003A.sdmp
Source:	Binary string: /_/artifacts/obj/System.Private.DataContractSerialization/net6.0-Release/System.Private.DataContractSerialization.pdb source: System.Private.DataContractSerialization.dll.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XDocument\net6.0-Release\System.Xml.XDocument.pdb source: System.Xml.XDocument.dll.1.dr
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdbGCTL source: api-ms-win-core-localization-l1-2-0.dll.1.dr
Source:	Binary string: PC:\Windows\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 0000002C.00000002.2870195156.000000C778D83000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.XPath\4.0.3.0\System.Xml.XPath.pdb source: System.Xml.XPath.dll.23.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdbcccGCTL source: AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdb source: AgentPackageUpgradeAgent.exe, 0000002C.00000002.2945196478.0000025234982000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.Runtime.Serialization.Primitives/netfx\System.Runtime.Serialization.Primitives.pdb source: System.Runtime.Serialization.Primitives.dll.23.dr
Source:	Binary string: System.Security.Cryptography.Cng.ni.pdb source: System.Security.Cryptography.Cng.dll.1.dr
Source:	Binary string: C:\dev\sqlite\dotnet-private\bin\2012\x64\ReleaseNativeOnlyStatic\SQLite.Interop.pdb source: AgentPackageMonitoring.exe, 00000022.00000002.2376105980.00007FF8A005A000.00000002.00000001.01000000.0000001C.sdmp, AgentPackageMonitoring.exe, 00000039.00000002.3029941288.00007FF8A13BC000.00000002.00000001.01000000.0000001C.sdmp, SQLite.Interop.dll.14.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.CSharp\net6.0-windows-Release\Microsoft.CSharp.pdb source: Microsoft.CSharp.dll.1.dr
Source:	Binary string: c:\dev\sqlite\dotnet-private\obj\2012\System.Data.SQLite.2012\Release\System.Data.SQLite.pdb source: AgentPackageMonitoring.exe, 00000022.00000002.2362128465.000001DCF1B82000.00000002.00000001.01000000.00000022.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.ComponentModel.TypeConverter\4.1.2.0\System.ComponentModel.TypeConverter.pdb source: System.ComponentModel.TypeConverter.dll.23.dr
Source:	Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netstandard1.1\System.Memory.pdbSHA256 source: System.Memory.dll.23.dr
Source:	Binary string: System.Threading.Tasks.Dataflow.ni.pdb source: System.Threading.Tasks.Dataflow.dll.1.dr
Source:	Binary string: C:\projects\polly\src\Polly\obj\Release\netstandard1.1\Polly.pdbSHA256 source: AgentPackageMonitoring.exe, 00000022.00000002.2356796575.000001DCD92A2000.00000002.00000001.01000000.00000020.sdmp
Source:	Binary string: Microsoft.CSharp.ni.pdb source: Microsoft.CSharp.dll.1.dr
Source:	Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb<$ source: AteraAgent.exe, 0000000D.00000000.2096756526.000001E27F4A2000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: c:\dev\sqlite\dotnet-private\obj\2012\System.Data.SQLite.2012\Release\System.Data.SQLite.pdbp+ source: AgentPackageMonitoring.exe, 00000022.00000002.2362128465.000001DCF1B82000.00000002.00000001.01000000.00000022.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Security.Cryptography.Cng\net6.0-windows-Release\System.Security.Cryptography.Cng.pdb source: System.Security.Cryptography.Cng.dll.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.IsolatedStorage\net6.0-windows-Release\System.IO.IsolatedStorage.pdb source: System.IO.IsolatedStorage.dll.1.dr
Source:	Binary string: E:\A\_work\1795\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Xml.XPath.XDocument/netfx\System.Xml.XPath.XDocument.pdb source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD8C8000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: rundll32.exe, 00000004.00000003.2030969120.0000000004D16000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E4C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004403000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.0000000004859000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000036.00000003.2656762957.000000000404B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb source: AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb source: AteraAgent.exe, 0000000D.00000000.2096756526.000001E27F4A2000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdbSHA256 source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD8C8000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\AgentPackageSystemTools\RunScriptAsUser\obj\Release\RunScriptAsUser.pdb source: RunScriptAsUser.exe.23.dr
Source:	Binary string: E:\A\_work\533\obj\Microsoft.ApplicationInsights\Release\src\Microsoft.ApplicationInsights\net45\Microsoft.ApplicationInsights.pdb source: Microsoft.ApplicationInsights.dll.14.dr
Source:	Binary string: D:\a\1\s\AgentPackageInternalPoller\AgentPackageInternalPoller\obj\Release\AgentPackageInternalPoller.pdb source: AgentPackageInternalPoller.exe, 00000037.00000000.2663182188.0000027F6E2F2000.00000002.00000001.01000000.00000030.sdmp
Source:	Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdbSHA256mW source: AteraAgent.exe, 0000000E.00000002.2570995304.000001A9207B2000.00000002.00000001.01000000.00000026.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Tasks.Dataflow\net6.0-Release\System.Threading.Tasks.Dataflow.pdb source: System.Threading.Tasks.Dataflow.dll.1.dr
Source:	Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA2567 source: rundll32.exe, 00000004.00000003.2030969120.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E7D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004434000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.000000000488A000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000002.2363122875.000001DCF1CD2000.00000002.00000001.01000000.00000024.sdmp, rundll32.exe, 00000036.00000003.2656762957.000000000407C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\code\dapper-dot-net\Dapper\bin\Release\net45\Dapper.pdb source: AgentPackageMonitoring.exe, 00000022.00000002.2361719442.000001DCF1B42000.00000002.00000001.01000000.00000021.sdmp
Source:	Binary string: C:\projects\nlog\src\NLog\obj\Release\net45\NLog.pdbSHA256d source: AgentPackageMonitoring.exe, 00000022.00000002.2362483331.000001DCF1BF2000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: System.IO.IsolatedStorage.ni.pdb source: System.IO.IsolatedStorage.dll.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XDocument\net6.0-Release\System.Xml.XDocument.pdbt+ source: System.Xml.XDocument.dll.1.dr
Source:	Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907E5A000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.2239984972.000001F39A262000.00000002.00000001.01000000.00000019.sdmp, AgentPackageUpgradeAgent.exe, 0000002E.00000002.2640268381.0000020451950000.00000002.00000001.01000000.0000002B.sdmp
Source:	Binary string: ]c:\borrar\EmptyDll\Release\EmptyDll.pdb source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp
Source:	Binary string: D:\a\_work\1\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netstandard1.1\System.Memory.pdbSHA256~ source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FADD70000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Primitives\net6.0-Release\System.Reflection.Primitives.pdb source: System.Reflection.Primitives.dll.1.dr
Source:	Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: rundll32.exe, 00000004.00000003.2030969120.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E7D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004434000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907E5A000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.000000000488A000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.2239984972.000001F39A262000.00000002.00000001.01000000.00000019.sdmp, AgentPackageMonitoring.exe, 00000022.00000002.2363122875.000001DCF1CD2000.00000002.00000001.01000000.00000024.sdmp, AgentPackageUpgradeAgent.exe, 0000002E.00000002.2640268381.0000020451950000.00000002.00000001.01000000.0000002B.sdmp, rundll32.exe, 00000036.00000003.2656762957.000000000407C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdb source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD8C8000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: AgentPackageUpgradeAgent.exe, 0000002C.00000002.2897146553.000002521C012000.00000002.00000001.01000000.00000040.sdmp
Source:	Binary string: D:\a\1\s\AgentPackageOsUpdates\AgentPackageOsUpdates\obj\Release\AgentPackageOsUpdates.pdb source: AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\AgentPackageMonitoring\AgentPackageMonitoring\obj\Release\AgentPackageMonitoring.pdbr source: AteraAgent.exe, 0000000E.00000002.2572723144.000001A9208E2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000000.2316796496.000001DCD87E2000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: D:\a\1\s\AgentPackageMonitoring\AgentPackageMonitoring\obj\Release\AgentPackageMonitoring.pdb source: AteraAgent.exe, 0000000E.00000002.2572723144.000001A9208E2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000000.2316796496.000001DCD87E2000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: C:\Users\LiorKovarsky\Downloads\sharpsnmplib-11.3.0\sharpsnmplib-11.3.0\SharpSnmpLib\obj\Release\net45\win\SharpSnmpLib.pdb source: AgentPackageInternalPoller.exe, 00000037.00000002.2746621117.0000027F6F492000.00000002.00000001.01000000.00000037.sdmp
Source:	Binary string: AgentPackageUpgradeAgent.PDB source: AgentPackageUpgradeAgent.exe, 0000002C.00000002.2870195156.000000C778D83000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdb4X source: AgentPackageHeartbeat.exe, 0000003B.00000002.2743014013.00000291876B2000.00000002.00000001.01000000.00000032.sdmp
Source:	Binary string: D:\a\1\s\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent\obj\Release\AgentPackageUpgradeAgent.pdbdeAgent.pdbR source: AgentPackageUpgradeAgent.exe, 0000002C.00000002.2870195156.000000C778D83000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: pC:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.PDB source: AgentPackageUpgradeAgent.exe, 0000002C.00000002.2870195156.000000C778D83000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\533\obj\Microsoft.ApplicationInsights\Release\src\Microsoft.ApplicationInsights\net45\Microsoft.ApplicationInsights.pdbCW source: Microsoft.ApplicationInsights.dll.14.dr
Source:	Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdbSHA256 source: AteraAgent.exe, 0000000D.00000002.2134028692.000001E27F852000.00000002.00000001.01000000.00000011.sdmp, Pubnub.dll0.1.dr
Source:	Binary string: C:\Windows\AgentPackageUpgradeAgent.pdbpdbent.pdb source: AgentPackageUpgradeAgent.exe, 0000002C.00000002.2945196478.00000252349D7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.PDB source: AgentPackageUpgradeAgent.exe, 0000002C.00000002.2870195156.000000C778D83000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdb source: AteraAgent.exe, 0000000D.00000002.2134028692.000001E27F852000.00000002.00000001.01000000.00000011.sdmp, Pubnub.dll0.1.dr
Source:	Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netstandard1.1\System.Memory.pdb source: System.Memory.dll.23.dr
Source:	Binary string: C:\agent\_work\66\s\build\ship\x86\SfxCA.pdb source: setup_north_west_arctic_borrough.msi
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Tasks.Dataflow\net6.0-Release\System.Threading.Tasks.Dataflow.pdbRSDS source: System.Threading.Tasks.Dataflow.dll.1.dr
Source:	Binary string: System.Data.Common.ni.pdb source: System.Data.Common.dll.1.dr
Source:	Binary string: t.pdbO source: AteraAgent.exe, 00000017.00000002.2921074159.0000024FC5F55000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\Atera.AgentCommunication.Models\obj\Release\net45\Atera.AgentCommunication.Models.pdb source: AgentPackageInternalPoller.exe, 00000037.00000002.2746141235.0000027F6F3F2000.00000002.00000001.01000000.00000035.sdmp
Source:	Binary string: D:\a\1\s\AgentPackageTicketing\AgentPackageTicketing\obj\Release\AgentPackageTicketing.pdb source: AgentPackageTicketing.exe, 0000002F.00000000.2620572865.0000027477D62000.00000002.00000001.01000000.00000028.sdmp

Source: C:\Windows\System32\msiexec.exe	File opened: z:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: x:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: v:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: t:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: r:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: p:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: n:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: l:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: j:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: h:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: f:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: b:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: y:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: w:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: u:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: s:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: q:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: o:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: m:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: k:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: i:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: g:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: e:	Jump to behavior
Source: C:\Windows\System32\cscript.exe	File opened: c:
Source: C:\Windows\System32\msiexec.exe	File opened: a:	Jump to behavior

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	File opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-CheckSumValid.ps1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	File opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Format-FileSize.ps1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	File opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-EnvironmentVariableNames.ps1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	File opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-EnvironmentVariable.ps1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	File opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-ChocolateyUnzip.ps1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	File opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-ChocolateyWebFile.ps1

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FF848AA1FFFh	13_2_00007FF848AA1EB6
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FF848AA1FFFh	13_2_00007FF848AA1EA1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FF848AA1FFFh	13_2_00007FF848AA1E7E
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FF848AA1873h	13_2_00007FF848AA184E
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FF848AA1A44h	13_2_00007FF848AA184E
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FF848AA1873h	13_2_00007FF848AA0C1D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FF848AA1A44h	13_2_00007FF848AA0C1D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FF848AA1FFFh	13_2_00007FF848AA0C1D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FF848AA227Bh	13_2_00007FF848AA0C1D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FF848AA7B72h	14_2_00007FF848AA7921
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FF848A94ECBh	14_2_00007FF848A94C41
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FF848AA7B72h	14_2_00007FF848AA7895
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FF848A94ECBh	14_2_00007FF848A94DC8
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FF848A91FFFh	14_2_00007FF848A91EB6
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FF848A91873h	14_2_00007FF848A90C58
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FF848A91A44h	14_2_00007FF848A90C58
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FF848A91FFFh	14_2_00007FF848A90C58
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FF848A9227Bh	14_2_00007FF848A90C58
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FF848A84ECBh	23_2_00007FF848A84E6B
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FF848A8227Bh	23_2_00007FF848A82258
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FF848CA2C70h	23_2_00007FF848CA2A8B
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FF848CA45E9h	23_2_00007FF848CA4547

Networking

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\SysWOW64\rundll32.exe

Network Connect: 40.119.152.241 443

Yara detected Generic Downloader

Source: Yara match	File source: 19.0.AgentPackageAgentInformation.exe.1f3998a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 50.2.AgentPackageProgramManagement.exe.284ead20000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.Utils.dll, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.dll, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\netstandard.dll, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.Utils.dll, type: DROPPED
Source: Yara match	File source: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.dll, type: DROPPED
Source: Yara match	File source: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.dll, type: DROPPED
Source: Yara match	File source: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\netstandard.dll, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\chocolatey.dll, type: DROPPED

Source: Joe Sandbox View	IP Address: 40.119.152.241 40.119.152.241
Source: Joe Sandbox View	IP Address: 93.184.221.240 93.184.221.240
Source: Joe Sandbox View	IP Address: 35.157.63.227 35.157.63.227

Source: Joe Sandbox View

ASN Name: MICROSOFT-CORP-MSN-AS-BLOCKUS MICROSOFT-CORP-MSN-AS-BLOCKUS

Source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FADA07000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADDA7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENT.PACKAGE.WATCHDOG/1.5/AGENT.PACKAGE.WATCHDOG.ZIP
Source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FADA07000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEADREMOTE/6.0/AGENTPACKAGEADREMOTE.ZIP
Source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD8C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEHEARTBEAT/17.14/AGENTPACKAGEHEARTBEAT.ZIP
Source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD82F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEINTERNALPOLLER/23.8/AGENTPACKAGEINTERNALPOLLER.Z
Source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD9BF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEMARKETPLACE/1.6/AGENTPACKAGEMARKETPLACE.ZIP
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907DBD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907A59000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD8C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEMONITORING/36.9/AGENTPACKAGEMONITORING.ZIP
Source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD82F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEOSUPDATES/19.9/AGENTPACKAGEOSUPDATES.ZIP
Source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD82F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEPROGRAMMANAGEMENT/24.9/AGENTPACKAGEPROGRAMMANAGE
Source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FADA07000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGERUNTIMEINSTALLER/1.6/AGENTPACKAGERUNTIMEINSTALLE
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907C1F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGESTREMOTE/23.4/AGENTPACKAGESTREMOTE.ZIP
Source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD8C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGESYSTEMTOOLS/26.8/AGENTPACKAGESYSTEMTOOLS.ZIP
Source: AgentPackageSTRemote.exe, 0000001F.00000002.2821624873.000001F019469000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://a6dc35606b2c6816e.awsglobalaccelerator.com
Source: AteraAgent.exe, 0000000D.00000000.2096756526.000001E27F4A2000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A9077C1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD6A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://acontrol.atera.com/
Source: AteraAgent.exe, 0000000E.00000002.2569096756.000001A9205CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?
Source: AteraAgent.exe, 0000000E.00000002.2569096756.000001A9205CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv2.crl0
Source: rundll32.exe, 00000005.00000002.2076672562.0000000005105000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907AFB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907D7F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907CA9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B01000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.2185549667.0000000004D05000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.2240195040.000001F39A48F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADB9E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADB70000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2412488511.0000019080209000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2412488511.0000019080252000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2412488511.0000019080173000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000002.2357595267.000001DCD99C3000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000027.00000002.2701402484.000001CD4EF63000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000032.00000002.2698224529.00000284805E1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageInternalPoller.exe, 00000037.00000002.2696231813.0000027F00127000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000039.00000002.2852389985.000001AD804BC000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000039.00000002.2852389985.000001AD8039D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://agent-api.atera.com
Source: rundll32.exe, 00000005.00000002.2076672562.0000000005105000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907AFB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907D7F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907CA9000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.2185549667.0000000004D05000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.2240195040.000001F39A48F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADB9E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADB70000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2412488511.0000019080209000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2412488511.0000019080252000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2412488511.0000019080173000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000002.2357595267.000001DCD99C3000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000027.00000002.2701402484.000001CD4EF63000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000032.00000002.2698224529.00000284805E1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageInternalPoller.exe, 00000037.00000002.2696231813.0000027F00127000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000039.00000002.2852389985.000001AD804BC000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000039.00000002.2852389985.000001AD8039D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://atera-agent-api-eu.westeurope.cloudapp.azure.com
Source: AgentPackageHeartbeat.exe, 0000003B.00000002.2745116449.0000029187D2D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://atera-agent-heartbeat.servicebus.windows.net
Source: AgentPackageUpgradeAgent.exe, 0000002C.00000002.2901298634.000002521C1E9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://blob.ams08prdstr06a.store.core.windows.net
Source: rundll32.exe, 00000004.00000003.2030969120.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E7D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004434000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.000000000488A000.00000004.00000020.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp, rundll32.exe, 00000036.00000003.2656762957.000000000407C000.00000004.00000020.00020000.00000000.sdmp, setup_north_west_arctic_borrough.msi	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: rundll32.exe, 00000004.00000003.2030969120.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E7D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004434000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2572723144.000001A9208E2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2567768051.000001A9204AF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907A9A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2566330920.000001A920040000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907E5A000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.000000000488A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADE52000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAE088000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADD70000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD8C8000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2921074159.0000024FC5E9D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADA07000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC636D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADF79000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADB70000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000036.00000003.2656762957.000000000407C000.00000004.00000020.00020000.00000000.sdmp, setup_north_west_arctic_borrough.msi	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: rundll32.exe, 00000004.00000003.2030969120.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E7D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004434000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.000000000488A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000036.00000003.2656762957.000000000407C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertCSRSA4096RootG5.crt0E
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: rundll32.exe, 00000004.00000003.2030969120.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E7D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004434000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.000000000488A000.00000004.00000020.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp, rundll32.exe, 00000036.00000003.2656762957.000000000407C000.00000004.00000020.00020000.00000000.sdmp, setup_north_west_arctic_borrough.msi	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907BFA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907AF2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907E8F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADEBB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADB9E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADD3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt
Source: AteraAgent.exe, 0000000D.00000002.2132168207.000001E21A1E0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2131297055.000001E2019D9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2133194920.000001E21A500000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907EDB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907AA9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2569096756.000001A9204E5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2572723144.000001A9208E2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2567768051.000001A920455000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2567768051.000001A9204AF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907A9A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2569096756.000001A9205B6000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2569096756.000001A9204F5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2567768051.000001A920400000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907E5A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC63D3000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2921074159.0000024FC5EBA000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADE52000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAE03E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAE088000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADD70000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: rundll32.exe, 00000004.00000003.2030969120.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E7D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004434000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2132168207.000001E21A1E0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2572723144.000001A9208E2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2567768051.000001A920455000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2567768051.000001A9204AF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907A9A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2569096756.000001A9205B6000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2566330920.000001A920040000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907E5A000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.000000000488A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADE52000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAE088000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADD70000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD8C8000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADA07000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADF79000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADB70000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000001F.00000002.2821624873.000001F019508000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: AteraAgent.exe, 0000000E.00000002.2567768051.000001A92046E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
Source: rundll32.exe, 00000004.00000003.2030969120.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E7D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004434000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2567768051.000001A92047E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2566330920.000001A92008A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2567768051.000001A92043A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2572723144.000001A9208E2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2567768051.000001A9204AF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907A9A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2569096756.000001A9204F5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907E5A000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.000000000488A000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.2240859908.000001F3B2AD6000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2921074159.0000024FC5EBA000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADE52000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAE088000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADD70000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD8C8000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2921074159.0000024FC5E9D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADA07000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: AteraAgent.exe, 0000000E.00000002.2569096756.000001A9204E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crtN
Source: rundll32.exe, 00000004.00000003.2030969120.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E7D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004434000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.000000000488A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000036.00000003.2656762957.000000000407C000.00000004.00000020.00020000.00000000.sdmp, setup_north_west_arctic_borrough.msi	String found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
Source: rundll32.exe, 00000004.00000003.2030969120.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E7D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004434000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.000000000488A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000036.00000003.2656762957.000000000407C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA2.crt0
Source: AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6354000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digk
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: http://cdn.rubyinstaller.org/archives/devkits/DevKit-mingw64-32-4.7.2-20130224-1151-sfx.exe
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: http://cdn.rubyinstaller.org/archives/devkits/DevKit-mingw64-64-4.7.2-20130224-1432-sfx.exe
Source: AteraAgent.exe, 0000000E.00000002.2570545490.000001A9205F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ssc.lt/root-a/cacrl.crl0
Source: AteraAgent.exe, 00000017.00000002.2921074159.0000024FC5E70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicei
Source: AteraAgent.exe, 0000000D.00000002.2132168207.000001E21A2AB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/3
Source: rundll32.exe, 00000004.00000003.2030969120.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E7D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004434000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2572723144.000001A9208E2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2567768051.000001A9204AF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907A9A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2566330920.000001A920040000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907E5A000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.000000000488A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADE52000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAE088000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADD70000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD8C8000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2921074159.0000024FC5E9D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADA07000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC636D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADF79000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADB70000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000036.00000003.2656762957.000000000407C000.00000004.00000020.00020000.00000000.sdmp, setup_north_west_arctic_borrough.msi	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: rundll32.exe, 00000004.00000003.2030969120.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E7D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004434000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.000000000488A000.00000004.00000020.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp, rundll32.exe, 00000036.00000003.2656762957.000000000407C000.00000004.00000020.00020000.00000000.sdmp, setup_north_west_arctic_borrough.msi	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: rundll32.exe, 00000004.00000003.2030969120.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E7D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004434000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.000000000488A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000036.00000003.2656762957.000000000407C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertCSRSA4096RootG5.crl0
Source: rundll32.exe, 00000004.00000003.2030969120.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E7D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004434000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.000000000488A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000036.00000003.2656762957.000000000407C000.00000004.00000020.00020000.00000000.sdmp, setup_north_west_arctic_borrough.msi	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: AteraAgent.exe, 0000000D.00000002.2132168207.000001E21A2C0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2132168207.000001E21A1E0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2132168207.000001E21A296000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2133194920.000001E21A500000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
Source: AteraAgent.exe, 0000000D.00000002.2132168207.000001E21A1E0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2131297055.000001E2019D9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2133194920.000001E21A500000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907EDB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907AA9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2569096756.000001A9204E5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907BFA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907AF2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2572723144.000001A9208E2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2567768051.000001A920455000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907E8F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2567768051.000001A9204AF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907A9A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2569096756.000001A9205B6000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2569096756.000001A9204F5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2567768051.000001A920400000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907E5A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC63D3000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2921074159.0000024FC5EBA000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADE52000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: AteraAgent.exe, 0000000D.00000002.2132168207.000001E21A264000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlX
Source: AteraAgent.exe, 0000000E.00000002.2566330920.000001A92008A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlhttp://crl4.digicert.co
Source: rundll32.exe, 00000004.00000003.2030969120.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E7D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004434000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2132168207.000001E21A1E0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2572723144.000001A9208E2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2567768051.000001A920455000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2567768051.000001A9204AF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907A9A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2569096756.000001A9205B6000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2566330920.000001A920040000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907E5A000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.000000000488A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADE52000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAE088000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADD70000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD8C8000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6354000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADA07000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADF79000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADB70000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: AteraAgent.exe, 0000000D.00000002.2132168207.000001E21A1E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl
Source: AgentPackageSTRemote.exe, 0000001F.00000002.2821624873.000001F019487000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000001F.00000002.2886888877.000001F031AB7000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000002.2364494832.000001DCF2BF0000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000027.00000002.2762276165.000001CD675B6000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000027.00000002.2765628198.000001CD675F0000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000027.00000002.2762276165.000001CD675AD000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 0000002B.00000003.2633253533.000002403606E000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 0000002B.00000003.2631461994.000002403603B000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 0000002B.00000003.2628732550.000002403603A000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 0000002B.00000002.2636000233.000002403606E000.00000004.00000020.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000002C.00000002.2901298634.000002521C210000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000002C.00000002.2944848489.0000025234976000.00000004.00000020.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000002C.00000002.2901298634.000002521C20C000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000002C.00000002.2879114266.000002521BA42000.00000004.00000020.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000002C.00000002.2945196478.0000025234982000.00000004.00000020.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000032.00000002.2780389507.00000284EA829000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000036.00000003.2656762957.000000000407C000.00000004.00000020.00020000.00000000.sdmp, AgentPackageInternalPoller.exe, 00000037.00000002.2748921844.0000027F6F5B0000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000039.00000002.2972589705.000001ADFDB20000.00000004.00000020.00020000.00000000.sdmp, AgentPackageHeartbeat.exe, 0000003B.00000002.2760488301.00000291A03AA000.00000004.00000020.00020000.00000000.sdmp, AgentPackageHeartbeat.exe, 0000003B.00000002.2760488301.00000291A0370000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: AteraAgent.exe, 0000000D.00000002.2132168207.000001E21A1E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crlL
Source: AteraAgent.exe, 0000000D.00000002.2132168207.000001E21A2C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crla
Source: AteraAgent.exe, 0000000D.00000002.2132168207.000001E21A264000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crlq
Source: rundll32.exe, 00000004.00000003.2030969120.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E7D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004434000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.000000000488A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000036.00000003.2656762957.000000000407C000.00000004.00000020.00020000.00000000.sdmp, setup_north_west_arctic_borrough.msi	String found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
Source: rundll32.exe, 00000004.00000003.2030969120.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E7D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004434000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.000000000488A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000036.00000003.2656762957.000000000407C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0F
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: rundll32.exe, 00000004.00000003.2030969120.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E7D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004434000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.000000000488A000.00000004.00000020.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp, rundll32.exe, 00000036.00000003.2656762957.000000000407C000.00000004.00000020.00020000.00000000.sdmp, setup_north_west_arctic_borrough.msi	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: AteraAgent.exe, 0000000D.00000002.2132168207.000001E21A2C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com:80/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlrlCache
Source: AteraAgent.exe, 0000000D.00000002.2132168207.000001E21A2AB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/
Source: rundll32.exe, 00000004.00000003.2030969120.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E7D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004434000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.000000000488A000.00000004.00000020.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp, rundll32.exe, 00000036.00000003.2656762957.000000000407C000.00000004.00000020.00020000.00000000.sdmp, setup_north_west_arctic_borrough.msi	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: AteraAgent.exe, 0000000D.00000002.2133194920.000001E21A500000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907BFA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907AF2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907E8F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADEBB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADB9E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADD3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
Source: AteraAgent.exe, 0000000D.00000002.2132168207.000001E21A1E0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2131297055.000001E2019D9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2133194920.000001E21A500000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907EDB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907AA9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2569096756.000001A9204E5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2572723144.000001A9208E2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2567768051.000001A920455000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2567768051.000001A9204AF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907A9A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2569096756.000001A9205B6000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2569096756.000001A9204F5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2567768051.000001A920400000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907E5A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC63D3000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2921074159.0000024FC5EBA000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADE52000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAE03E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAE088000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADD70000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: AteraAgent.exe, 0000000D.00000002.2132168207.000001E21A2C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl=
Source: AteraAgent.exe, 0000000D.00000002.2133194920.000001E21A4F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlC
Source: AteraAgent.exe, 0000000D.00000002.2132168207.000001E21A2C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlk
Source: rundll32.exe, 00000004.00000003.2030969120.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E7D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004434000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.000000000488A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000036.00000003.2656762957.000000000407C000.00000004.00000020.00020000.00000000.sdmp, setup_north_west_arctic_borrough.msi	String found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
Source: rundll32.exe, 00000004.00000003.2030969120.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E7D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004434000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.000000000488A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000036.00000003.2656762957.000000000407C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0=
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: rundll32.exe, 00000004.00000003.2030969120.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E7D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004434000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.000000000488A000.00000004.00000020.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp, rundll32.exe, 00000036.00000003.2656762957.000000000407C000.00000004.00000020.00020000.00000000.sdmp, setup_north_west_arctic_borrough.msi	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: AteraAgent.exe, 0000000D.00000002.2132168207.000001E21A2C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com:80/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlche
Source: AteraAgent.exe, 0000000E.00000002.2569096756.000001A9204F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: AteraAgent.exe, 0000000E.00000002.2567768051.000001A920400000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: AgentPackageSTRemote.exe, 0000001F.00000002.2821624873.000001F0194AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://d17kmd0va0f0mp.cloudfront.net
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907C1F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907DBD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAE07F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADE52000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADF51000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://d25btwd9wax8gu.cloudfront.net
Source: AteraAgent.exe, 0000000E.00000002.2567768051.000001A9204AF000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000000.2222107135.000001F3998A2000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: http://dl.google.com/googletalk/googletalk-setup.exe
Source: AgentPackageSTRemote.exe, 0000001F.00000002.2821624873.000001F0194AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://download.splashtop.com
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: http://download.sysinternals.com/Files/SysinternalsSuite.zip
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: http://download.sysinternals.com/Files/SysinternalsSuitex64.zip
Source: rundll32.exe, 00000036.00000003.2656762957.000000000407C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://james.newtonking.com/projects/json
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: http://learn-powershell.net/2013/02/08/powershell-and-events-object-events/
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2771666679.00000284EA3D2000.00000002.00000001.01000000.0000003B.sdmp	String found in binary or memory: http://logging.apache.org/log4net/release/faq.html#trouble-EventLog
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp, AgentPackageProgramManagement.exe, 00000032.00000002.2698224529.0000028480245000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mirrors.kernel.org/sourceware/cygwin/
Source: AgentPackageSTRemote.exe, 0000001F.00000002.2821624873.000001F019469000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://my.splashtop.com
Source: AgentPackageMonitoring.exe, 00000022.00000002.2362483331.000001DCF1BF2000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://nlog-project.org/dummynamespace/
Source: AgentPackageMonitoring.exe, 00000022.00000002.2362483331.000001DCF1BF2000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://nlog-project.org/ws/
Source: AgentPackageMonitoring.exe, 00000022.00000002.2362483331.000001DCF1BF2000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://nlog-project.org/ws/3
Source: AgentPackageMonitoring.exe, 00000022.00000002.2362483331.000001DCF1BF2000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://nlog-project.org/ws/5
Source: AgentPackageMonitoring.exe, 00000022.00000002.2362483331.000001DCF1BF2000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://nlog-project.org/ws/ILogReceiverOneWayServer/ProcessLogMessages
Source: AgentPackageMonitoring.exe, 00000022.00000002.2362483331.000001DCF1BF2000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://nlog-project.org/ws/ILogReceiverServer/ProcessLogMessagesResponsep
Source: AgentPackageMonitoring.exe, 00000022.00000002.2362483331.000001DCF1BF2000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://nlog-project.org/ws/ILogReceiverServer/ProcessLogMessagesT
Source: AgentPackageMonitoring.exe, 00000022.00000002.2362483331.000001DCF1BF2000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://nlog-project.org/ws/T
Source: AgentPackageHeartbeat.exe, 0000003B.00000002.2745116449.0000029187D2D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ns-prod-am3-az501.westeurope.cloudapp.azure.com
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: http://nsis.sourceforge.net/Docs/AppendixD.html
Source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD8C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digice
Source: AteraAgent.exe, 0000000D.00000002.2132168207.000001E21A1E0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2132168207.000001E21A264000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rh
Source: AteraAgent.exe, 0000000D.00000002.2132168207.000001E21A1E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxX
Source: AteraAgent.exe, 0000000D.00000002.2132168207.000001E21A264000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com/l
Source: AteraAgent.exe, 0000000D.00000002.2132168207.000001E21A1E0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2131297055.000001E2019D9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2133194920.000001E21A500000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907EDB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907AA9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2569096756.000001A9204E5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907BFA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907AF2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2572723144.000001A9208E2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2567768051.000001A920455000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907E8F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2567768051.000001A9204AF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907A9A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2569096756.000001A9205B6000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2569096756.000001A9204F5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2567768051.000001A920400000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907E5A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC63D3000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2921074159.0000024FC5EBA000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADE52000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: rundll32.exe, 00000004.00000003.2030969120.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E7D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004434000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2567768051.000001A92047E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2566330920.000001A92008A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2567768051.000001A92043A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2572723144.000001A9208E2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2567768051.000001A9204AF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907A9A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2569096756.000001A9204F5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907E5A000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.000000000488A000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.2240859908.000001F3B2AD6000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2921074159.0000024FC5EBA000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADE52000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAE088000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADD70000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD8C8000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2921074159.0000024FC5E9D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADA07000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: rundll32.exe, 00000004.00000003.2030969120.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E7D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004434000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2572723144.000001A9208E2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2567768051.000001A9204AF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907A9A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2566330920.000001A920040000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907E5A000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.000000000488A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADE52000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAE088000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADD70000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD8C8000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2921074159.0000024FC5E70000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2921074159.0000024FC5E9D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADA07000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC636D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADF79000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADB70000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: rundll32.exe, 00000004.00000003.2030969120.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E7D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004434000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.000000000488A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000036.00000003.2656762957.000000000407C000.00000004.00000020.00020000.00000000.sdmp, setup_north_west_arctic_borrough.msi	String found in binary or memory: http://ocsp.digicert.com0K
Source: rundll32.exe, 00000004.00000003.2030969120.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E7D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004434000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.000000000488A000.00000004.00000020.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp, rundll32.exe, 00000036.00000003.2656762957.000000000407C000.00000004.00000020.00020000.00000000.sdmp, setup_north_west_arctic_borrough.msi	String found in binary or memory: http://ocsp.digicert.com0N
Source: rundll32.exe, 00000004.00000003.2030969120.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E7D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004434000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.000000000488A000.00000004.00000020.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp, rundll32.exe, 00000036.00000003.2656762957.000000000407C000.00000004.00000020.00020000.00000000.sdmp, setup_north_west_arctic_borrough.msi	String found in binary or memory: http://ocsp.digicert.com0O
Source: rundll32.exe, 00000004.00000003.2030969120.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E7D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004434000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2132168207.000001E21A1E0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2572723144.000001A9208E2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2567768051.000001A920455000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2567768051.000001A9204AF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907A9A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2569096756.000001A9205B6000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2566330920.000001A920040000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907E5A000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.000000000488A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADE52000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAE088000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADD70000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD8C8000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6354000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADA07000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADF79000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADB70000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: AteraAgent.exe, 0000000E.00000002.2569096756.000001A9204E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRS
Source: AteraAgent.exe, 0000000D.00000002.2132168207.000001E21A264000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com:80/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF
Source: AteraAgent.exe, 0000000D.00000002.2132168207.000001E21A24C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertAssuredIDRootCA.crl
Source: AteraAgent.exe, 0000000E.00000002.2554366052.000001A907016000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC636D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.cr
Source: AteraAgent.exe, 0000000E.00000002.2567768051.000001A920400000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2921074159.0000024FC5F37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedRootG4.crl
Source: AgentPackageUpgradeAgent.exe, 0000002C.00000002.2901298634.000002521C1E9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://packagesstore.blob.core.windows.net
Source: AteraAgent.exe, 0000000E.00000002.2571672429.000001A9208D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pki.registradores.org/normativa/index.htm0
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: http://poshcode.org/2513
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: http://poshcode.org/417
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: http://powershell.com/cs/blogs/tips/archive/2009/02/05/validating-a-url.aspx
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907C1F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907DBD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAE07F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADE52000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADF79000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADF51000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ps.atera.com
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907E4E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADB9E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADD3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ps.pndsn.com
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: http://pwnt.co
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: http://rawcdn.githack.com/
Source: AteraAgent.exe, 0000000E.00000002.2569096756.000001A9204F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/0
Source: AteraAgent.exe, 0000000D.00000002.2131297055.000001E2019D9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org
Source: AteraAgent.exe, 0000000D.00000002.2131297055.000001E2019D9000.00000004.00000800.00020000.00000000.sdmp, System.Private.DataContractSerialization.dll.1.dr	String found in binary or memory: http://schemas.datacontract.org/2004/07/
Source: System.Private.DataContractSerialization.dll.1.dr	String found in binary or memory: http://schemas.datacontract.org/2004/07/System.Collections.GenericJ
Source: System.Private.DataContractSerialization.dll.1.dr	String found in binary or memory: http://schemas.datacontract.org/2004/07/System.IO
Source: System.Private.DataContractSerialization.dll.1.dr	String found in binary or memory: http://schemas.datacontract.org/2004/07/System.Runtime.Serialization
Source: AteraAgent.exe, 0000000D.00000002.2131297055.000001E2019D9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceProcess
Source: System.Private.DataContractSerialization.dll.1.dr	String found in binary or memory: http://schemas.datacontract.org/2004/07/System.Xml
Source: System.Private.DataContractSerialization.dll.1.dr	String found in binary or memory: http://schemas.datacontract.org/2004/07/SystemV
Source: System.Private.DataContractSerialization.dll.1.dr	String found in binary or memory: http://schemas.datacontract.org/2004/07/SystemY
Source: System.Private.DataContractSerialization.dll.1.dr	String found in binary or memory: http://schemas.datacontract.org/2004/07/dhttp://schemas.datacontract.org/2004/07/System.XmlRhttp://w
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2698224529.0000028480001000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: AgentPackageMonitoring.exe, 00000022.00000002.2362483331.000001DCF1BF2000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: rundll32.exe, 00000005.00000002.2076672562.0000000005041000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2076672562.00000000050E4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A9077C1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.2185549667.0000000004C41000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.2185549667.0000000004CE4000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.2240195040.000001F39A3E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD6A1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2412488511.0000019080001000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2412488511.000001908023B000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000001F.00000002.2821624873.000001F019388000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000002.2357595267.000001DCD953D000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000027.00000002.2701402484.000001CD4EB92000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000002C.00000002.2901298634.000002521C0B1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageTicketing.exe, 0000002F.00000002.3286337377.0000027400001000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000032.00000002.2698224529.0000028480001000.00000004.00000800.00020000.00000000.sdmp, AgentPackageInternalPoller.exe, 00000037.00000002.2696231813.0000027F00020000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000039.00000002.2852389985.000001AD80298000.00000004.00000800.00020000.00000000.sdmp, AgentPackageHeartbeat.exe, 0000003B.00000002.2745116449.0000029187C11000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2698224529.000002848063C000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000032.00000002.2698224529.0000028480001000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: http://somehwere/something.exe
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: http://somewhere.com/downloads/Install-WindowsImage.ps1
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: http://somewhere.com/downloads/Install-WindowsImagex64.ps1
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: http://somewhere123zzaafasd.invalid
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: http://somewhere123zzaafasd.invalidUAttempting
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: http://stackoverflow.com/a/13571471/18475
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAF31000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: http://stackoverflow.com/a/15281070/18475
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: http://stackoverflow.com/questions/265339/whats-the-best-way-to-automate-secure-ftp-in-powershell
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: http://stackoverflow.com/questions/518181/too-many-automatic-redirections-were-attempted-error-messa
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAF31000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: http://stanislavs.org/stopping-command-line-applications-programatically-with-ctrl-c-events-from-net
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: http://stexbar.googlecode.com/files/StExBar-1.8.3.msi
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: http://stexbar.googlecode.com/files/StExBar64-1.8.3.msi
Source: rundll32.exe, 00000004.00000003.2030969120.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E7D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004434000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.000000000488A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000036.00000003.2656762957.000000000407C000.00000004.00000020.00020000.00000000.sdmp, setup_north_west_arctic_borrough.msi	String found in binary or memory: http://wixtoolset.org
Source: rundll32.exe, 00000004.00000003.2030969120.0000000004D16000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E4C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004403000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.0000000004859000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000036.00000003.2656762957.000000000404B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/v
Source: rundll32.exe, 00000004.00000003.2030969120.0000000004D16000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E4C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004403000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.0000000004859000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000036.00000003.2656762957.000000000404B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wixtoolset.org/news/
Source: rundll32.exe, 00000004.00000003.2030969120.0000000004D16000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E4C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004403000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.0000000004859000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000036.00000003.2656762957.000000000404B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wixtoolset.org/releases/
Source: AgentPackageMonitoring.exe, 00000022.00000002.2356612395.000001DCD9252000.00000002.00000001.01000000.0000001F.sdmp, AgentPackageMonitoring.exe, 00000039.00000002.2852389985.000001AD800E6000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000039.00000002.2852389985.000001AD8057B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.abit.com.tw/
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: AteraAgent.exe, 0000000E.00000002.2567768051.000001A92047E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class3TS.crl0
Source: AteraAgent.exe, 0000000E.00000002.2566330920.000001A920040000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.datev.de/zertifikat-policy-int0
Source: AteraAgent.exe, 0000000E.00000002.2566330920.000001A920040000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.datev.de/zertifikat-policy-std0
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907BFA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907AF2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907E8F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADEBB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADB9E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADD3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS
Source: rundll32.exe, 00000004.00000003.2030969120.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E7D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004434000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2132168207.000001E21A1E0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2131297055.000001E2019D9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2133194920.000001E21A500000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907EDB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907AA9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2569096756.000001A9204E5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2572723144.000001A9208E2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2567768051.000001A920455000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2567768051.000001A9204AF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907A9A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2569096756.000001A9205B6000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2569096756.000001A9204F5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907E5A000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.000000000488A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC63D3000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2921074159.0000024FC5EBA000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADE52000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: http://www.gnu.org/
Source: AteraAgent.exe, 0000000E.00000002.2571672429.000001A9208B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ica.co.il/repository/cps/PersonalID_Practice_Statement.pdf0
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: http://www.jeremyskinner.co.uk/2010/03/07/using-git-with-windows-powershell/
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupexitcodes
Source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FADB13000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.nlog-project.org/schemas/NLog.xsd
Source: AteraAgent.exe, 0000000E.00000002.2569096756.000001A9205B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pki.admin.ch/cps/CPS_2_16_756_1_17_3_21_1.pdf0:
Source: AteraAgent.exe, 0000000E.00000002.2570545490.000001A9205F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pkioverheid.nl/policies/root-policy-G20
Source: AteraAgent.exe, 0000000E.00000002.2570545490.000001A9205F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ssc.lt/cps03
Source: AteraAgent.exe, 0000000D.00000002.2131297055.000001E2019D9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.w3.o
Source: AteraAgent.exe, 0000000D.00000002.2131297055.000001E2019D9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.w3.oh
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2698224529.0000028480485000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000032.00000002.2698224529.0000028480245000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000032.00000002.2698224529.0000028480218000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000032.00000002.2698224529.00000284803FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.w3.or
Source: AgentPackageHeartbeat.exe, 0000003B.00000000.2677633669.0000029187152000.00000002.00000001.01000000.00000031.sdmp	String found in binary or memory: https://1.servicebus.windows.net/
Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2412488511.0000019080299000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2412488511.000001908023B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.P
Source: rundll32.exe, 00000005.00000002.2076672562.00000000050E4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.2185549667.0000000004CE4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.aterD
Source: rundll32.exe, 00000004.00000003.2030969120.0000000004D16000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2076672562.0000000005041000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E4C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2076672562.00000000050E4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004403000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907C1F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907AFB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A9077C1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907CA9000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.2185549667.0000000004C41000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.2185549667.0000000004CE4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.0000000004859000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.2240195040.000001F39A3E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD6A1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADB70000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2412488511.0000019080209000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2412488511.0000019080001000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2412488511.0000019080173000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2412488511.000001908023B000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000002.2357595267.000001DCD953D000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000027.00000002.2701402484.000001CD4EB92000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com
Source: rundll32.exe, 00000004.00000003.2030969120.0000000004D16000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2076672562.0000000005041000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E4C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2076672562.00000000050E4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004403000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.2185549667.0000000004C41000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.2185549667.0000000004CE4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.0000000004859000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000027.00000002.2762276165.000001CD675BF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000036.00000003.2656762957.000000000404B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/
Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2412488511.0000019080299000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Prh
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907908000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Pro
Source: AgentPackageAgentInformation.exe, 00000013.00000002.2240195040.000001F39A3E3000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2412488511.0000019080209000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2412488511.0000019080173000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000027.00000002.2701402484.000001CD4EB92000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000032.00000002.2698224529.000002848050F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production
Source: rundll32.exe, 00000004.00000003.2030969120.0000000004D16000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2076672562.0000000005041000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E4C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2076672562.00000000050E4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004403000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907C1F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907E4E000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.2185549667.0000000004C41000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.2185549667.0000000004CE4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.0000000004859000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000036.00000003.2656762957.000000000404B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907C1F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907E4E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/Acknowl
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907C1F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907A59000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907908000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907E4E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/AcknowledgeCommands
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907CA9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/AgentStarting)
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907908000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/CommandReportError
Source: AgentPackageAgentInformation.exe, 00000013.00000002.2240195040.000001F39A3E3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/CommandResult
Source: AgentPackageTicketing.exe, 0000002F.00000002.3286337377.0000027400001000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/CommandResultRecurring/AgentPackageTicketingInstallHelp
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A9077C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetEnvironmentStatus
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907908000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD729000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetRecurringPackages
Source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FADB70000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/Trace
Source: AgentPackageInternalPoller.exe, 00000037.00000002.2696231813.0000027F00020000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/agentMonitoredDevices/687399e7-85e9-4e3a-8465-e1cdfab81
Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2412488511.000001908023B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/dynamic-fields/
Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2412488511.0000019080001000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/dynamic-fields/script-based
Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2412488511.0000019080299000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/guiComm
Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2412488511.0000019080299000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2412488511.0000019080094000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/guiCommandResult
Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2412488511.0000019080209000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2412488511.0000019080173000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000027.00000002.2701402484.000001CD4EB92000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000032.00000002.2698224529.000002848050F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/recurringCommandResult
Source: AgentPackageMonitoring.exe, 00000022.00000002.2357595267.000001DCD953D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/thresholds/687399e7-85e9-4e3a-8465-e1cdfab81e34
Source: rundll32.exe, 00000005.00000002.2076672562.0000000005041000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2076672562.00000000050E4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.2185549667.0000000004C41000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.2185549667.0000000004CE4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/track-event
Source: rundll32.exe, 00000005.00000002.2076672562.0000000005126000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.2185549667.0000000004D26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/track-event;
Source: AgentPackageMonitoring.exe, 00000039.00000002.2852389985.000001AD80298000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Alerts/AddAlertsFromAgent
Source: AgentPackageMonitoring.exe, 00000039.00000002.2852389985.000001AD80439000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/monitoring/v1/MonitoringPackage/AddAgentMetrics
Source: AgentPackageMonitoring.exe, 00000039.00000002.2852389985.000001AD80439000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/monitoring/v1/MonitoringPackage/AddAgentMetrics0
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907E4E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.comh
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907C1F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.comhr
Source: AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/dotnet-core-applaunch?
Source: AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/dotnet-core-applaunch?You
Source: AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/dotnet/app-launch-failed
Source: AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/dotnet/app-launch-failed&gui=trueShowing
Source: AgentPackageTicketing.exe, 0000002F.00000002.3286337377.000002740007F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.nuget.org/v3-flatcontainer/eo.webbrowser/24.1.46/eo.webbrowser.24.1.46.nupkg
Source: AgentPackageTicketing.exe, 0000002F.00000002.3286337377.000002740007F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.nuget.org0
Source: AgentPackageHeartbeat.exe, 0000003B.00000002.2745116449.0000029187D1E000.00000004.00000800.00020000.00000000.sdmp, AgentPackageHeartbeat.exe, 0000003B.00000002.2745116449.0000029187C11000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://atera-agent-heartbeat.servicebus.windows.net
Source: AgentPackageHeartbeat.exe, 0000003B.00000002.2745116449.0000029187C11000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://atera-agent-heartbeat.servicebus.windows.net/
Source: AgentPackageHeartbeat.exe, 0000003B.00000002.2745116449.0000029187C11000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://atera-agent-heartbeat.servicebus.windows.net/agentheartbeat/messages
Source: AgentPackageHeartbeat.exe, 0000003B.00000002.2722169194.00000291873C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atera-agent-heartbeat.servicebus.windows.net/agentheartbeat/messagesx
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://bit.ly/1duJ9bM).
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://bit.ly/1g0R3Os).
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://bitbucket.org/jonforums/uru)
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://ch0.co/moderation
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://ch0.co/nexus2apikey).
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://ch0.co/packages_config
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://chocolatey.org).
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp, AgentPackageProgramManagement.exe, 00000032.00000002.2698224529.0000028480001000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chocolatey.org/
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://chocolatey.org/9https://push.chocolatey.org/Chttps://community.chocolatey.org/Qhttps://commu
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp, AgentPackageProgramManagement.exe, 00000032.00000002.2698224529.00000284803FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chocolatey.org/compare
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://chocolatey.org/compare.
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://chocolatey.org/comparekThis
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://chocolatey.org/contact.
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://community.chocolatey.org)
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2698224529.0000028480001000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://community.chocolatey.org/api/v2
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2698224529.000002848022C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/api/v2/
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://community.chocolatey.org/api/v2/.
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2698224529.000002848063C000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000032.00000002.2698224529.0000028480001000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/api/v2/8
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2698224529.000002848050F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/api/v2/P
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2698224529.0000028480485000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000032.00000002.2698224529.0000028480363000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/api/v2/h
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://community.chocolatey.org/packages)
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://community.chocolatey.org/packages).
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://community.chocolatey.org/packages/autohotkey.portable
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://community.chocolatey.org/packages/checksum)
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://community.chocolatey.org/packages/checksum.
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://community.chocolatey.org/packages/chocolatey-core.extension
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://community.chocolatey.org/packages/pik)
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://community.chocolatey.org/packages?q=id%3A.extension
Source: Microsoft.ApplicationInsights.dll.14.dr	String found in binary or memory: https://dc.services.visualstudio.com/api/profiles/
Source: Microsoft.ApplicationInsights.dll.14.dr	String found in binary or memory: https://dc.services.visualstudio.com/v2/trackOStartRunnerEvent
Source: Microsoft.ApplicationInsights.dll.14.dr	String found in binary or memory: https://dc.services.visualstudio.com/v2/trackvhttps://dc.services.visualstudio.com/api/profiles/
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://docs.chocolatey.org/en-us/choco/commands/uninstall
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp, AgentPackageProgramManagement.exe, 00000032.00000002.2698224529.0000028480245000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.chocolatey.org/en-us/choco/setup#non-administrative-install
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://docs.chocolatey.org/en-us/community-repository/community-packages-disclaimer
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://docs.chocolatey.org/en-us/community-repository/moderation/
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://docs.chocolatey.org/en-us/create/automatic-packages
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://docs.chocolatey.org/en-us/create/automatic-packages#automatic-updater-au
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://docs.chocolatey.org/en-us/create/automatic-packages)
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://docs.chocolatey.org/en-us/create/create-packages
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://docs.chocolatey.org/en-us/create/create-packages#how-do-i-exclude-executables-from-getting-s
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://docs.chocolatey.org/en-us/create/create-packages#how-do-i-set-up-shims-for-applications-that
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://docs.chocolatey.org/en-us/create/create-packages#package-icon-guidelines
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://docs.chocolatey.org/en-us/create/functions
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://docs.chocolatey.org/en-us/create/functions/get-chocolateyunzipp
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://docs.chocolatey.org/en-us/create/functions/get-chocolateywebfile
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://docs.chocolatey.org/en-us/create/functions/get-osarchitecturewidth
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://docs.chocolatey.org/en-us/create/functions/get-toolslocation
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://docs.chocolatey.org/en-us/create/functions/install-binfile
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://docs.chocolatey.org/en-us/create/functions/install-chocolateyenvironmentvariable
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://docs.chocolatey.org/en-us/create/functions/install-chocolateyfileassociation
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://docs.chocolatey.org/en-us/create/functions/install-chocolateyinstallpackage
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://docs.chocolatey.org/en-us/create/functions/install-chocolateypackage
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://docs.chocolatey.org/en-us/create/functions/install-chocolateypath
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://docs.chocolatey.org/en-us/create/functions/install-chocolateyshortcut
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://docs.chocolatey.org/en-us/create/functions/install-chocolateyvsixpackage
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://docs.chocolatey.org/en-us/create/functions/install-chocolateyzippackage
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://docs.chocolatey.org/en-us/create/functions/start-chocolateyprocessasadmin
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://docs.chocolatey.org/en-us/create/functions/uninstall-binfile
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://docs.chocolatey.org/en-us/create/functions/uninstall-chocolateyenvironmentvariable
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://docs.chocolatey.org/en-us/create/functions/uninstall-chocolateypackage
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://docs.chocolatey.org/en-us/create/functions/uninstall-chocolateyzippackage
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://docs.chocolatey.org/en-us/features/extensions
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://docs.chocolatey.org/en-us/features/private-cdn.
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://docs.chocolatey.org/en-us/getting-started#overriding-default-install-directory-or-other-adva
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://docs.chocolatey.org/en-us/guides/create/create-custom-package-templates
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://docs.chocolatey.org/en-us/guides/create/mount-an-iso-in-chocolatey-package
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://docs.chocolatey.org/en-us/guides/create/parse-packageparameters-argument
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://docs.chocolatey.org/en-us/guides/create/parse-packageparameters-argument#step-3---use-core-c
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://docs.chocolatey.org/en-us/information/legal.
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://docs.chocolatey.org/en-us/troubleshooting
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://docs.nuget.org/create/Nuspec-Reference.
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://docs.nuget.org/create/versioning#creating-prerelease-packages
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://docs.nuget.org/create/versioning#specifying-version-ranges-in-.nuspec-files
Source: AgentPackageSTRemote.exe, 0000001F.00000002.2821624873.000001F01948F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://download.splashtop.com
Source: AgentPackageSTRemote.exe, 0000001F.00000002.2821624873.000001F01948F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000001F.00000002.2821624873.000001F01948B000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000001F.00000002.2821624873.000001F019469000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://download.splashtop.com/csrs/Splashtop_Streamer_Win_DEPLOY_INSTALLER_v3.7.2.0.exe
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAF31000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://gist.github.com/jvshahid/6fb2f91fa7fb1db23599
Source: rundll32.exe, 00000004.00000003.2030969120.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E7D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004434000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907E5A000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.000000000488A000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.2239984972.000001F39A262000.00000002.00000001.01000000.00000019.sdmp, AgentPackageMonitoring.exe, 00000022.00000002.2363122875.000001DCF1CD2000.00000002.00000001.01000000.00000024.sdmp, AgentPackageUpgradeAgent.exe, 0000002E.00000002.2640268381.0000020451950000.00000002.00000001.01000000.0000002B.sdmp, rundll32.exe, 00000036.00000003.2656762957.000000000407C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://github.com/chocolatey/choco/blob/bfe351b7d10c798014efe4bfbb100b171db25099/src/chocolatey/inf
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://github.com/chocolatey/choco/issues/1800#issuecomment-484293844.
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://github.com/chocolatey/choco/issues/new/choose.
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://github.com/chocolatey/chocolatey
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://github.com/chocolatey/chocolatey-coreteampackages
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://github.com/chocolatey/chocolatey-test-environment
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://github.com/chocolatey/chocolatey-workshop
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://github.com/chocolatey/shimgen/tree/master/shim.
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://github.com/dahlbyk/posh-git
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://github.com/dahlbyk/posh-git/blob/1941da2472eb668cde2d6a5fc921d5043a024386/LICENSE.txt
Source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD8C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf
Source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD8C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf8
Source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FADD70000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/corefx/tree/32b491939fbd125f304031c35038b1e14b4e3958
Source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FADD70000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/corefx/tree/32b491939fbd125f304031c35038b1e14b4e39588
Source: System.Memory.dll.23.dr	String found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f
Source: System.Memory.dll.23.dr	String found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f8
Source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FADB70000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/roslyn/issues/46646
Source: System.IO.FileSystem.Primitives.dll.1.dr, System.IO.IsolatedStorage.dll.1.dr, System.Security.Cryptography.Cng.dll.1.dr, System.Reflection.Emit.dll.1.dr, System.Xml.XDocument.dll.1.dr, System.Private.DataContractSerialization.dll.1.dr, Microsoft.CSharp.dll.1.dr, System.Threading.Tasks.Dataflow.dll.1.dr, System.Reflection.Primitives.dll.1.dr	String found in binary or memory: https://github.com/dotnet/runtime
Source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FADB70000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/runtime/issues/73124.
Source: System.Threading.Tasks.Dataflow.dll.1.dr	String found in binary or memory: https://github.com/dotnet/runtimew
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://github.com/downloads/spraints/git-tfs/GitTfs-0.11.0.zip
Source: AteraAgent.exe, 0000000E.00000002.2570995304.000001A9207B2000.00000002.00000001.01000000.00000026.sdmp	String found in binary or memory: https://github.com/icsharpcode/SharpZipLib
Source: AgentPackageInternalPoller.exe, 00000037.00000002.2746621117.0000027F6F492000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: https://github.com/lextudio/sharpsnmplib.git
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://github.com/majkinetor/au-packages/commit/bf95d56fe5851ee2e4f6f15f79c1a2877a7950a1
Source: Microsoft.CSharp.dll.1.dr	String found in binary or memory: https://github.com/mono/linker/issues/1416.
Source: Microsoft.CSharp.dll.1.dr	String found in binary or memory: https://github.com/mono/linker/issues/1906.
Source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FADB13000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nlog/NLog/wiki/Configuration-file#variables
Source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FADB13000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nlog/NLog/wiki/Layout-Renderers
Source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FADB13000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nlog/NLog/wiki/Targets
Source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FADB13000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nlog/nlog/wiki/Configuration-file
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2698224529.0000028480001000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://licensedpackages.chocolatey.org/api/v2/
Source: AgentPackageSTRemote.exe, 0000001F.00000002.2821624873.000001F019464000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://my.splashtop.com
Source: AgentPackageSTRemote.exe, 0000001F.00000000.2277452564.000001F0188B2000.00000002.00000001.01000000.0000001A.sdmp, AgentPackageSTRemote.exe, 0000001F.00000002.2821624873.000001F019388000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://my.splashtop.com/csrs/win
Source: AgentPackageMonitoring.exe, 00000022.00000002.2363008611.000001DCF1CC8000.00000002.00000001.01000000.00000023.sdmp, AgentPackageMonitoring.exe, 00000022.00000002.2362483331.000001DCF1BF2000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://nlog-project.org/
Source: AgentPackageUpgradeAgent.exe, 0000002C.00000002.2901298634.000002521C0B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://packagesstore.blob.core.windows.net
Source: AgentPackageUpgradeAgent.exe, 0000002C.00000000.2592799756.000002521B762000.00000002.00000001.01000000.00000027.sdmp	String found in binary or memory: https://packagesstore.blob.core.windows.net/installers/Agents/Mac/
Source: AteraAgent.exe, 0000000E.00000002.2572723144.000001A9208E2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000000.2316796496.000001DCD87E2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: https://packagesstore.blob.core.windows.net/installers/BitDefender/rmm.zip
Source: AgentPackageUpgradeAgent.exe, 0000002C.00000002.2901298634.000002521C0B1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000002C.00000000.2592799756.000002521B762000.00000002.00000001.01000000.00000027.sdmp	String found in binary or memory: https://packagesstore.blob.core.windows.net/installers/Fabric
Source: AgentPackageUpgradeAgent.exe, 0000002C.00000002.2901298634.000002521C0B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://packagesstore.blob.core.windows.net/installers/Fabric/MSI/1.8.7.2/Setupx64.msi
Source: AgentPackageUpgradeAgent.exe, 0000002C.00000000.2592799756.000002521B762000.00000002.00000001.01000000.00000027.sdmp	String found in binary or memory: https://packagesstore.blob.core.windows.net/installers/Fabric/MacAgent/1.0/AteraAgentInstaller.pkgA/
Source: AgentPackageUpgradeAgent.exe, 0000002C.00000000.2592799756.000002521B762000.00000002.00000001.01000000.00000027.sdmp	String found in binary or memory: https://packagesstore.blob.core.windows.net/installers/Fabric5Get
Source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FADE52000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADDA7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.ateH
Source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FADF51000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.ateH:
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907DBD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.ateH:%
Source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FADF77000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.ateHX
Source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FADF51000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.ateHj4
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907C1F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907908000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADE52000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADB70000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADDA7000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD787000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907908000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907D7F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/a
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907D7F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/ag
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907BDC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A90789A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A90788E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907908000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A9078AA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.13/AgentPackageAgentI
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907D7F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907908000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907CA9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageMonitoring/0.40/AgentPackageMonitoring.z
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907C1F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A90788E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageSTRemote/2.3/AgentPackageSTRemote.zip
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907C1F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907BDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageSTRemote/2.3/AgentPackageSTRemote.ziph
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.Availability/0.16/Agent.Package.Availability.zip
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907892000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907908000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD76F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zip
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.Watchdog/1.5/Agent.Package.Watchdog.zip
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageADRemote/6.0/AgentPackageADRemote.zip
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907BDC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A90789A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A90788E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A9078AA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageAgentInformation/37.9/AgentPackageAgentInformation
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageHeartbeat/17.11/AgentPackageHeartbeat.zip
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageInternalPoller/13.0/AgentPackageInternalPoller.zip
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageMarketplace/1.6/AgentPackageMarketplace.zip
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907D7F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageMonitoring/36.9/AgentPackageMonitoring.zip
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907D7F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageMonitoring/36.9/AgentPackageMonitoring.ziph
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907892000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907908000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD76F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageNetworkDiscovery/13.0/AgentPackageNetworkDiscovery
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageOsUpdates/19.9/AgentPackageOsUpdates.zip
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageProgramManagement/24.9/AgentPackageProgramManageme
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907908000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD76F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageRuntimeInstaller/1.5/AgentPackageRuntimeInstaller.
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907C1F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A90788E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageSTRemote/23.4/AgentPackageSTRemote.zip
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907C1F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageSTRemote/23.4/AgentPackageSTRemote.ziph
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageSystemTools/26.6/AgentPackageSystemTools.zip
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907892000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907908000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD76F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageTaskScheduler/13.0/AgentPackageTaskScheduler.zip
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageTicketing/13.0/AgentPackageTicketing.zip
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageUpgradeAgent/27.1/AgentPackageUpgradeAgent.zip
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageWindowsUpdate/24.6/AgentPackageWindowsUpdate.zip
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.Availability/0.16/Agent.Package.Availability.z
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907892000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907908000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD76F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zip
Source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FADDA7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.Watchdog/1.5/Agent.Package.Wat
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD787000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.Watchdog/1.5/Agent.Package.Watchdog.zip
Source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FADDA7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.Watchdog/1.5/Agent.Package.Watchdog.zip?ZHfN0q
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD787000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageADRemote/6.0/AgentPackageADRemote.zip
Source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FADA07000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageADRemote/6.0/AgentPackageADRemote.zip?ZHfN0qm6B8
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907BDC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A90789A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A90788E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907908000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A9078AA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD787000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/37.9/AgentPackageAgentInformati
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD787000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageHeartbeat/17.14/AgentPackageHeartbeat.zip
Source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD8C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageHeartbeat/17.14/AgentPackageHeartbeat.zip?ZHfN0q
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD82F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD787000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageInternalPoller/23.8/AgentPackageInternalPoller.z
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD787000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMarketplace/1.6/AgentPackageMarketplace.zip
Source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD9BF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMarketplace/1.6/AgentPackageMarketplace.zip?ZHfN
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907DBD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMonitoring/36.9/AgentPackageMoni
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907D7F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD787000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMonitoring/36.9/AgentPackageMonitoring.zip
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907DBD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907A59000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD8C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMonitoring/36.9/AgentPackageMonitoring.zip?ZHfN0
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907D7F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMonitoring/36.9/AgentPackageMonitoring.ziph
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907892000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907908000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD76F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageNetworkDiscovery/23.9/AgentPackageNetworkDiscove
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD787000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageOsUpdates/19.9/AgentPackageOsUpdates.zip
Source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD82F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageOsUpdates/19.9/AgentPackageOsUpdates.zip?ZHfN0qm
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD82F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD787000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageProgramManagement/24.9/AgentPackageProgramManage
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907908000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADA07000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD76F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD787000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageRuntimeInstaller/1.6/AgentPackageRuntimeInstalle
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907C1F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A90788E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD787000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSTRemote/23.4/AgentPackageSTRemote.zip
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907C1F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907908000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSTRemote/23.4/AgentPackageSTRemote.zip?ZHfN0qm6B
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907C1F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSTRemote/23.4/AgentPackageSTRemote.ziph
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD787000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSystemTools/26.8/AgentPackageSystemTools.zip
Source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD8C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSystemTools/26.8/AgentPackageSystemTools.zip?ZHf
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907892000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907908000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageTaskScheduler/17.2/AgentPackageTaskScheduler.
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD76F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageTaskScheduler/17.2/AgentPackageTaskScheduler.zip
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD787000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageTicketing/29.5/AgentPackageTicketing.zip
Source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD787000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageTicketing/29.5/AgentPackageTicketing.zip?ZHfN0qm
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD787000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageUpgradeAgent/27.2/AgentPackageUpgradeAgent.zip
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageWindowsUpdate/24.6/AgentPackageWindowsUpdate.zip
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.Availability/13.0/Agent.Package.Availability.zip
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907892000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907908000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD76F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.IotPoc/13.0/Agent.Package.IotPoc.zip
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.Watchdog/13.0/Agent.Package.Watchdog.zip
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageADRemote/1.2/AgentPackageADRemote.zip
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907BDC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A90789A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A90788E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A9078AA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageAgentInformation/22.7/AgentPackageAgentInformation
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageHeartbeat/16.9/AgentPackageHeartbeat.zip
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageInternalPoller/15.9/AgentPackageInternalPoller.zip
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageMarketplace/13.0/AgentPackageMarketplace.zip
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907D7F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageMonitoring/22.0/AgentPackageMonitoring.zip
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907D7F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageMonitoring/22.0/AgentPackageMonitoring.zipP
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907908000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageNetworkDiscovery/15.0/AgentPackageNetworkDiscovery
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageOsUpdates/1.0/AgentPackageOsUpdates.zip
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageProgramManagement/15.5/AgentPackageProgramManageme
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907908000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD76F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageRuntimeInstaller/13.0/AgentPackageRuntimeInstaller
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907C1F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A90788E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageSTRemote/16.0/AgentPackageSTRemote.zip
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageSystemTools/18.9/AgentPackageSystemTools.zip
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907892000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907908000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD76F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageTaskScheduler/13.1/AgentPackageTaskScheduler.zip
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageTicketing/18.9/AgentPackageTicketing.zip
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageUpgradeAgent/22.1/AgentPackageUpgradeAgent.zip
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageWindowsUpdate/18.3/AgentPackageWindowsUpdate.zip
Source: AgentPackageTicketing.exe, 0000002F.00000002.3286337377.000002740007F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/installers/EO.WebBrowser/eo.webbrowser.24.1.46.nupkgX
Source: AgentPackageSTRemote.exe, 0000001F.00000000.2277452564.000001F0188B2000.00000002.00000001.01000000.0000001A.sdmp, AgentPackageSTRemote.exe, 0000001F.00000002.2821624873.000001F019388000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/installers/splashtop/win/SplashtopStreamer.exe
Source: AgentPackageSTRemote.exe, 0000001F.00000000.2277452564.000001F0188B2000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: https://ps.atera.com/installers/splashtop/win/SplashtopStreamer.exepUsers/Shared/Splashtop
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907908000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/p
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907E4E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907CA9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907E5A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADB9E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A90784C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907E4E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907CA9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907E5A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADB9E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD729000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADD3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A90784C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=07968007-8c0a-4296-a84d-958c3546d7f9
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907908000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=64ef405e-75c0-4362-afc6-b57a0ead3663
Source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FADB9E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8f1e91b8-fd97-42af-b4dc-8005990eaa32
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907E4E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=950ffdd8-009b-4e25-a87f-8ae4ab93024b
Source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD729000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=f01dc665-4d4b-4a5b-a127-a4ccd8710020
Source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD729000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-1
Source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FADB9E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/687399e7
Source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907E5A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD787000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/687399e7-85e9-4e3a-8465
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://push.chocolatey.org
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp, AgentPackageProgramManagement.exe, 00000032.00000002.2698224529.0000028480001000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://push.chocolatey.org/
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://raw.github.com/ferventcoder/checksum/master/LICENSE
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://raw.githubusercontent.com/wiki/chocolatey/choco/images/gifs/choco_config.gif
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://raw.githubusercontent.com/wiki/chocolatey/choco/images/gifs/choco_install.gif
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://raw.githubusercontent.com/wiki/chocolatey/choco/images/gifs/choco_outdated.gif
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://raw.githubusercontent.com/wiki/chocolatey/choco/images/gifs/choco_search.gif
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://raw.githubusercontent.com/wiki/chocolatey/choco/images/gifs/choco_uninstall.gif
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://raw.githubusercontent.com/wiki/chocolatey/choco/images/gifs/choco_upgrade.gif
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://raw.githubusercontent.com/wiki/chocolatey/choco/images/gifs/chocopro_install_stopped.gif
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://sevenzip.osdn.jp/chm/general/formats.htm
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://somelocation.com/
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://somelocation.com/thefile.exe
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://somewhere.com/file-x64.msi
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://somewhere.com/file.msi
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://somewhere.com/file.mst
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://somewhere/bob-x64.exe
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://somewhere/bob.exe
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	String found in binary or memory: https://somewhere/out/there.msi
Source: AgentPackageMonitoring.exe, 00000022.00000002.2362128465.000001DCF1B82000.00000002.00000001.01000000.00000022.sdmp	String found in binary or memory: https://system.data.sqlite.org/
Source: AgentPackageMonitoring.exe, 00000022.00000002.2362377282.000001DCF1BE4000.00000002.00000001.01000000.00000022.sdmp	String found in binary or memory: https://system.data.sqlite.org/X
Source: AgentPackageMonitoring.exe, 00000022.00000002.2362128465.000001DCF1B82000.00000002.00000001.01000000.00000022.sdmp	String found in binary or memory: https://urn.to/r/sds_see
Source: AteraAgent.exe, 0000000E.00000002.2570733513.000001A9205FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://web.certicamara.com/marco-legal0Z
Source: AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://westeurope-5.in.applicationinsights.azure.com/;LiveEndpoint=https://westeurope.livediagnosti
Source: rundll32.exe, 00000004.00000003.2030969120.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E7D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004434000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.000000000488A000.00000004.00000020.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp, rundll32.exe, 00000036.00000003.2656762957.000000000407C000.00000004.00000020.00020000.00000000.sdmp, setup_north_west_arctic_borrough.msi	String found in binary or memory: https://www.digicert.com/CPS0
Source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp, AgentPackageProgramManagement.exe, 00000032.00000002.2698224529.0000028480245000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.howsmyssl.com/
Source: rundll32.exe, 00000004.00000003.2030969120.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E7D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004434000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.000000000488A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000036.00000003.2656762957.000000000407C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.newtonsoft.com/json
Source: rundll32.exe, 00000036.00000003.2656762957.000000000407C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.newtonsoft.com/jsonschema
Source: AgentPackageMonitoring.exe, 00000022.00000002.2363008611.000001DCF1CC8000.00000002.00000001.01000000.00000023.sdmp, AgentPackageMonitoring.exe, 00000022.00000002.2362483331.000001DCF1BF2000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://www.nuget.org/packages/NLog.Web.AspNetCore
Source: rundll32.exe, 00000004.00000003.2030969120.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E7D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004434000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907E5A000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.000000000488A000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.2239984972.000001F39A262000.00000002.00000001.01000000.00000019.sdmp, AgentPackageMonitoring.exe, 00000022.00000002.2363122875.000001DCF1CD2000.00000002.00000001.01000000.00000024.sdmp, AgentPackageUpgradeAgent.exe, 0000002E.00000002.2640268381.0000020451950000.00000002.00000001.01000000.0000002B.sdmp, rundll32.exe, 00000036.00000003.2656762957.000000000407C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
Source: AgentPackageMonitoring.exe	String found in binary or memory: https://www.sqlite.org/copyright.html
Source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FADF79000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000002.2376372509.00007FF8A00A4000.00000002.00000001.01000000.0000001C.sdmp, SQLite.Interop.dll.14.dr	String found in binary or memory: https://www.sqlite.org/copyright.html2

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BA74182F76F15A9CF514DEF352303C95	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB	Jump to dropped file

Spam, unwanted Advertisements and Ransom Demands

Reads the Security eventlog

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security

Reads the System eventlog

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\AteraAgent
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\6f9474.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI957D.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI97E0.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIA8D8.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{E732A0D7-A2F2-4657-AC41-B19742648E45}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAB1B.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAB1C.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAB8B.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAC95.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\6f9476.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\6f9476.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIBF53.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\6f9477.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI88A0.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI94C6.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI9F37.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAE8A.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAE9A.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAF47.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAF96.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{6B2921FF-79C1-4EBF-81B4-C606D4E5BEF4}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC998.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSICA06.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSICAB3.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSICB02.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\6f9483.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\6f9483.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSICFA6.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\6f9484.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIA30.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{3FDCF0A2-7C1F-41C7-9749-0D91EC216AED}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIBE6.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\6f9487.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\6f9487.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI2A7B.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI2C61.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI2EB4.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI2F70.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\6f948a.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI3136.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{667CB653-70E1-4E2B-9C8E-6A02A6CF88B9}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI31A5.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\6f948d.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\6f948d.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI3280.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI338B.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI3419.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI34C5.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\6f9490.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI364D.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{A09F8381-88C3-44C4-9DAB-AC44F4F4DB4B}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI369C.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\6f9493.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\6f9493.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI3853.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI3A96.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI3AF5.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI3B44.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI957D.tmp-	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI957D.tmp-\AlphaControlAgentInstallation.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI957D.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI957D.tmp-\Newtonsoft.Json.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI957D.tmp-\System.Management.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI957D.tmp-\CustomAction.config	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI97E0.tmp-	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI97E0.tmp-\AlphaControlAgentInstallation.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI97E0.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI97E0.tmp-\Newtonsoft.Json.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI97E0.tmp-\System.Management.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI97E0.tmp-\CustomAction.config	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIA8D8.tmp-
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIA8D8.tmp-\AlphaControlAgentInstallation.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIA8D8.tmp-\Microsoft.Deployment.WindowsInstaller.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIA8D8.tmp-\Newtonsoft.Json.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIA8D8.tmp-\System.Management.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIA8D8.tmp-\CustomAction.config
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\InstallUtil.InstallLog
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BA74182F76F15A9CF514DEF352303C95
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BA74182F76F15A9CF514DEF352303C95
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIBF53.tmp-
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIBF53.tmp-\AlphaControlAgentInstallation.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIBF53.tmp-\Microsoft.Deployment.WindowsInstaller.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIBF53.tmp-\Newtonsoft.Json.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIBF53.tmp-\System.Management.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIBF53.tmp-\CustomAction.config
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageSTRemote.exe.log
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageMonitoring.exe.log
Source: C:\Windows\System32\wbem\WMIADAP.exe	File created: C:\Windows\system32\wbem\Performance\WmiApRpl_new.h
Source: C:\Windows\System32\wbem\WMIADAP.exe	File created: C:\Windows\system32\wbem\Performance\WmiApRpl_new.ini
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageUpgradeAgent.exe.log
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageProgramManagement.exe.log
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI88A0.tmp-
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI88A0.tmp-\AlphaControlAgentInstallation.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI88A0.tmp-\Microsoft.Deployment.WindowsInstaller.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI88A0.tmp-\Newtonsoft.Json.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI88A0.tmp-\System.Management.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI88A0.tmp-\CustomAction.config
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageInternalPoller.exe.log
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageHeartbeat.exe.log

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\MSI957D.tmp

Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_3_074D71D0	5_3_074D71D0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_3_074D0040	5_3_074D0040
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_3_046450B8	6_3_046450B8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_3_046459A8	6_3_046459A8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_3_04644D68	6_3_04644D68
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 13_2_00007FF848AAC922	13_2_00007FF848AAC922
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 13_2_00007FF848AABB76	13_2_00007FF848AABB76
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 13_2_00007FF848AA0C1D	13_2_00007FF848AA0C1D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 14_2_00007FF848AA1CF0	14_2_00007FF848AA1CF0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 14_2_00007FF848AB0DD8	14_2_00007FF848AB0DD8
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 14_2_00007FF848AB7F58	14_2_00007FF848AB7F58
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 14_2_00007FF848AAD050	14_2_00007FF848AAD050
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 14_2_00007FF848AB6190	14_2_00007FF848AB6190
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 14_2_00007FF848AAC688	14_2_00007FF848AAC688
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 14_2_00007FF848AB38F0	14_2_00007FF848AB38F0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 14_2_00007FF848A99AF2	14_2_00007FF848A99AF2
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 14_2_00007FF848AACBB8	14_2_00007FF848AACBB8
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 14_2_00007FF848AAD100	14_2_00007FF848AAD100
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 14_2_00007FF848AA9F86	14_2_00007FF848AA9F86
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 14_2_00007FF848AB0F22	14_2_00007FF848AB0F22
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 14_2_00007FF848CAE2FA	14_2_00007FF848CAE2FA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 14_2_00007FF848CAAC97	14_2_00007FF848CAAC97
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 14_2_00007FF848CA6950	14_2_00007FF848CA6950
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 14_2_00007FF848CA93FA	14_2_00007FF848CA93FA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 14_2_00007FF848CB0FF2	14_2_00007FF848CB0FF2
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 14_2_00007FF848A90C58	14_2_00007FF848A90C58
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 17_3_04C17678	17_3_04C17678
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 17_3_04C10040	17_3_04C10040
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 19_2_00007FF848A77951	19_2_00007FF848A77951
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 19_2_00007FF848A7FA94	19_2_00007FF848A7FA94
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 19_2_00007FF848A9047D	19_2_00007FF848A9047D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 19_2_00007FF848A78701	19_2_00007FF848A78701
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 19_2_00007FF848A8100A	19_2_00007FF848A8100A
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 19_2_00007FF848A712FB	19_2_00007FF848A712FB
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 19_2_00007FF848A7BDB0	19_2_00007FF848A7BDB0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 19_2_00007FF848A810C0	19_2_00007FF848A810C0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 21_2_00007FF848A712FB	21_2_00007FF848A712FB
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 23_2_00007FF848A91DC8	23_2_00007FF848A91DC8
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 23_2_00007FF848A80D3D	23_2_00007FF848A80D3D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 23_2_00007FF848A91A8B	23_2_00007FF848A91A8B
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 23_2_00007FF848A91AB8	23_2_00007FF848A91AB8
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 23_2_00007FF848A99446	23_2_00007FF848A99446
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 23_2_00007FF848A8A080	23_2_00007FF848A8A080
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 23_2_00007FF848C99C2D	23_2_00007FF848C99C2D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 23_2_00007FF848CA68B0	23_2_00007FF848CA68B0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 23_2_00007FF848CA6828	23_2_00007FF848CA6828
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 23_2_00007FF848C9ACF8	23_2_00007FF848C9ACF8
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 26_2_00007FF848A98956	26_2_00007FF848A98956
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 26_2_00007FF848AB4333	26_2_00007FF848AB4333
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 26_2_00007FF848A912FA	26_2_00007FF848A912FA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 26_2_00007FF848A9C47F	26_2_00007FF848A9C47F
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 26_2_00007FF848AA96F2	26_2_00007FF848AA96F2
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 26_2_00007FF848A99702	26_2_00007FF848A99702
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 26_2_00007FF848A90730	26_2_00007FF848A90730
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 31_2_00007FF848AC19B0	31_2_00007FF848AC19B0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 31_2_00007FF848AB52FA	31_2_00007FF848AB52FA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 31_2_00007FF848AB8476	31_2_00007FF848AB8476
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 31_2_00007FF848AB15FD	31_2_00007FF848AB15FD
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 31_2_00007FF848AB6F59	31_2_00007FF848AB6F59
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 31_2_00007FF848AA11F2	31_2_00007FF848AA11F2
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 31_2_00007FF848ABF1D3	31_2_00007FF848ABF1D3
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 31_2_00007FF848ABF120	31_2_00007FF848ABF120
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 31_2_00007FF848AC1AA8	31_2_00007FF848AC1AA8
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 31_2_00007FF848AC1A80	31_2_00007FF848AC1A80
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 31_2_00007FF848AC1A78	31_2_00007FF848AC1A78
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 31_2_00007FF848AA12DF	31_2_00007FF848AA12DF
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 31_2_00007FF848AA13F3	31_2_00007FF848AA13F3
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 31_2_00007FF848AA6590	31_2_00007FF848AA6590
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 31_2_00007FF848AA0ED3	31_2_00007FF848AA0ED3
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 31_2_00007FF848AA06D3	31_2_00007FF848AA06D3
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 31_2_00007FF848AA0740	31_2_00007FF848AA0740
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 31_2_00007FF848AA1080	31_2_00007FF848AA1080
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 31_2_00007FF848ABF0C2	31_2_00007FF848ABF0C2
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 31_2_00007FF848AA0838	31_2_00007FF848AA0838
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF8A00401E0	34_2_00007FF8A00401E0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF8A0036960	34_2_00007FF8A0036960
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF8B880	34_2_00007FF89FF8B880
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF8A00320E0	34_2_00007FF8A00320E0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF8C110	34_2_00007FF89FF8C110
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FFBC220	34_2_00007FF89FFBC220
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF72240	34_2_00007FF89FF72240
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FFA22B0	34_2_00007FF89FFA22B0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FFAA2F0	34_2_00007FF89FFAA2F0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FFC8310	34_2_00007FF89FFC8310
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF22310	34_2_00007FF89FF22310
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF07EC0	34_2_00007FF89FF07EC0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF20330	34_2_00007FF89FF20330
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF664A0	34_2_00007FF89FF664A0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF144DC	34_2_00007FF89FF144DC
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF50510	34_2_00007FF89FF50510
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF0A524	34_2_00007FF89FF0A524
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF84550	34_2_00007FF89FF84550
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FFBE590	34_2_00007FF89FFBE590
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FFE6590	34_2_00007FF89FFE6590
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF8A003E5B0	34_2_00007FF8A003E5B0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF8A00205D0	34_2_00007FF8A00205D0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FFBA5D0	34_2_00007FF89FFBA5D0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF085D4	34_2_00007FF89FF085D4
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF80600	34_2_00007FF89FF80600
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF8A003C680	34_2_00007FF8A003C680
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF1E720	34_2_00007FF89FF1E720
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF12738	34_2_00007FF89FF12738
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF9A7E0	34_2_00007FF89FF9A7E0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF0E80C	34_2_00007FF89FF0E80C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FFC6860	34_2_00007FF89FFC6860
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF18860	34_2_00007FF89FF18860
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF588A0	34_2_00007FF89FF588A0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FFF6910	34_2_00007FF89FFF6910
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF5E990	34_2_00007FF89FF5E990
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF08A3C	34_2_00007FF89FF08A3C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF48A60	34_2_00007FF89FF48A60
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FFCAA70	34_2_00007FF89FFCAA70
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF26A80	34_2_00007FF89FF26A80
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FFEAB00	34_2_00007FF89FFEAB00
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF7CB50	34_2_00007FF89FF7CB50
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF58B90	34_2_00007FF89FF58B90
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FFACC00	34_2_00007FF89FFACC00
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF8A0034C80	34_2_00007FF8A0034C80
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF16CC0	34_2_00007FF89FF16CC0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF4ACD0	34_2_00007FF89FF4ACD0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF74D00	34_2_00007FF89FF74D00
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FFC8D20	34_2_00007FF89FFC8D20
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF8A0050D30	34_2_00007FF8A0050D30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF86D20	34_2_00007FF89FF86D20
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF074B0	34_2_00007FF89FF074B0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF8A003CD60	34_2_00007FF8A003CD60
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF03474	34_2_00007FF89FF03474
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF60E30	34_2_00007FF89FF60E30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF2CE70	34_2_00007FF89FF2CE70
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF0CEA8	34_2_00007FF89FF0CEA8
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF12F8C	34_2_00007FF89FF12F8C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF4AFB0	34_2_00007FF89FF4AFB0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF9EFD0	34_2_00007FF89FF9EFD0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF49020	34_2_00007FF89FF49020
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF011B0	34_2_00007FF89FF011B0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF8A00350F0	34_2_00007FF8A00350F0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF99170	34_2_00007FF89FF99170
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF6F1B0	34_2_00007FF89FF6F1B0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF8A0013200	34_2_00007FF8A0013200
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF7F220	34_2_00007FF89FF7F220
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF0D284	34_2_00007FF89FF0D284
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF0F340	34_2_00007FF89FF0F340
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF9D350	34_2_00007FF89FF9D350
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF9B370	34_2_00007FF89FF9B370
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF293D0	34_2_00007FF89FF293D0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FFDF3E0	34_2_00007FF89FFDF3E0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF04DB4	34_2_00007FF89FF04DB4
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF0955C	34_2_00007FF89FF0955C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF4F630	34_2_00007FF89FF4F630
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF0D634	34_2_00007FF89FF0D634
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF15640	34_2_00007FF89FF15640
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF6B647	34_2_00007FF89FF6B647
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FFA1690	34_2_00007FF89FFA1690
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FFF56D0	34_2_00007FF89FFF56D0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF736E0	34_2_00007FF89FF736E0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FFA7720	34_2_00007FF89FFA7720
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF4D770	34_2_00007FF89FF4D770
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF8A004F790	34_2_00007FF8A004F790
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF5F780	34_2_00007FF89FF5F780
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF1D830	34_2_00007FF89FF1D830
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF8A0051840	34_2_00007FF8A0051840
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF618DA	34_2_00007FF89FF618DA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF2D910	34_2_00007FF89FF2D910
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF028C0	34_2_00007FF89FF028C0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF6B9F0	34_2_00007FF89FF6B9F0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FFB7A60	34_2_00007FF89FFB7A60
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF39A60	34_2_00007FF89FF39A60
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF35AD0	34_2_00007FF89FF35AD0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FFA3AF0	34_2_00007FF89FFA3AF0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF67B30	34_2_00007FF89FF67B30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FFEDB80	34_2_00007FF89FFEDB80
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF49BA0	34_2_00007FF89FF49BA0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF2BBE0	34_2_00007FF89FF2BBE0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF8A0043C20	34_2_00007FF8A0043C20
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FFDDCC0	34_2_00007FF89FFDDCC0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FFEBCD0	34_2_00007FF89FFEBCD0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF49CF0	34_2_00007FF89FF49CF0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FFD7D20	34_2_00007FF89FFD7D20
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF33E10	34_2_00007FF89FF33E10
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF15E50	34_2_00007FF89FF15E50
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF47E70	34_2_00007FF89FF47E70
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FFA7EA0	34_2_00007FF89FFA7EA0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FFB5EA0	34_2_00007FF89FFB5EA0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF83EB0	34_2_00007FF89FF83EB0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF9FED0	34_2_00007FF89FF9FED0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF5FEF0	34_2_00007FF89FF5FEF0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF95F20	34_2_00007FF89FF95F20
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF17F30	34_2_00007FF89FF17F30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF39F30	34_2_00007FF89FF39F30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FFA40A0	34_2_00007FF89FFA40A0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF89FF9A0C0	34_2_00007FF89FF9A0C0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF848A80FD5	34_2_00007FF848A80FD5
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF848A7BD51	34_2_00007FF848A7BD51
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF848C92AEB	34_2_00007FF848C92AEB
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF848C931C6	34_2_00007FF848C931C6
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF848C9EFA8	34_2_00007FF848C9EFA8
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF848DD5130	34_2_00007FF848DD5130
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF848DA0B88	34_2_00007FF848DA0B88
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF848DA32F9	34_2_00007FF848DA32F9
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF848DE4DA0	34_2_00007FF848DE4DA0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF848DA4557	34_2_00007FF848DA4557
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF848DA58E7	34_2_00007FF848DA58E7
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF848D9403D	34_2_00007FF848D9403D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF848DA1037	34_2_00007FF848DA1037
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF848D9A8FB	34_2_00007FF848D9A8FB
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF848DD1F88	34_2_00007FF848DD1F88
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF848D910EA	34_2_00007FF848D910EA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF848D910D1	34_2_00007FF848D910D1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF848DA1069	34_2_00007FF848DA1069
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF848E64EA8	34_2_00007FF848E64EA8
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF848E60A97	34_2_00007FF848E60A97
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF848E73142	34_2_00007FF848E73142
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF84900FDD8	34_2_00007FF84900FDD8
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF84900000B	34_2_00007FF84900000B
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF849017430	34_2_00007FF849017430
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF84900158D	34_2_00007FF84900158D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF84900FDCD	34_2_00007FF84900FDCD
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF84900FDF5	34_2_00007FF84900FDF5
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF84900FDE0	34_2_00007FF84900FDE0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF848A7CC26	34_2_00007FF848A7CC26
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 34_2_00007FF848A7CC74	34_2_00007FF848A7CC74

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: String function: 00007FF8A00506B0 appears 145 times
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: String function: 00007FF8A0051B70 appears 102 times
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: String function: 00007FF8A0051D30 appears 114 times

Source: System.ComponentModel.Primitives.dll.1.dr	Static PE information: No import functions for PE file found
Source: System.Runtime.Numerics.dll.1.dr	Static PE information: No import functions for PE file found
Source: System.Private.Xml.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: System.Runtime.InteropServices.RuntimeInformation.dll.1.dr	Static PE information: No import functions for PE file found
Source: System.Net.Ping.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: System.Diagnostics.FileVersionInfo.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: mscorrc.dll.1.dr	Static PE information: No import functions for PE file found
Source: Microsoft.CSharp.dll.1.dr	Static PE information: No import functions for PE file found
Source: System.Security.Cryptography.Encoding.dll.1.dr	Static PE information: No import functions for PE file found
Source: System.Net.Primitives.dll.1.dr	Static PE information: No import functions for PE file found

Source: setup_north_west_arctic_borrough.msi	Binary or memory string: OriginalFilenameAlphaControlAgentInstallation.dll\ vs setup_north_west_arctic_borrough.msi
Source: setup_north_west_arctic_borrough.msi	Binary or memory string: OriginalFilenameSfxCA.dll\ vs setup_north_west_arctic_borrough.msi
Source: setup_north_west_arctic_borrough.msi	Binary or memory string: OriginalFilenamewixca.dll\ vs setup_north_west_arctic_borrough.msi

Source: classification engine

Classification label: mal100.troj.spyw.evad.winMSI@112/940@0/10

Source: C:\Windows\System32\msiexec.exe

File created: C:\Program Files (x86)\ATERA Networks

Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:1708:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:2944:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:5836:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:6508:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2104:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:6484:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:5168:120:WilError_03
Source: C:\Windows\System32\wbem\WMIADAP.exe	Mutant created: \BaseNamedObjects\Global\RefreshRA_Mutex
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:5524:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:4676:120:WilError_03
Source: C:\Windows\System32\wbem\WMIADAP.exe	Mutant created: \BaseNamedObjects\Global\ADAP_WMI_ENTRY
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:4144:120:WilError_03
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe	Mutant created: \BaseNamedObjects\Global\GenericDevicesFileLock
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:5144:120:WilError_03
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Mutant created: \BaseNamedObjects\Global\netfxeventlog.1.0
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6332:120:WilError_03
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Mutant created: \BaseNamedObjects\C__Program Files (x86)_ATERA Networks_AteraAgent_Packages_AgentPackageProgramManagement_logs_chocolatey.log
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Mutant created: \BaseNamedObjects\Global\Access_ISABUS.HTP.Method
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:6104:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:1272:120:WilError_03
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe	Mutant created: NULL
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\netfxeventlog.1.0
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:1988:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:2940:120:WilError_03
Source: C:\Windows\System32\wbem\WMIADAP.exe	Mutant created: \BaseNamedObjects\Global\RefreshRA_Mutex_Flag
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe	Mutant created: \BaseNamedObjects\Global\SNMPDevicesFileLock
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Mutant created: \BaseNamedObjects\NLogMutexTester
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Mutant created: \BaseNamedObjects\Global\NLog-FileFileArchiveLock-c:_program files (x86)_atera networks_ateraagent_packages_agentpackagemonitoring_log.txt
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Mutant created: \BaseNamedObjects\Global\{bd59231e-97d1-4fc0-a975-80c3fed498b7}
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Mutant created: \BaseNamedObjects\C__Program Files (x86)_ATERA Networks_AteraAgent_Packages_AgentPackageProgramManagement_logs_choco.summary.log
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Mutant created: \BaseNamedObjects\Global\Access_PCI
Source: C:\Windows\System32\wbem\WMIADAP.exe	Mutant created: \BaseNamedObjects\Global\RefreshRA_Mutex_Lib
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe	Mutant created: \BaseNamedObjects\Global\HttpDevicesFileLock
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:6192:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:6984:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:4124:120:WilError_03
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe	Mutant created: \BaseNamedObjects\Global\ServerDevicesFileLock

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\TEMP\~DFD3AFA7BC325B0CD8.TMP

Jump to behavior

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe

Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus

Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "AteraAgent.exe")
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select MaxClockSpeed from Win32_Processor
Source: C:\Windows\System32\wbem\WMIADAP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select MaxClockSpeed from Win32_Processor

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

File read: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.ini

Source: C:\Windows\System32\msiexec.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: C:\Windows\SysWOW64\msiexec.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI957D.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_7312890 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId

Source: AteraAgent.exe, 0000000E.00000002.2572723144.000001A9208E2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000000.2316796496.000001DCD87E2000.00000002.00000001.01000000.0000001B.sdmp	Binary or memory string: SELECT Identifier, Severity, Timestamp FROM ThresholdDuration WHERE Identifier = @id;kDELETE FROM ThresholdDuration WHERE Identifier = @id;
Source: AteraAgent.exe, 0000000E.00000002.2572723144.000001A9208E2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000000.2316796496.000001DCD87E2000.00000002.00000001.01000000.0000001B.sdmp	Binary or memory string: INSERT INTO [AlertsSent] (Timestamp, Alerts) VALUES (@timestamp, @alerts);kExecuteScriptAsync SystemTools Start scriptGuid : {0}Wrunscriptguid {0} 10 W10= disableSendResultC{0} {1} {2} {3} or8ixLi90Mf "{4}"
Source: AteraAgent.exe, 0000000E.00000002.2572723144.000001A9208E2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000000.2316796496.000001DCD87E2000.00000002.00000001.01000000.0000001B.sdmp	Binary or memory string: INSERT INTO ThresholdDuration (Identifier,Severity,Timestamp) Values (@identifier, @severity, @timestamp) ON CONFLICT (Identifier) DO UPDATE SET Severity = excluded.Severity, Timestamp = excluded.Timestamp;
Source: AgentPackageMonitoring.exe, 00000039.00000002.2852389985.000001AD80298000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO Statistics(Name, Timestamp, Value) Values (@name, @timestamp, @value);
Source: AgentPackageMonitoring.exe, 00000022.00000002.2357595267.000001DCD953D000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000039.00000002.2852389985.000001AD800E6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS AlertedEvents_V2 (Id INTEGER PRIMARY KEY, Timestamp BIGINT NOT NULL, LogName TEXT NOT NULL, Severity INTEGER NOT NULL, RecordId BIGINT NOT NULL, EventId BIGINT NOT NULL, Source TEXT NOT NULL, Message TEXT NULL); CREATE INDEX IF NOT EXISTS idx_AlertedEvents_V2_Timestamp ON AlertedEvents_V2 (Timestamp); CREATE INDEX IF NOT EXISTS idx_AlertedEvents_V2_LogName ON AlertedEvents_V2 (LogName);
Source: AteraAgent.exe, 0000000E.00000002.2572723144.000001A9208E2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000000.2316796496.000001DCD87E2000.00000002.00000001.01000000.0000001B.sdmp, AgentPackageMonitoring.exe, 00000022.00000002.2357595267.000001DCD953D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS StatisticsSendTime (Id INTEGER PRIMARY KEY,Timestamp BIGINT NOT NULL);
Source: AteraAgent.exe, 0000000E.00000002.2572723144.000001A9208E2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000000.2316796496.000001DCD87E2000.00000002.00000001.01000000.0000001B.sdmp	Binary or memory string: INSERT INTO Statistics(Name, Timestamp, Value) Values (@name, @timestamp, @value);%StatisticsSendTime
Source: AgentPackageMonitoring.exe, 00000022.00000002.2357595267.000001DCD953D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS Statistics (Id INTEGER PRIMARY KEY,Name TEXT NOT NULL,Timestamp BIGINT NOT NULL,Value TEXT NOT NULL);@
Source: AgentPackageMonitoring.exe, AgentPackageMonitoring.exe, 00000022.00000002.2376105980.00007FF8A005A000.00000002.00000001.01000000.0000001C.sdmp, SQLite.Interop.dll.14.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: AteraAgent.exe, 0000000E.00000002.2572723144.000001A9208E2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000000.2316796496.000001DCD87E2000.00000002.00000001.01000000.0000001B.sdmp, AgentPackageMonitoring.exe, 00000022.00000002.2357595267.000001DCD953D000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000039.00000002.2852389985.000001AD800E6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS ThresholdDuration (Id INTEGER PRIMARY KEY,Identifier TEXT NOT NULL,Severity TEXT NOT NULL,Timestamp BIGINT NOT NULL); CREATE UNIQUE INDEX IF NOT EXISTS idx_ThresholdDuration_Identifier ON ThresholdDuration (Identifier);
Source: AgentPackageMonitoring.exe, 00000022.00000002.2357595267.000001DCD953D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS ThresholdsProfiles (Id INTEGER NOT NULL PRIMARY KEY,IsActive BOOLEAN NOT NULL,Timestamp BIGINT NOT NULL,Name TEXT NOT NULL,Thresholds TEXT NOT NULL); CREATE INDEX IF NOT EXISTS idx_ThresholdsProfiles_Timestamp ON ThresholdsProfiles (Timestamp);@
Source: AteraAgent.exe, 0000000E.00000002.2572723144.000001A9208E2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000000.2316796496.000001DCD87E2000.00000002.00000001.01000000.0000001B.sdmp, AgentPackageMonitoring.exe, 00000022.00000002.2357595267.000001DCD953D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS Stub (Id INTEGER PRIMARY KEY, Timestamp BIGINT NOT NULL);
Source: AgentPackageMonitoring.exe, 00000022.00000002.2357595267.000001DCD953D000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000039.00000002.2852389985.000001AD800E6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS Statistics (Id INTEGER PRIMARY KEY,Name TEXT NOT NULL,Timestamp BIGINT NOT NULL,Value TEXT NOT NULL);
Source: AgentPackageMonitoring.exe, 00000039.00000002.2852389985.000001AD8051C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO StatisticsSendTime (Timestamp) Values (@timestamp);
Source: AgentPackageMonitoring.exe, 00000022.00000002.2357595267.000001DCD953D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS AlertedEvents_V2 (Id INTEGER PRIMARY KEY, Timestamp BIGINT NOT NULL, LogName TEXT NOT NULL, Severity INTEGER NOT NULL, RecordId BIGINT NOT NULL, EventId BIGINT NOT NULL, Source TEXT NOT NULL, Message TEXT NULL); CREATE INDEX IF NOT EXISTS idx_AlertedEvents_V2_Timestamp ON AlertedEvents_V2 (Timestamp); CREATE INDEX IF NOT EXISTS idx_AlertedEvents_V2_LogName ON AlertedEvents_V2 (LogName);@
Source: AgentPackageMonitoring.exe, 00000039.00000002.2852389985.000001AD803CD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [AlertsSent] (Timestamp, Alerts) VALUES (@timestamp, @alerts);
Source: AgentPackageMonitoring.exe, 00000022.00000002.2376105980.00007FF8A005A000.00000002.00000001.01000000.0000001C.sdmp, SQLite.Interop.dll.14.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: AgentPackageMonitoring.exe, 00000022.00000002.2357595267.000001DCD953D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS ThresholdsProfiles (Id INTEGER NOT NULL PRIMARY KEY,IsActive BOOLEAN NOT NULL,Timestamp BIGINT NOT NULL,Name TEXT NOT NULL,Thresholds TEXT NOT NULL);
Source: AgentPackageMonitoring.exe, AgentPackageMonitoring.exe, 00000022.00000002.2376105980.00007FF8A005A000.00000002.00000001.01000000.0000001C.sdmp, SQLite.Interop.dll.14.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: AteraAgent.exe, 0000000E.00000002.2572723144.000001A9208E2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000000.2316796496.000001DCD87E2000.00000002.00000001.01000000.0000001B.sdmp, AgentPackageMonitoring.exe, 00000039.00000002.2852389985.000001AD80439000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT Timestamp FROM StatisticsSendTime ORDER BY Timestamp DESC LIMIT 1;
Source: AteraAgent.exe, 0000000E.00000002.2572723144.000001A9208E2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000000.2316796496.000001DCD87E2000.00000002.00000001.01000000.0000001B.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS [AlertsSent] (Id INTEGER NOT NULL PRIMARY KEY, Timestamp BIGINT NOT NULL, Alerts TEXT NOT NULL);sSELECT MAX([Timestamp]) AS [TimeStamp] FROM [AlertsSent];
Source: AgentPackageMonitoring.exe, AgentPackageMonitoring.exe, 00000022.00000002.2376105980.00007FF8A005A000.00000002.00000001.01000000.0000001C.sdmp, SQLite.Interop.dll.14.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: AgentPackageMonitoring.exe, AgentPackageMonitoring.exe, 00000022.00000002.2376105980.00007FF8A005A000.00000002.00000001.01000000.0000001C.sdmp, SQLite.Interop.dll.14.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: AgentPackageMonitoring.exe, 00000039.00000002.2852389985.000001AD80439000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT Id, Name, Timestamp, Value FROM Statistics;
Source: AgentPackageMonitoring.exe, 00000022.00000002.2357595267.000001DCD953D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS ThresholdDuration (Id INTEGER PRIMARY KEY,Identifier TEXT NOT NULL,Severity TEXT NOT NULL,Timestamp BIGINT NOT NULL); CREATE UNIQUE INDEX IF NOT EXISTS idx_ThresholdDuration_Identifier ON ThresholdDuration (Identifier);@
Source: AteraAgent.exe, 0000000E.00000002.2572723144.000001A9208E2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000000.2316796496.000001DCD87E2000.00000002.00000001.01000000.0000001B.sdmp	Binary or memory string: SELECT [Id], [Alerts], [Timestamp] FROM [AlertsSent] ORDER BY [Timestamp] DESC LIMIT 1;
Source: AteraAgent.exe, 0000000E.00000002.2572723144.000001A9208E2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000000.2316796496.000001DCD87E2000.00000002.00000001.01000000.0000001B.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS Statistics (Id INTEGER PRIMARY KEY,Name TEXT NOT NULL,Timestamp BIGINT NOT NULL,Value TEXT NOT NULL);/DELETE FROM Statistics;eSELECT Id, Name, Timestamp, Value FROM Statistics;
Source: AgentPackageMonitoring.exe, 00000022.00000002.2357595267.000001DCD953D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS [AlertsSent] (Id INTEGER NOT NULL PRIMARY KEY, Timestamp BIGINT NOT NULL, Alerts TEXT NOT NULL);
Source: AteraAgent.exe, 0000000E.00000002.2572723144.000001A9208E2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000000.2316796496.000001DCD87E2000.00000002.00000001.01000000.0000001B.sdmp, AgentPackageMonitoring.exe, 00000022.00000002.2357595267.000001DCD953D000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000039.00000002.2852389985.000001AD800E6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS ThresholdsProfiles (Id INTEGER NOT NULL PRIMARY KEY,IsActive BOOLEAN NOT NULL,Timestamp BIGINT NOT NULL,Name TEXT NOT NULL,Thresholds TEXT NOT NULL); CREATE INDEX IF NOT EXISTS idx_ThresholdsProfiles_Timestamp ON ThresholdsProfiles (Timestamp);
Source: AgentPackageMonitoring.exe, AgentPackageMonitoring.exe, 00000022.00000002.2376105980.00007FF8A005A000.00000002.00000001.01000000.0000001C.sdmp, SQLite.Interop.dll.14.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: AgentPackageMonitoring.exe, 00000022.00000002.2357595267.000001DCD99F2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO ThresholdsProfiles (IsActive,Timestamp,Name,Thresholds) Values (@isActive,@timestamp,@name,@thresholds); DELETE FROM ThresholdsProfiles WHERE Timestamp < @timeToDelete;
Source: AgentPackageMonitoring.exe, 00000022.00000002.2357595267.000001DCD953D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS ThresholdDuration (Id INTEGER PRIMARY KEY,Identifier TEXT NOT NULL,Severity TEXT NOT NULL,Timestamp BIGINT NOT NULL);
Source: AgentPackageMonitoring.exe, 00000022.00000002.2357595267.000001DCD953D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS AlertedEvents_V2 (Id INTEGER PRIMARY KEY, Timestamp BIGINT NOT NULL, LogName TEXT NOT NULL, Severity INTEGER NOT NULL, RecordId BIGINT NOT NULL, EventId BIGINT NOT NULL, Source TEXT NOT NULL, Message TEXT NULL);
Source: AgentPackageMonitoring.exe, 00000022.00000002.2357595267.000001DCD99F2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO ThresholdsProfiles (IsActive,Timestamp,Name,Thresholds) Values (@isActive,@timestamp,@name,@thresholds); DELETE FROM ThresholdsProfiles WHERE Timestamp < @timeToDelete;@
Source: AgentPackageMonitoring.exe, 00000039.00000002.2852389985.000001AD80298000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT MAX([Timestamp]) AS [TimeStamp] FROM [AlertsSent];
Source: AgentPackageMonitoring.exe, AgentPackageMonitoring.exe, 00000022.00000002.2376105980.00007FF8A005A000.00000002.00000001.01000000.0000001C.sdmp, SQLite.Interop.dll.14.dr	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: AteraAgent.exe, 0000000E.00000002.2572723144.000001A9208E2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000000.2316796496.000001DCD87E2000.00000002.00000001.01000000.0000001B.sdmp	Binary or memory string: select Name from Win32_PerfFormattedData_Tcpip_NetworkInterface!DataStatsEnabled9InboundBandwidthStatsEnabled;OutboundBandwidthStatsEnabled
Source: AteraAgent.exe, 0000000E.00000002.2572723144.000001A9208E2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000000.2316796496.000001DCD87E2000.00000002.00000001.01000000.0000001B.sdmp, AgentPackageMonitoring.exe, 00000039.00000002.2852389985.000001AD806F1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT Id, IsActive, Timestamp, Name, Thresholds FROM ThresholdsProfiles ORDER BY Timestamp DESC LIMIT 1;

Source: setup_north_west_arctic_borrough.msi

Static file information: TRID: Microsoft Windows Installer (60509/1) 57.88%

Source: setup_north_west_arctic_borrough.msi

ReversingLabs: Detection: 21%

Source: unknown	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\setup_north_west_arctic_borrough.msi"
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 6A3621A3D7CD44D53C941897192273B5
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI957D.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_7312890 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI97E0.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_7313406 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIA8D8.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_7317750 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding D6F3D03429785CC702A8D4B77C4A048E E Global\MSI0000
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgent
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="pbell@solutionzsecurity.com" /CompanyId="20" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q3000001lTaiIAE" /AgentId="687399e7-85e9-4e3a-8465-e1cdfab81e34"
Source: unknown	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIBF53.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_7323531 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "16038b3c-d35a-4c69-b34e-6367184ec3ca" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q3000001lTaiIAE
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "2a1a3dc9-6072-498e-b1b6-fcd7a9da4519" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q3000001lTaiIAE
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "79bc36b0-3b49-4e44-ab46-b92058304cdc" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q3000001lTaiIAE
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cscript.exe cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "78309870-edc4-47c0-bbf7-c19973e138fe" agent-api.atera.com/Production 443 or8ixLi90Mf "install eyJSbW1Db2RlIjoiaFpDREZQaEs3NW1KIn0=" 001Q3000001lTaiIAE
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\sppsvc.exe C:\Windows\system32\sppsvc.exe
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "bd4bff8f-27a8-4dc1-872a-980375696b10" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q3000001lTaiIAE
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k smphost
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Windows\System32\wbem\WMIADAP.exe wmiadap.exe /F /T /R
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "9126087d-b76b-4264-814a-f2ee6afd34d4" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q3000001lTaiIAE
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cscript.exe cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "b8b132d1-7f13-4735-aac8-7ef47e479aab" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q3000001lTaiIAE
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" schedulerrun
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "cbde5df1-15a4-4fef-92d1-c63c8c70d7ff" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q3000001lTaiIAE
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "ce61aaf7-c4bb-4ea2-b8bb-461de1d02139" agent-api.atera.com/Production 443 or8ixLi90Mf "syncinstalledapps" 001Q3000001lTaiIAE
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Process created: C:\Windows\System32\msiexec.exe "msiexec.exe" /i C:\Windows\TEMP\ateraAgentSetup64_1_8_7_2.msi /lv* AteraSetupLog.txt /qn /norestart
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 07EC56ACC4FB4E8D88E3CE21E24A8ED3 E Global\MSI0000
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI88A0.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_7375296 37 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "afad775b-451e-4311-9587-744c8d434acb" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q3000001lTaiIAE
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "5ee99619-9843-4e71-8ec6-100034578c04" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q3000001lTaiIAE
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "6a2bb835-f7f4-4652-b67d-6f8ee428937d" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q3000001lTaiIAE
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 6A3621A3D7CD44D53C941897192273B5	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding D6F3D03429785CC702A8D4B77C4A048E E Global\MSI0000	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="pbell@solutionzsecurity.com" /CompanyId="20" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q3000001lTaiIAE" /AgentId="687399e7-85e9-4e3a-8465-e1cdfab81e34"	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 07EC56ACC4FB4E8D88E3CE21E24A8ED3 E Global\MSI0000	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI957D.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_7312890 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI97E0.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_7313406 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIA8D8.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_7317750 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIBF53.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_7323531 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgent
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "16038b3c-d35a-4c69-b34e-6367184ec3ca" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q3000001lTaiIAE
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "2a1a3dc9-6072-498e-b1b6-fcd7a9da4519" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q3000001lTaiIAE
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "79bc36b0-3b49-4e44-ab46-b92058304cdc" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q3000001lTaiIAE
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "78309870-edc4-47c0-bbf7-c19973e138fe" agent-api.atera.com/Production 443 or8ixLi90Mf "install eyJSbW1Db2RlIjoiaFpDREZQaEs3NW1KIn0=" 001Q3000001lTaiIAE
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "bd4bff8f-27a8-4dc1-872a-980375696b10" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q3000001lTaiIAE
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "9126087d-b76b-4264-814a-f2ee6afd34d4" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q3000001lTaiIAE
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "b8b132d1-7f13-4735-aac8-7ef47e479aab" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q3000001lTaiIAE
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "cbde5df1-15a4-4fef-92d1-c63c8c70d7ff" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q3000001lTaiIAE
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "ce61aaf7-c4bb-4ea2-b8bb-461de1d02139" agent-api.atera.com/Production 443 or8ixLi90Mf "syncinstalledapps" 001Q3000001lTaiIAE
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "afad775b-451e-4311-9587-744c8d434acb" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q3000001lTaiIAE
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "5ee99619-9843-4e71-8ec6-100034578c04" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q3000001lTaiIAE
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "6a2bb835-f7f4-4652-b67d-6f8ee428937d" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q3000001lTaiIAE
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cscript.exe cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cscript.exe cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Process created: C:\Windows\System32\msiexec.exe "msiexec.exe" /i C:\Windows\TEMP\ateraAgentSetup64_1_8_7_2.msi /lv* AteraSetupLog.txt /qn /norestart
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI88A0.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_7375296 37 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown

Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msihnd.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srclient.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: spp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: dsrole.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: urlmon.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: riched20.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: usp10.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: msls31.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: cryptnet.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: webio.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: amsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: edputil.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: urlmon.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: appresolver.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: bcp47langs.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: slc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: sppc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rasman.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rtutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: schannel.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: amsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: cryptnet.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: webio.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: amsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasman.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rtutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: schannel.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: edputil.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: urlmon.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: appresolver.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: bcp47langs.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: slc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: sppc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rasman.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rtutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: schannel.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: amsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: cryptnet.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: amsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wscapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: urlmon.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasman.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rtutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: schannel.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winsta.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: devobj.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: napinsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: pnrpnsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wshbth.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: nlaapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winrnr.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: version.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: vbscript.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: scrobj.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: cryptnet.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: scrrun.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: rasman.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: rtutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: schannel.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: rasman.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: rtutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: schannel.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: smphost.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mispace.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: sxshared.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wmiclnt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: devobj.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wevtapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: virtdisk.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: resutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bcd.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fltlib.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: clusapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wmidcom.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll

Source: C:\Windows\SysWOW64\rundll32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

File written: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.ini

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\ATERA Networks	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\ATERA Networks\AteraAgent	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe.config	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\ATERA Networks\AteraAgent\Newtonsoft.Json.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\ATERA Networks\AteraAgent\Pubnub.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\ATERA Networks\AteraAgent\System.ValueTuple.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.WebHeaderCollection.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-fibers-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Buffers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Linq.Expressions.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-time-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Collections.Specialized.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Windows.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Resources.Reader.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Reflection.Extensions.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Threading.Overlapped.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\coreclr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.Cryptography.Primitives.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Reflection.Metadata.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-private-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-math-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Memory.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.Handles.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Xml.XDocument.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\msquic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.HttpListener.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\Microsoft.NETCore.App.deps.json	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.Compression.ZipFile.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\ucrtbase.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.Compression.Native.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.WebSockets.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Web.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.Compression.FileSystem.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.WebProxy.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-debug-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Xml.Linq.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-string-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.Cryptography.OpenSsl.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.Compression.Brotli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.WebSockets.Client.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.ValueTuple.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\Microsoft.DiaSymReader.Native.amd64.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Threading.Timer.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Transactions.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Linq.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.Cryptography.Algorithms.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Threading.Tasks.Extensions.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.MemoryMappedFiles.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Reflection.DispatchProxy.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.ComponentModel.TypeConverter.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\createdump.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-heap-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Diagnostics.StackTrace.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.Serialization.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.ComponentModel.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.ServicePoint.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.IsolatedStorage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-util-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.NetworkInformation.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Collections.Immutable.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.Compression.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Private.Uri.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Configuration.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Linq.Queryable.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Drawing.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-conio-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.WebClient.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Data.DataSetExtensions.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\Microsoft.VisualBasic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.Extensions.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.Serialization.Primitives.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Linq.Parallel.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-processthreads-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.Requests.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Diagnostics.Tools.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.AppContext.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.Sockets.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Collections.NonGeneric.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Web.HttpUtility.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-interlocked-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Text.Json.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Threading.Tasks.Parallel.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-profile-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Diagnostics.Debug.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-convert-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\mscorlib.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Xml.XPath.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Data.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Collections.Concurrent.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\Microsoft.Win32.Primitives.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.Principal.Windows.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Diagnostics.TextWriterTraceListener.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-handle-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\netstandard.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.FileSystem.Watcher.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Xml.XPath.XDocument.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.FileSystem.Primitives.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-synch-l1-2-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-utility-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.NameResolution.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Globalization.Extensions.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Text.Encodings.Web.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Threading.Tasks.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.Http.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-file-l1-2-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Drawing.Primitives.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.Serialization.Xml.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.AccessControl.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Collections.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.ComponentModel.DataAnnotations.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Text.Encoding.Extensions.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.Principal.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-heap-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.ComponentModel.EventBasedAsync.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Text.RegularExpressions.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Numerics.Vectors.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Dynamic.Runtime.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Reflection.Primitives.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\Microsoft.Win32.Registry.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.Claims.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Threading.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Private.Xml.Linq.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\hostpolicy.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Resources.Writer.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.Cryptography.Csp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Diagnostics.TraceSource.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.InteropServices.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Reflection.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-processthreads-l1-1-1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Private.DataContractSerialization.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.Mail.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\mscordbi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.Http.Json.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Reflection.TypeExtensions.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.FileSystem.AccessControl.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.Cryptography.X509Certificates.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-localization-l1-2-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Xml.XmlSerializer.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Threading.Thread.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.FileSystem.DriveInfo.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\mscordaccore_amd64_amd64_6.0.3224.31407.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Diagnostics.Process.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Xml.ReaderWriter.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.Loader.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-environment-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Data.Common.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.Intrinsics.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.ObjectModel.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Resources.ResourceManager.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Numerics.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.Pipes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Xml.XmlDocument.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Reflection.Emit.ILGeneration.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Xml.Serialization.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.CompilerServices.VisualC.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.UnmanagedMemoryStream.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Formats.Asn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Threading.Channels.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-timezone-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.Quic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-runtime-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Threading.Tasks.Dataflow.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.Security.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.Serialization.Json.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Transactions.Local.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Console.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\Microsoft.VisualBasic.Core.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.Serialization.Formatters.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Diagnostics.Tracing.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\dbgshim.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-locale-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\WindowsBase.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\clrjit.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-datetime-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.Cryptography.Cng.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Globalization.Calendars.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Core.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Xml.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\mscordaccore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-file-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-console-l1-2-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\Microsoft.NETCore.App.runtimeconfig.json	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-string-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\clretwrc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.CompilerServices.Unsafe.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.ServiceModel.Web.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.SecureString.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\Microsoft.CSharp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.Numerics.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-memory-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.Cryptography.Encoding.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Diagnostics.FileVersionInfo.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Diagnostics.Contracts.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Text.Encoding.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-file-l2-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\mscorrc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Private.Xml.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.InteropServices.RuntimeInformation.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.Primitives.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.Ping.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-synch-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.ServiceProcess.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.ComponentModel.Primitives.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.FileSystem.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.Pipes.AccessControl.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.ComponentModel.Annotations.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Diagnostics.DiagnosticSource.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-stdio-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Threading.ThreadPool.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Private.CoreLib.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Globalization.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Reflection.Emit.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Text.Encoding.CodePages.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\.version	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-console-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Reflection.Emit.Lightweight.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-process-l1-1-0.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\host	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\host\fxr	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\host\fxr\6.0.32	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\host\fxr\6.0.32\hostfxr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\dotnet.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\LICENSE.txt	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\dotnet\ThirdPartyNotices.txt	Jump to behavior

Source: C:\Windows\System32\msiexec.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6B2921FF-79C1-4EBF-81B4-C606D4E5BEF4}

Jump to behavior

Source: setup_north_west_arctic_borrough.msi

Static file information: File size 2994176 > 1048576

Source:	Binary string: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 0000002C.00000002.2870195156.000000C778D83000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: AgentPackageUpgradeAgent.exe, 0000002C.00000002.2945196478.00000252349D7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.FileSystem.Primitives\net6.0-Release\System.IO.FileSystem.Primitives.pdb source: System.IO.FileSystem.Primitives.dll.1.dr
Source:	Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdb source: AgentPackageAgentInformation.exe, 00000013.00000002.2239875932.000001F39A1D2000.00000002.00000001.01000000.00000018.sdmp, AgentPackageProgramManagement.exe, 00000032.00000002.2769151325.00000284E97D6000.00000002.00000001.01000000.0000003A.sdmp, AgentPackageHeartbeat.exe, 0000003B.00000002.2743014013.00000291876B2000.00000002.00000001.01000000.00000032.sdmp
Source:	Binary string: D:\a\1\s\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent\obj\Release\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 0000002C.00000002.2945196478.0000025234982000.00000004.00000020.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000002C.00000000.2592799756.000002521B762000.00000002.00000001.01000000.00000027.sdmp
Source:	Binary string: C:\projects\nlog\src\NLog\obj\Release\net45\NLog.pdb source: AgentPackageMonitoring.exe, 00000022.00000002.2362483331.000001DCF1BF2000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: C:\projects\structuremap\src\StructureMap\obj\Release\net45\StructureMap.pdb source: AgentPackageMonitoring.exe, 00000022.00000002.2356080768.000001DCD8E42000.00000002.00000001.01000000.0000001E.sdmp
Source:	Binary string: D:\a\1\s\Atera.AgentCommunication.Models\obj\Release\net45\Atera.AgentCommunication.Models.pdbSHA256G source: AgentPackageInternalPoller.exe, 00000037.00000002.2746141235.0000027F6F3F2000.00000002.00000001.01000000.00000035.sdmp
Source:	Binary string: \??\C:\Windows\exe\AgentPackageUpgradeAgent.pdb5i source: AgentPackageUpgradeAgent.exe, 0000002C.00000002.2945196478.00000252349D7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netstandard1.1\System.Memory.pdb source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FADD70000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\LiorKovarsky\Downloads\sharpsnmplib-11.3.0\sharpsnmplib-11.3.0\SharpSnmpLib\obj\Release\net45\win\SharpSnmpLib.pdbSHA256 source: AgentPackageInternalPoller.exe, 00000037.00000002.2746621117.0000027F6F492000.00000002.00000001.01000000.00000037.sdmp
Source:	Binary string: D:\A\_work\39\s\bin\obj\Windows_NT.AnyCPU.Release\System.Runtime.InteropServices.RuntimeInformation\net45\System.Runtime.InteropServices.RuntimeInformation.pdb source: System.Runtime.InteropServices.RuntimeInformation.dll0.23.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Data.Common\net6.0-Release\System.Data.Common.pdb source: System.Data.Common.dll.1.dr
Source:	Binary string: \??\C:\Windows\exe\AgentPackageUpgradeAgent.pdbces source: AgentPackageUpgradeAgent.exe, 0000002C.00000002.2945196478.00000252349D7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-processenvironment-l1-1-0.pdbGCTL source: api-ms-win-core-processenvironment-l1-1-0.dll.1.dr
Source:	Binary string: System.Private.DataContractSerialization.ni.pdb source: System.Private.DataContractSerialization.dll.1.dr
Source:	Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdb source: AteraAgent.exe, 0000000E.00000002.2570995304.000001A9207B2000.00000002.00000001.01000000.00000026.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.FileSystem.DriveInfo\4.0.2.0\System.IO.FileSystem.DriveInfo.pdb source: System.IO.FileSystem.DriveInfo.dll.23.dr
Source:	Binary string: D:\a\1\s\AgentPackageProgramManagement\AgentPackageProgramManagement\obj\Release\AgentPackageProgramManagement.pdb source: AgentPackageProgramManagement.exe, 00000032.00000000.2625090760.00000284E9352000.00000002.00000001.01000000.00000029.sdmp
Source:	Binary string: D:\a\1\s\AgentPackageProgramManagement\ThirdPartyPackageManager\obj\Release\ThirdPartyPackageManager.pdb source: AgentPackageProgramManagement.exe, 00000032.00000002.2768567340.00000284E9792000.00000002.00000001.01000000.00000039.sdmp
Source:	Binary string: C:\projects\polly\src\Polly\obj\Release\netstandard1.1\Polly.pdb source: AgentPackageMonitoring.exe, 00000022.00000002.2356796575.000001DCD92A2000.00000002.00000001.01000000.00000020.sdmp
Source:	Binary string: D:\a\1\s\AgentPackageAgentInformation\AgentPackageAgentInformation\obj\Release\AgentPackageAgentInformation.pdb source: AteraAgent.exe, 0000000E.00000002.2567768051.000001A9204AF000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000000.2222107135.000001F3998A2000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: D:\a\1\s\AlphaControlAgentInstallation\obj\Release\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000004.00000003.2030969120.0000000004D16000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E4C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004403000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.0000000004859000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000036.00000003.2656762957.000000000404B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: symbols\exe\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 0000002C.00000002.2870195156.000000C778D83000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Primitives\net6.0-Release\System.Reflection.Primitives.pdb8+N+ @+_CorDllMainmscoree.dll source: System.Reflection.Primitives.dll.1.dr
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: AgentPackageUpgradeAgent.exe, 0000002C.00000002.2897146553.000002521C012000.00000002.00000001.01000000.00000040.sdmp
Source:	Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: api-ms-win-core-processenvironment-l1-1-0.dll.1.dr
Source:	Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: setup_north_west_arctic_borrough.msi
Source:	Binary string: D:\a\1\s\AgentPackageHeartbeat\AgentPackageHeartbeat\obj\Release\AgentPackageHeartbeat.pdb source: AgentPackageHeartbeat.exe, 0000003B.00000000.2677633669.0000029187152000.00000002.00000001.01000000.00000031.sdmp
Source:	Binary string: c:\borrar\EmptyDll\Release\EmptyDll.pdb source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp
Source:	Binary string: C:\buildAgent\work\1b72bc6dac87fa71\code_drop\merge\chocolatey.pdb source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.1.dr
Source:	Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: rundll32.exe, 00000004.00000003.2030969120.0000000004D16000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E4C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004403000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.0000000004859000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000036.00000003.2656762957.000000000404B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\projects\structuremap\src\StructureMap\obj\Release\net45\StructureMap.pdbSHA256`{f source: AgentPackageMonitoring.exe, 00000022.00000002.2356080768.000001DCD8E42000.00000002.00000001.01000000.0000001E.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit\net6.0-Release\System.Reflection.Emit.pdb source: System.Reflection.Emit.dll.1.dr
Source:	Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdbPf source: AgentPackageAgentInformation.exe, 00000013.00000002.2239875932.000001F39A1D2000.00000002.00000001.01000000.00000018.sdmp, AgentPackageProgramManagement.exe, 00000032.00000002.2769151325.00000284E97D6000.00000002.00000001.01000000.0000003A.sdmp
Source:	Binary string: /_/artifacts/obj/System.Private.DataContractSerialization/net6.0-Release/System.Private.DataContractSerialization.pdb source: System.Private.DataContractSerialization.dll.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XDocument\net6.0-Release\System.Xml.XDocument.pdb source: System.Xml.XDocument.dll.1.dr
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdbGCTL source: api-ms-win-core-localization-l1-2-0.dll.1.dr
Source:	Binary string: PC:\Windows\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 0000002C.00000002.2870195156.000000C778D83000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.XPath\4.0.3.0\System.Xml.XPath.pdb source: System.Xml.XPath.dll.23.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdbcccGCTL source: AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdb source: AgentPackageUpgradeAgent.exe, 0000002C.00000002.2945196478.0000025234982000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.Runtime.Serialization.Primitives/netfx\System.Runtime.Serialization.Primitives.pdb source: System.Runtime.Serialization.Primitives.dll.23.dr
Source:	Binary string: System.Security.Cryptography.Cng.ni.pdb source: System.Security.Cryptography.Cng.dll.1.dr
Source:	Binary string: C:\dev\sqlite\dotnet-private\bin\2012\x64\ReleaseNativeOnlyStatic\SQLite.Interop.pdb source: AgentPackageMonitoring.exe, 00000022.00000002.2376105980.00007FF8A005A000.00000002.00000001.01000000.0000001C.sdmp, AgentPackageMonitoring.exe, 00000039.00000002.3029941288.00007FF8A13BC000.00000002.00000001.01000000.0000001C.sdmp, SQLite.Interop.dll.14.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.CSharp\net6.0-windows-Release\Microsoft.CSharp.pdb source: Microsoft.CSharp.dll.1.dr
Source:	Binary string: c:\dev\sqlite\dotnet-private\obj\2012\System.Data.SQLite.2012\Release\System.Data.SQLite.pdb source: AgentPackageMonitoring.exe, 00000022.00000002.2362128465.000001DCF1B82000.00000002.00000001.01000000.00000022.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.ComponentModel.TypeConverter\4.1.2.0\System.ComponentModel.TypeConverter.pdb source: System.ComponentModel.TypeConverter.dll.23.dr
Source:	Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netstandard1.1\System.Memory.pdbSHA256 source: System.Memory.dll.23.dr
Source:	Binary string: System.Threading.Tasks.Dataflow.ni.pdb source: System.Threading.Tasks.Dataflow.dll.1.dr
Source:	Binary string: C:\projects\polly\src\Polly\obj\Release\netstandard1.1\Polly.pdbSHA256 source: AgentPackageMonitoring.exe, 00000022.00000002.2356796575.000001DCD92A2000.00000002.00000001.01000000.00000020.sdmp
Source:	Binary string: Microsoft.CSharp.ni.pdb source: Microsoft.CSharp.dll.1.dr
Source:	Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb<$ source: AteraAgent.exe, 0000000D.00000000.2096756526.000001E27F4A2000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: c:\dev\sqlite\dotnet-private\obj\2012\System.Data.SQLite.2012\Release\System.Data.SQLite.pdbp+ source: AgentPackageMonitoring.exe, 00000022.00000002.2362128465.000001DCF1B82000.00000002.00000001.01000000.00000022.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Security.Cryptography.Cng\net6.0-windows-Release\System.Security.Cryptography.Cng.pdb source: System.Security.Cryptography.Cng.dll.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.IsolatedStorage\net6.0-windows-Release\System.IO.IsolatedStorage.pdb source: System.IO.IsolatedStorage.dll.1.dr
Source:	Binary string: E:\A\_work\1795\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Xml.XPath.XDocument/netfx\System.Xml.XPath.XDocument.pdb source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD8C8000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: rundll32.exe, 00000004.00000003.2030969120.0000000004D16000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E4C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004403000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.0000000004859000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000036.00000003.2656762957.000000000404B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb source: AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb source: AteraAgent.exe, 0000000D.00000000.2096756526.000001E27F4A2000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdbSHA256 source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD8C8000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\AgentPackageSystemTools\RunScriptAsUser\obj\Release\RunScriptAsUser.pdb source: RunScriptAsUser.exe.23.dr
Source:	Binary string: E:\A\_work\533\obj\Microsoft.ApplicationInsights\Release\src\Microsoft.ApplicationInsights\net45\Microsoft.ApplicationInsights.pdb source: Microsoft.ApplicationInsights.dll.14.dr
Source:	Binary string: D:\a\1\s\AgentPackageInternalPoller\AgentPackageInternalPoller\obj\Release\AgentPackageInternalPoller.pdb source: AgentPackageInternalPoller.exe, 00000037.00000000.2663182188.0000027F6E2F2000.00000002.00000001.01000000.00000030.sdmp
Source:	Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdbSHA256mW source: AteraAgent.exe, 0000000E.00000002.2570995304.000001A9207B2000.00000002.00000001.01000000.00000026.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Tasks.Dataflow\net6.0-Release\System.Threading.Tasks.Dataflow.pdb source: System.Threading.Tasks.Dataflow.dll.1.dr
Source:	Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA2567 source: rundll32.exe, 00000004.00000003.2030969120.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E7D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004434000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.000000000488A000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000002.2363122875.000001DCF1CD2000.00000002.00000001.01000000.00000024.sdmp, rundll32.exe, 00000036.00000003.2656762957.000000000407C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\code\dapper-dot-net\Dapper\bin\Release\net45\Dapper.pdb source: AgentPackageMonitoring.exe, 00000022.00000002.2361719442.000001DCF1B42000.00000002.00000001.01000000.00000021.sdmp
Source:	Binary string: C:\projects\nlog\src\NLog\obj\Release\net45\NLog.pdbSHA256d source: AgentPackageMonitoring.exe, 00000022.00000002.2362483331.000001DCF1BF2000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: System.IO.IsolatedStorage.ni.pdb source: System.IO.IsolatedStorage.dll.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XDocument\net6.0-Release\System.Xml.XDocument.pdbt+ source: System.Xml.XDocument.dll.1.dr
Source:	Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: AteraAgent.exe, 0000000E.00000002.2555885176.000001A907E5A000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.2239984972.000001F39A262000.00000002.00000001.01000000.00000019.sdmp, AgentPackageUpgradeAgent.exe, 0000002E.00000002.2640268381.0000020451950000.00000002.00000001.01000000.0000002B.sdmp
Source:	Binary string: ]c:\borrar\EmptyDll\Release\EmptyDll.pdb source: AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp
Source:	Binary string: D:\a\_work\1\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netstandard1.1\System.Memory.pdbSHA256~ source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FADD70000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Primitives\net6.0-Release\System.Reflection.Primitives.pdb source: System.Reflection.Primitives.dll.1.dr
Source:	Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: rundll32.exe, 00000004.00000003.2030969120.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E7D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004434000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907E5A000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.000000000488A000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.2239984972.000001F39A262000.00000002.00000001.01000000.00000019.sdmp, AgentPackageMonitoring.exe, 00000022.00000002.2363122875.000001DCF1CD2000.00000002.00000001.01000000.00000024.sdmp, AgentPackageUpgradeAgent.exe, 0000002E.00000002.2640268381.0000020451950000.00000002.00000001.01000000.0000002B.sdmp, rundll32.exe, 00000036.00000003.2656762957.000000000407C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdb source: AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD8C8000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: AgentPackageUpgradeAgent.exe, 0000002C.00000002.2897146553.000002521C012000.00000002.00000001.01000000.00000040.sdmp
Source:	Binary string: D:\a\1\s\AgentPackageOsUpdates\AgentPackageOsUpdates\obj\Release\AgentPackageOsUpdates.pdb source: AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\AgentPackageMonitoring\AgentPackageMonitoring\obj\Release\AgentPackageMonitoring.pdbr source: AteraAgent.exe, 0000000E.00000002.2572723144.000001A9208E2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000000.2316796496.000001DCD87E2000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: D:\a\1\s\AgentPackageMonitoring\AgentPackageMonitoring\obj\Release\AgentPackageMonitoring.pdb source: AteraAgent.exe, 0000000E.00000002.2572723144.000001A9208E2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000000.2316796496.000001DCD87E2000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: C:\Users\LiorKovarsky\Downloads\sharpsnmplib-11.3.0\sharpsnmplib-11.3.0\SharpSnmpLib\obj\Release\net45\win\SharpSnmpLib.pdb source: AgentPackageInternalPoller.exe, 00000037.00000002.2746621117.0000027F6F492000.00000002.00000001.01000000.00000037.sdmp
Source:	Binary string: AgentPackageUpgradeAgent.PDB source: AgentPackageUpgradeAgent.exe, 0000002C.00000002.2870195156.000000C778D83000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdb4X source: AgentPackageHeartbeat.exe, 0000003B.00000002.2743014013.00000291876B2000.00000002.00000001.01000000.00000032.sdmp
Source:	Binary string: D:\a\1\s\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent\obj\Release\AgentPackageUpgradeAgent.pdbdeAgent.pdbR source: AgentPackageUpgradeAgent.exe, 0000002C.00000002.2870195156.000000C778D83000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: pC:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.PDB source: AgentPackageUpgradeAgent.exe, 0000002C.00000002.2870195156.000000C778D83000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\533\obj\Microsoft.ApplicationInsights\Release\src\Microsoft.ApplicationInsights\net45\Microsoft.ApplicationInsights.pdbCW source: Microsoft.ApplicationInsights.dll.14.dr
Source:	Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdbSHA256 source: AteraAgent.exe, 0000000D.00000002.2134028692.000001E27F852000.00000002.00000001.01000000.00000011.sdmp, Pubnub.dll0.1.dr
Source:	Binary string: C:\Windows\AgentPackageUpgradeAgent.pdbpdbent.pdb source: AgentPackageUpgradeAgent.exe, 0000002C.00000002.2945196478.00000252349D7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.PDB source: AgentPackageUpgradeAgent.exe, 0000002C.00000002.2870195156.000000C778D83000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdb source: AteraAgent.exe, 0000000D.00000002.2134028692.000001E27F852000.00000002.00000001.01000000.00000011.sdmp, Pubnub.dll0.1.dr
Source:	Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netstandard1.1\System.Memory.pdb source: System.Memory.dll.23.dr
Source:	Binary string: C:\agent\_work\66\s\build\ship\x86\SfxCA.pdb source: setup_north_west_arctic_borrough.msi
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Tasks.Dataflow\net6.0-Release\System.Threading.Tasks.Dataflow.pdbRSDS source: System.Threading.Tasks.Dataflow.dll.1.dr
Source:	Binary string: System.Data.Common.ni.pdb source: System.Data.Common.dll.1.dr
Source:	Binary string: t.pdbO source: AteraAgent.exe, 00000017.00000002.2921074159.0000024FC5F55000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\Atera.AgentCommunication.Models\obj\Release\net45\Atera.AgentCommunication.Models.pdb source: AgentPackageInternalPoller.exe, 00000037.00000002.2746141235.0000027F6F3F2000.00000002.00000001.01000000.00000035.sdmp
Source:	Binary string: D:\a\1\s\AgentPackageTicketing\AgentPackageTicketing\obj\Release\AgentPackageTicketing.pdb source: AgentPackageTicketing.exe, 0000002F.00000000.2620572865.0000027477D62000.00000002.00000001.01000000.00000028.sdmp

Source: System.ServiceModel.Web.dll.1.dr

Static PE information: 0x8A5160A6 [Wed Jul 15 16:02:46 2043 UTC]

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe

Code function: 34_2_00007FF89FF11910 EncodePointer,__crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,

34_2_00007FF89FF11910

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_3_073EB235 push ds; ret	5_3_073EB243
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 13_2_00007FF848AA09F8 push ecx; retn F8A7h	13_2_00007FF848AA0A0C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 14_2_00007FF848AB7951 push ebx; retf	14_2_00007FF848AB796A
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 14_2_00007FF848A909F8 push ecx; retn F8A7h	14_2_00007FF848A90A0C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 14_2_00007FF848AB0E84 pushad ; ret	14_2_00007FF848AB0E91
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 14_2_00007FF848AA68A8 push 985F4BDEh; iretd	14_2_00007FF848AA6959
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 14_2_00007FF848CA0F38 push eax; ret	14_2_00007FF848CA0F94
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 14_2_00007FF848CA0F64 push eax; ret	14_2_00007FF848CA0F94
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 19_2_00007FF848A703AD push esi; iretd	19_2_00007FF848A70396
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 19_2_00007FF848A7031D push esi; iretd	19_2_00007FF848A70396
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 19_2_00007FF848A7035D push esi; iretd	19_2_00007FF848A70396
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 19_2_00007FF848A700BD pushad ; iretd	19_2_00007FF848A700C1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 21_2_00007FF848A703AD push esi; iretd	21_2_00007FF848A70396
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 21_2_00007FF848A700BD pushad ; iretd	21_2_00007FF848A700C1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 21_2_00007FF848A7031D push esi; iretd	21_2_00007FF848A70396
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 21_2_00007FF848A7035D push esi; iretd	21_2_00007FF848A70396
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 23_2_00007FF848A97538 push ebx; iretd	23_2_00007FF848A9756A
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 23_2_00007FF848A925FA push eax; iretd	23_2_00007FF848A92691
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 23_2_00007FF848A8A650 push eax; retf	23_2_00007FF848A8A661
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 23_2_00007FF848A8A64A push eax; retf	23_2_00007FF848A8A661
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 23_2_00007FF848C90F7C push eax; ret	23_2_00007FF848C90F94
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 23_2_00007FF848CA78D3 push ebx; retf	23_2_00007FF848CA796A
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 26_2_00007FF848AAA990 push eax; iretd	26_2_00007FF848AAD3FD
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 26_2_00007FF848AA3A4D push ebx; retf	26_2_00007FF848AA3A6A
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 26_2_00007FF848AA74EB push ebx; iretd	26_2_00007FF848AA756A
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 26_2_00007FF848AA7550 push ebx; iretd	26_2_00007FF848AA756A
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 26_2_00007FF848AA7548 push ebx; iretd	26_2_00007FF848AA756A
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 26_2_00007FF848AA7540 push ebx; iretd	26_2_00007FF848AA756A
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 26_2_00007FF848A92E10 push eax; ret	26_2_00007FF848A92E1D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 26_2_00007FF848A9F650 push eax; iretd	26_2_00007FF848A9F65D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 26_2_00007FF848A900BD pushad ; iretd	26_2_00007FF848A900C1

Source: System.Runtime.Numerics.dll.1.dr

Static PE information: section name: .text entropy: 6.855705489890712

Persistence and Installation Behavior

Creates files in the system32 config directory

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BA74182F76F15A9CF514DEF352303C95
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BA74182F76F15A9CF514DEF352303C95
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageSTRemote.exe.log
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageMonitoring.exe.log
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageUpgradeAgent.exe.log
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageProgramManagement.exe.log
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageInternalPoller.exe.log
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageHeartbeat.exe.log

Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Drawing.Primitives.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Atera.AgentPackages.CommonLib.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI2A7B.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Linq.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.CommonLib.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Microsoft.ApplicationInsights.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Threading.Tasks.Extensions.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Dynamic.Runtime.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.Intrinsics.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\Microsoft.CSharp.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAF47.tmp	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.Exceptions.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\StructureMap.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\Microsoft.Win32.Registry.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.ValueTuple.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.WebHeaderCollection.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIA8D8.tmp-\AlphaControlAgentInstallation.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.Serialization.Formatters.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Interop.WUApiLib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Collections.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.UserSecrets.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\NLog.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Diagnostics.Process.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\ATERA Networks\AteraAgent\System.ValueTuple.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Contracts.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.Concurrent.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Thread.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.FileSystem.DriveInfo.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.Diagnostics.DiagnosticSource.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Drawing.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI88A0.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.Serialization.Primitives.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.ThreadPool.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\hostpolicy.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Xml.ReaderWriter.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Threading.Tasks.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.Pipes.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.FileExtensions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Collections.Concurrent.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.Primitives.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-private-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\runtimes\win\lib\net6.0\System.Diagnostics.EventLog.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Atera.Agent.Package.Infrastructure.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Console.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\Microsoft.VisualBasic.Core.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.Diagnostics.EventLog.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Globalization.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Private.Uri.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Private.Xml.Linq.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackage.Common.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Options.ConfigurationExtensions.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.ServiceProcess.ServiceController.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI34C5.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.Serialization.Xml.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Console.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Process.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.Serialization.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Microsoft.Win32.Primitives.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.ComponentModel.TypeConverter.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.NameResolution.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\System.ValueTuple.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.ServiceProcess.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.FileSystemGlobbing.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.EventLog.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Atera.AgentPackage.Common.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.TextWriterTraceListener.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.Abstractions.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.Compression.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\dotnet.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Threading.Tasks.Dataflow.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Web.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.Compression.Brotli.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\Microsoft.VisualBasic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.Http.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Threading.Overlapped.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Linq.Expressions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: 6f9480.rbf (copy)	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Atera.AgentCommunication.Models.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\System.Buffers.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIBF53.tmp-\System.Management.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\Microsoft.DiaSymReader.Native.amd64.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Diagnostics.Debug.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI957D.tmp-\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\ATERA Networks\AteraAgent\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XDocument.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Http.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Core.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Hosting.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.ComponentModel.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Globalization.Extensions.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI97E0.tmp-\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.Principal.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.Ping.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.MemoryMappedFiles.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Atera.Utils.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.ServiceModel.Web.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Diagnostics.Contracts.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\System.Memory.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.AppContext.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\x64\SQLite.Interop.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.Common.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Text.Encodings.Web.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.FileProviders.Abstractions.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.Compression.ZipFile.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\it\Microsoft.Win32.TaskScheduler.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\WindowsBase.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Atera.AgentPackages.Exceptions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.NetworkInformation.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI957D.tmp-\AlphaControlAgentInstallation.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Serilog.Sinks.File.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.Claims.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.Extensions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\pl\Microsoft.Win32.TaskScheduler.resources.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XmlDocument.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\dbgshim.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackages.Exceptions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.Compression.ZipFile.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\StructureMap.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\System.Buffers.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIA8D8.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIA8D8.tmp-\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\netstandard.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIA8D8.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Tasks.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Atera.Agent.Package.Tools.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.Requests.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\zh-Hant\Microsoft.Win32.TaskScheduler.resources.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\runtimes\browser\lib\net6.0\System.Text.Encodings.Web.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.FileSystem.AccessControl.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI364D.tmp	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\StructureMap.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.CommonLib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.ComponentModel.Annotations.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\netstandard.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Runtime.CompilerServices.Unsafe.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Configuration.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Text.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\ATERA Networks\AteraAgent\Pubnub.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\NLog.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\runtimes\win\lib\net6.0\System.Diagnostics.EventLog.Messages.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.WebProxy.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Diagnostics.FileVersionInfo.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Resources.ResourceManager.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.Security.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XPath.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\host\fxr\6.0.32\hostfxr.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Serilog.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.EventSource.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\System.Diagnostics.DiagnosticSource.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\System.Memory.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.IsolatedStorage.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\System.Diagnostics.DiagnosticSource.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.CommandLine.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.Cryptography.Csp.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.Mail.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Reflection.Metadata.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.InteropServices.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSICB02.tmp	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.Text.Json.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\System.Runtime.InteropServices.RuntimeInformation.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.ComponentModel.Primitives.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Data.DataSetExtensions.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\StructureMap.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\NLog.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Polly.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.Cryptography.Encoding.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Data.Common.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.Utils.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\System.Buffers.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Hosting.Abstractions.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\System.Buffers.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Reflection.Emit.ILGeneration.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Atera.AgentPackages.ModelsV3.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Resources.Reader.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Reflection.Extensions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.ObjectModel.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Win32.TaskScheduler.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Text.Encoding.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI97E0.tmp-\AlphaControlAgentInstallation.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.WebSockets.Client.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.Utils.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Serilog.Extensions.Hosting.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.FileSystem.Primitives.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Microsoft.ApplicationInsights.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Private.CoreLib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAB1B.tmp6f947f.rbf (copy)	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Buffers.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Xml.XPath.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.Cryptography.X509Certificates.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Dapper.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.Console.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\ICSharpCode.SharpZipLib.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\IdleTimeFinder.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\fr\Microsoft.Win32.TaskScheduler.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\Microsoft.Win32.Primitives.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAB1B.tmp6f947b.rbf (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Private.Xml.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.Cryptography.Cng.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Numerics.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Polly.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIBF53.tmp-\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.Debug.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Collections.Immutable.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Linq.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Atera.AgentPackage.Common.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Tracing.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\mscordaccore.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI97E0.tmp-\System.Management.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Linq.Parallel.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.Text.Encodings.Web.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Globalization.Calendars.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIBF53.tmp	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XmlSerializer.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Windows.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.ModelsV3.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.Pipes.AccessControl.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\de\Microsoft.Win32.TaskScheduler.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI94C6.tmp	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Polly.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.Abstractions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.AppContext.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.MemoryMappedFiles.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Text.RegularExpressions.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.TraceSource.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\RunScriptAsUser.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI3136.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.AccessControl.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Threading.Channels.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.Watcher.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\runtimes\win\lib\net6.0\System.ServiceProcess.ServiceController.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\x86\SQLite.Interop.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\NLog.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI3B44.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Linq.Queryable.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.SecureString.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.EnvironmentVariables.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Numerics.Vectors.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.FileSystem.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Memory.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Diagnostics.StackTrace.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.ComponentModel.EventBasedAsync.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\coreclr.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Atera.AgentPackages.CommonLib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Reflection.Emit.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\LiteDB.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Options.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Transactions.Local.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\System.Diagnostics.DiagnosticSource.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\System.Runtime.CompilerServices.Unsafe.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Tools.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\ru\Microsoft.Win32.TaskScheduler.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI97E0.tmp	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\Atera.AgentPackage.Common.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: 6f947e.rbf (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI3853.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Threading.Thread.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ComponentModel.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Xml.XmlSerializer.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Formats.Asn1.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIBF53.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.StackTrace.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.Compression.FileSystem.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackage.Common.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI3280.tmp	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Overlapped.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.NonGeneric.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\CliWrap.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Collections.NonGeneric.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Globalization.Extensions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\ucrtbase.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Transactions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\System.Diagnostics.DiagnosticSource.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.UnmanagedMemoryStream.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAE9A.tmp	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.Binder.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Threading.ThreadPool.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\System.Runtime.CompilerServices.Unsafe.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.IsolatedStorage.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\createdump.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\msquic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI957D.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.ServicePoint.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.Handles.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Diagnostics.Tracing.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XPath.XDocument.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\mscorrc.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Debug.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Drawing.Primitives.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Microsoft.ApplicationInsights.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.FileSystem.Watcher.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Timer.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\mscordaccore_amd64_amd64_6.0.3224.31407.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Threading.Tasks.Parallel.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.HttpListener.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\Atera.AgentPackage.Common.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI3A96.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI2F70.tmp	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\Atera.AgentPackage.Common.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.ComponentModel.DataAnnotations.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\RestartReminderNotification.exe	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\StructureMap.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Reflection.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\mscorlib.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.Numerics.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Buffers.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Microsoft.ApplicationInsights.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Tasks.Parallel.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ValueTuple.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Xml.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ComponentModel.Primitives.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSICA06.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Xml.XDocument.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAB1B.tmp6f947d.rbf (copy)	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.DriveInfo.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAF96.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Reflection.Emit.Lightweight.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\clretwrc.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\clrjit.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.Configuration.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI338B.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Private.DataContractSerialization.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIA8D8.tmp-\System.Management.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.WebSockets.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\mscordbi.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI2C61.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\NLog.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\System.Runtime.CompilerServices.Unsafe.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAB1C.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.Compression.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSICAB3.tmp	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Runtime.InteropServices.RuntimeInformation.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.Principal.Windows.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Resources.Writer.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.Sockets.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.FileProviders.Physical.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI9F37.tmp	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.DiagnosticSource.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.InteropServices.RuntimeInformation.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Globalization.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.Compression.Native.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Buffers.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Diagnostics.TraceSource.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.Http.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\System.Memory.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ComponentModel.EventBasedAsync.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\zh-CN\Microsoft.Win32.TaskScheduler.resources.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackage.Common.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.UnmanagedMemoryStream.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Text.Encoding.CodePages.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Polly.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.ValueTuple.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\Microsoft.ApplicationInsights.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.DependencyInjection.Abstractions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Diagnostics.Tools.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Data.SQLite.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Atera.AgentPackage.Common.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Reflection.TypeExtensions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.Primitives.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\System.Runtime.CompilerServices.Unsafe.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.DependencyInjection.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Microsoft.ApplicationInsights.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ComponentModel.TypeConverter.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Xml.Serialization.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIBF53.tmp-\AlphaControlAgentInstallation.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Diagnostics.DiagnosticSource.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Xml.XPath.XDocument.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Polly.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Data.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.Loader.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI957D.tmp-\System.Management.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Web.HttpUtility.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.Quic.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Serilog.Extensions.Logging.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.Pipes.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI957D.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.Utils.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Xml.XmlDocument.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAC95.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.Cryptography.Primitives.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.ModelsV3.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Atera.Utils.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\es\Microsoft.Win32.TaskScheduler.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-console-l1-2-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.Serialization.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Primitives.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.Cryptography.OpenSsl.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Memory.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Dynamic.Runtime.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSICFA6.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: 6f9481.rbf (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.Specialized.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Reflection.DispatchProxy.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Reflection.Primitives.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI97E0.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Text.Encoding.Extensions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Collections.Specialized.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.WebClient.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Diagnostics.TextWriterTraceListener.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.Cryptography.Algorithms.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\RestartReminder.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Diagnostics.DiagnosticSource.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\System.Memory.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Globalization.Calendars.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Threading.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Threading.Timer.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.CompilerServices.Unsafe.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Xml.Linq.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Microsoft.Win32.TaskScheduler.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Data.Common.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.ReaderWriter.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAB8B.tmp	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackages.CommonLib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIA30.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\CommunityToolkit.WinUI.Notifications.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-fibers-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\OpenHardwareMonitorLib.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.FileVersionInfo.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.CompilerServices.VisualC.dll	Jump to dropped file

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI3280.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSICA06.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI2A7B.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAB1B.tmp6f947d.rbf (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI97E0.tmp-\System.Management.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAF96.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI957D.tmp-\System.Management.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIBF53.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAF47.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI957D.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAC95.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI338B.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI88A0.tmp-\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIA8D8.tmp-\System.Management.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSICB02.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI34C5.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI2C61.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIA8D8.tmp-\AlphaControlAgentInstallation.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAE9A.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI957D.tmp-\AlphaControlAgentInstallation.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAB1C.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSICFA6.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSICAB3.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI94C6.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI957D.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI97E0.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI88A0.tmp-\AlphaControlAgentInstallation.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI9F37.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIA8D8.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIA8D8.tmp-\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI3136.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI97E0.tmp-\AlphaControlAgentInstallation.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIA8D8.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI88A0.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI3B44.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI88A0.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAB1B.tmp6f947f.rbf (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI364D.tmp	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	File created: C:\Windows\Temp\SplashtopStreamer.exe	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIBF53.tmp-\System.Management.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI957D.tmp-\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI3A96.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI2F70.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAB1B.tmp6f947b.rbf (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI97E0.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAB8B.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIA30.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI88A0.tmp-\System.Management.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI97E0.tmp-\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI3853.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIBF53.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIBF53.tmp-\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIBF53.tmp-\AlphaControlAgentInstallation.dll	Jump to dropped file

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\InstallUtil.InstallLog
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\AteraAgent.InstallLog
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\TEMP\AteraSetupLog.txt

Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\dotnet\LICENSE.txt	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\LICENSE.txt
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\tools\7zip.license.txt
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\tools\checksum.license.txt
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\tools\shimgen.license.txt

Boot Survival

Installs Task Scheduler Managed Wrapper

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Microsoft.Win32.TaskScheduler.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Microsoft.Win32.TaskScheduler.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Win32.TaskScheduler.dll

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application

Source: C:\Windows\SysWOW64\msiexec.exe

Process created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

Process created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe

Code function: 34_2_00007FF89FF0A524 EncodePointer,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

34_2_00007FF89FF0A524

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Registry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Registry key monitored for changes: HKEY_USERS.DEFAULT\Software\Microsoft\SystemCertificates\CA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Registry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Registry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Registry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

Key value created or modified: HKEY_USERS.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C Blob

Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDrive
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\ROOT\cimv2:Win32_DiskDrive.DeviceID="\\\\.\\PHYSICALDRIVE0"} where resultclass = Win32_DiskPartition
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDriveToDiskPartition where Antecedent="Win32_DiskDrive.DeviceID=\"\\\\\\\\.\\\\PHYSICALDRIVE0\""
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDrive
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\ROOT\cimv2:Win32_DiskDrive.DeviceID="\\\\.\\PHYSICALDRIVE0"} where resultclass = Win32_DiskPartition
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDriveToDiskPartition where Antecedent="Win32_DiskDrive.DeviceID=\"\\\\\\\\.\\\\PHYSICALDRIVE0\""
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDrive
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\ROOT\cimv2:Win32_DiskDrive.DeviceID="\\\\.\\PHYSICALDRIVE0"} where resultclass = Win32_DiskPartition
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDriveToDiskPartition where Antecedent="Win32_DiskDrive.DeviceID=\"\\\\\\\\.\\\\PHYSICALDRIVE0\""
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDrive
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\ROOT\cimv2:Win32_DiskDrive.DeviceID="\\\\.\\PHYSICALDRIVE0"} where resultclass = Win32_DiskPartition
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDriveToDiskPartition where Antecedent="Win32_DiskDrive.DeviceID=\"\\\\\\\\.\\\\PHYSICALDRIVE0\""

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select PhysicalAdapter,Name,PNPDeviceID from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
Source: C:\Windows\System32\wbem\WMIADAP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select PhysicalAdapter,Name,PNPDeviceID from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter

Queries sensitive service information (via WMI, MSSMBios_RawSMBiosTables, often done to detect sandboxes)

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe

WMI Queries: IWbemServices::ExecQuery - root\WMI : SELECT * FROM MSSMBios_RawSMBiosTables

Queries sensitive service information (via WMI, WIN32_SERVICE, often done to detect sandboxes)

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : select Name,DisplayName,Description,State from Win32_Service
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : select Name,DisplayName,Description,State from Win32_Service

Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID="Disk #0, Partition #0"} where resultclass = Win32_LogicalDisk
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent="Win32_DiskPartition.DeviceID=\"Disk #0, Partition #0\""
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID="Disk #0, Partition #1"} where resultclass = Win32_LogicalDisk
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent="Win32_DiskPartition.DeviceID=\"Disk #0, Partition #1\""
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID="Disk #0, Partition #2"} where resultclass = Win32_LogicalDisk
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent="Win32_DiskPartition.DeviceID=\"Disk #0, Partition #2\""
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Size,FreeSpace,Name FROM Win32_LogicalDisk where DriveType=3
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID="Disk #0, Partition #0"} where resultclass = Win32_LogicalDisk
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent="Win32_DiskPartition.DeviceID=\"Disk #0, Partition #0\""
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID="Disk #0, Partition #1"} where resultclass = Win32_LogicalDisk
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent="Win32_DiskPartition.DeviceID=\"Disk #0, Partition #1\""
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID="Disk #0, Partition #2"} where resultclass = Win32_LogicalDisk
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent="Win32_DiskPartition.DeviceID=\"Disk #0, Partition #2\""
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID="Disk #0, Partition #0"} where resultclass = Win32_LogicalDisk
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent="Win32_DiskPartition.DeviceID=\"Disk #0, Partition #0\""
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID="Disk #0, Partition #1"} where resultclass = Win32_LogicalDisk
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent="Win32_DiskPartition.DeviceID=\"Disk #0, Partition #1\""
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID="Disk #0, Partition #2"} where resultclass = Win32_LogicalDisk
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent="Win32_DiskPartition.DeviceID=\"Disk #0, Partition #2\""
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Size,FreeSpace,Name FROM Win32_LogicalDisk where DriveType=3
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID="Disk #0, Partition #0"} where resultclass = Win32_LogicalDisk
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent="Win32_DiskPartition.DeviceID=\"Disk #0, Partition #0\""
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID="Disk #0, Partition #1"} where resultclass = Win32_LogicalDisk
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent="Win32_DiskPartition.DeviceID=\"Disk #0, Partition #1\""
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID="Disk #0, Partition #2"} where resultclass = Win32_LogicalDisk
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent="Win32_DiskPartition.DeviceID=\"Disk #0, Partition #2\""
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : associators of {\\user-PC\root\CIMV2:Win32_DiskPartition.DeviceID="Disk #0, Partition #0"} where resultclass = Win32_LogicalDisk
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : select * from Win32_LogicalDiskToPartition where Antecedent="Win32_DiskPartition.DeviceID=\"Disk #0, Partition #0\""
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : associators of {\\user-PC\root\CIMV2:Win32_DiskPartition.DeviceID="Disk #0, Partition #1"} where resultclass = Win32_LogicalDisk
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : select * from Win32_LogicalDiskToPartition where Antecedent="Win32_DiskPartition.DeviceID=\"Disk #0, Partition #1\""
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : associators of {\\user-PC\root\CIMV2:Win32_DiskPartition.DeviceID="Disk #0, Partition #2"} where resultclass = Win32_LogicalDisk
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : select * from Win32_LogicalDiskToPartition where Antecedent="Win32_DiskPartition.DeviceID=\"Disk #0, Partition #2\""
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Size,FreeSpace,Name FROM Win32_LogicalDisk where DriveType=3

Queries sensitive sound device information (via WMI, Win32_SoundDevice, often done to detect virtual machines)

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_SoundDevice
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_SoundDevice

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Memory allocated: 1E201800000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Memory allocated: 1E219910000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Memory allocated: 1A907240000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Memory allocated: 1A91F7C0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 1F399C00000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 1F3B2360000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 18323020000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 1833B4F0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Memory allocated: 24FAD0A0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Memory allocated: 24FC56A0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 190F9370000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 190F9890000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Memory allocated: 1F019070000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Memory allocated: 1F031310000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Memory allocated: 1DCD8C40000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Memory allocated: 1DCF1450000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 1CD4E3D0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 1CD669C0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Memory allocated: 2521BF20000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Memory allocated: 252340B0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Memory allocated: 20438B90000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Memory allocated: 204511C0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Memory allocated: 274780A0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Memory allocated: 27478850000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Memory allocated: 284E9680000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Memory allocated: 284E9BB0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe	Memory allocated: 27F6E730000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe	Memory allocated: 27F6EC20000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Memory allocated: 1ADFBF70000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Memory allocated: 1ADFC1C0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe	Memory allocated: 29187560000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe	Memory allocated: 2919FC10000 memory reserve \| memory write watch

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 599891
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 599781
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 599672
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 599552
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 599422
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 599313
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 599203
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 599094
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 598969
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 598860
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 598735
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 598610
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 598485
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 598360
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 598235
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 598110
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 597985
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 597860
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 597735
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 597610
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 597485
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 597360
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 597235
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 597110
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 596985
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 596860
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 596735
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 596610
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 596485
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 596360
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 596235
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 596110
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 595985
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 599890
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 599780
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 599670
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 599562
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 599453
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 599343
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 599234
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 599124
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 599015
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 598906
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 598796
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 598687
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 598576
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 598468
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 598337
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 598218
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 598107
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 597999
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 597887
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 597780
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 597659
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 597531
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 597415
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 597260
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 597144
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 596953
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 596838
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 596725
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 596604
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 596500
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 596389
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 596281
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 596168
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 596062
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 595943
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 595812
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 595703
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 595567
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 595437
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 595328
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 595206
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 595078
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 594968
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 594853
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 594734
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 594625
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 594511
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 594406
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 594292
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 594187
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 594078
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 593968
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 593859
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 599846
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 599689
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 599562
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 599359
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 599125
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 598786
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 598561
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 598403
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 598279
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 598171
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 598062
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 597890
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 597724
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 597593
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 597463
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 597324
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 597175
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 596984
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 596812
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 596609
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 596459
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 596312
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 596168
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 596031
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 595901
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 595784
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 595656
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 595266
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 595098
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 594953
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 594757
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 594547
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 594359
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 594125
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 593921
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 593744
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 593622
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 593515
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 593406
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 593297
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 593184
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 593068
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 592937
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 592828
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 592718
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 592609
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 592499
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 592372
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 592258
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 592140
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 592031
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 591922
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 591801
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 591672
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 591562
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 591450
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 591343
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 591230
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 591121
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 590987
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 590859
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 590750
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 590640
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 590531
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 590422
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 590312
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 590202
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 590089
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 589984
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 589857
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 589594
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 589471
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 589245
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 589139
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 589030
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 588922
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 588812
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 588703
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 588593
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe	Thread delayed: delay time: 922337203685477

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Window / User API: threadDelayed 3749
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Window / User API: threadDelayed 5839
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Window / User API: threadDelayed 6751
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Window / User API: threadDelayed 2804
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Window / User API: threadDelayed 3663
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Window / User API: threadDelayed 4893
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Window / User API: threadDelayed 4959
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Window / User API: threadDelayed 4820
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Window / User API: threadDelayed 2394
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Window / User API: threadDelayed 760
Source: C:\Windows\System32\wbem\WMIADAP.exe	Window / User API: threadDelayed 2698
Source: C:\Windows\System32\wbem\WMIADAP.exe	Window / User API: threadDelayed 865
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Window / User API: threadDelayed 1388
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Window / User API: threadDelayed 583
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Window / User API: threadDelayed 7375
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Window / User API: threadDelayed 2262
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Window / User API: threadDelayed 732
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Window / User API: threadDelayed 393
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Window / User API: threadDelayed 5444
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Window / User API: threadDelayed 809
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe	Window / User API: threadDelayed 732

Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Drawing.Primitives.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Atera.AgentPackages.CommonLib.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI2A7B.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Linq.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Microsoft.ApplicationInsights.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.CommonLib.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Threading.Tasks.Extensions.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Dynamic.Runtime.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.Intrinsics.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\Microsoft.CSharp.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.Exceptions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIAF47.tmp	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.X509Certificates.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\StructureMap.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.WebHeaderCollection.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\Microsoft.Win32.Registry.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.ValueTuple.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIA8D8.tmp-\AlphaControlAgentInstallation.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.Serialization.Formatters.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Interop.WUApiLib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Collections.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.UserSecrets.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\NLog.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Data.SQLite.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Diagnostics.Process.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\ATERA Networks\AteraAgent\System.ValueTuple.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\System.ValueTuple.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\log4net.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Contracts.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.Concurrent.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Thread.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.FileSystem.DriveInfo.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.Diagnostics.DiagnosticSource.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Drawing.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI88A0.tmp	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\ICSharpCode.SharpZipLib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.Serialization.Primitives.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.Csp.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.ThreadPool.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\hostpolicy.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Xml.ReaderWriter.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Threading.Tasks.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.Pipes.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.FileExtensions.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\Pubnub.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Collections.Concurrent.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.Primitives.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.WebSockets.Client.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-private-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Serialization.Formatters.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\runtimes\win\lib\net6.0\System.Diagnostics.EventLog.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Atera.Agent.Package.Infrastructure.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Console.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\Microsoft.VisualBasic.Core.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ObjectModel.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.Diagnostics.EventLog.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Globalization.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Private.Uri.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Sockets.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.Algorithms.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingTrayTMP.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Claims.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Private.Xml.Linq.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Options.ConfigurationExtensions.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackage.Common.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.ServiceProcess.ServiceController.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.CompilerServices.VisualC.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI34C5.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.Serialization.Xml.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Console.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Process.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.Serialization.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Reflection.Extensions.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Numerics.Vectors.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Microsoft.Win32.Primitives.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.ComponentModel.TypeConverter.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.NameResolution.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Linq.Parallel.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\System.ValueTuple.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.ServiceProcess.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.FileSystemGlobbing.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.EventLog.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\System.Runtime.InteropServices.RuntimeInformation.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Atera.AgentPackage.Common.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingNotifications.exe	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.TextWriterTraceListener.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.Compression.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.Abstractions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\dotnet.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Threading.Tasks.Dataflow.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.Compression.Brotli.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Web.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\Microsoft.VisualBasic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.Http.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Threading.Overlapped.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: 6f9480.rbf (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Linq.Expressions.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Atera.AgentCommunication.Models.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingTray.exe (copy)	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\System.Buffers.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIBF53.tmp-\System.Management.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\Microsoft.DiaSymReader.Native.amd64.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Diagnostics.Debug.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI957D.tmp-\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\ATERA Networks\AteraAgent\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Primitives.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XDocument.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Http.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Core.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Hosting.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.ComponentModel.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Globalization.Extensions.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI97E0.tmp-\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Linq.Queryable.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.Principal.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.Ping.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.MemoryMappedFiles.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Atera.Utils.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\System.ValueTuple.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.ServiceModel.Web.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Security.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Diagnostics.Contracts.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\System.Memory.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.AppContext.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\x64\SQLite.Interop.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.Common.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Text.RegularExpressions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Text.Encodings.Web.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.FileProviders.Abstractions.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.Compression.ZipFile.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\it\Microsoft.Win32.TaskScheduler.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\WindowsBase.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Atera.AgentPackages.Exceptions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.NetworkInformation.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI957D.tmp-\AlphaControlAgentInstallation.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Serilog.Sinks.File.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.Claims.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Handles.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.Extensions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\pl\Microsoft.Win32.TaskScheduler.resources.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XmlDocument.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackages.Exceptions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\dbgshim.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\tools\shimgen.exe	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\System.Buffers.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\StructureMap.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.Compression.ZipFile.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIA8D8.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIA8D8.tmp-\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\netstandard.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.Primitives.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIA8D8.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Tasks.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Atera.Agent.Package.Tools.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.Requests.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\zh-Hant\Microsoft.Win32.TaskScheduler.resources.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\runtimes\browser\lib\net6.0\System.Text.Encodings.Web.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.FileSystem.AccessControl.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI364D.tmp	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\StructureMap.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Numerics.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.CommonLib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.ComponentModel.Annotations.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\netstandard.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Runtime.CompilerServices.Unsafe.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Configuration.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\ATERA Networks\AteraAgent\Pubnub.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Text.Json.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\t2tWinFormAppBarLib.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.NetworkInformation.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\tools\7z.exe	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\Microsoft.ApplicationInsights.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\NLog.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\runtimes\win\lib\net6.0\System.Diagnostics.EventLog.Messages.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Resources.Writer.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI88A0.tmp-\System.Management.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.InteropServices.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.WebProxy.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Diagnostics.FileVersionInfo.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Resources.ResourceManager.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.Security.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XPath.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\host\fxr\6.0.32\hostfxr.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Serilog.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.NameResolution.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.EventSource.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\System.Diagnostics.DiagnosticSource.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\System.Memory.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.IsolatedStorage.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\System.Diagnostics.DiagnosticSource.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.CommandLine.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Reflection.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Http.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.Cryptography.Csp.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\redirects\cup.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.Mail.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\tools\checksum.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Reflection.Metadata.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSICB02.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.InteropServices.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.Text.Json.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\System.Runtime.InteropServices.RuntimeInformation.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Data.DataSetExtensions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.ComponentModel.Primitives.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\StructureMap.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\NLog.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Polly.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.InteropServices.RuntimeInformation.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.Cryptography.Encoding.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Data.Common.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.Utils.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\System.Buffers.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Hosting.Abstractions.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\QRCoder.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\System.Buffers.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Reflection.Emit.ILGeneration.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Atera.AgentPackages.ModelsV3.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Resources.Reader.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.ObjectModel.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Reflection.Extensions.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Win32.TaskScheduler.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Text.Encoding.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI97E0.tmp-\AlphaControlAgentInstallation.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.WebSockets.Client.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.Utils.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Serilog.Extensions.Hosting.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Memory.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.FileSystem.Primitives.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Microsoft.ApplicationInsights.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIAB1B.tmp6f947f.rbf (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Private.CoreLib.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Buffers.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Xml.XPath.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.Cryptography.X509Certificates.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Dapper.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.Console.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\ICSharpCode.SharpZipLib.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.SecureString.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\IdleTimeFinder.exe	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\fr\Microsoft.Win32.TaskScheduler.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\Microsoft.Win32.Primitives.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\ICSharpCode.SharpZipLib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Private.Xml.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.Cryptography.Cng.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Polly.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Numerics.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\redirects\clist.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIBF53.tmp-\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.Debug.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Collections.Immutable.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Linq.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\Atera.AgentPackage.Common.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Tracing.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Atera.AgentPackage.Common.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\mscordaccore.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI97E0.tmp-\System.Management.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.Text.Encodings.Web.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Serialization.Xml.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Linq.Parallel.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Globalization.Calendars.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIBF53.tmp	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XmlSerializer.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\CommunityToolkit.WinUI.Notifications.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Ping.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Microsoft.Win32.TaskScheduler.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI88A0.tmp-\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Windows.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.ModelsV3.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.Pipes.AccessControl.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.ValueTuple.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\de\Microsoft.Win32.TaskScheduler.resources.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\redirects\cuninst.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI94C6.tmp	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Polly.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.Abstractions.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\tools\7z.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.AppContext.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.MemoryMappedFiles.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Text.RegularExpressions.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.TraceSource.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\RunScriptAsUser.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI3136.tmp	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\System.Management.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Threading.Channels.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.Watcher.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.AccessControl.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\runtimes\win\lib\net6.0\System.ServiceProcess.ServiceController.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Extensions.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\NLog.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\x86\SQLite.Interop.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI3B44.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Linq.Queryable.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.SecureString.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\x86\SQLite.Interop.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.EnvironmentVariables.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Numerics.Vectors.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Memory.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.FileSystem.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Diagnostics.StackTrace.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.ComponentModel.EventBasedAsync.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\coreclr.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Atera.AgentPackages.CommonLib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Reflection.Emit.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\LiteDB.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Options.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Transactions.Local.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\System.Diagnostics.DiagnosticSource.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\System.Runtime.CompilerServices.Unsafe.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Tools.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\ru\Microsoft.Win32.TaskScheduler.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI97E0.tmp	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\Atera.AgentPackage.Common.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: 6f947e.rbf (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI3853.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Threading.Thread.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ComponentModel.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Formats.Asn1.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Xml.XmlSerializer.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\Atera.AgentPackage.Common.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIBF53.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.StackTrace.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.Compression.FileSystem.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackage.Common.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.NonGeneric.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI3280.tmp	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Overlapped.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\CliWrap.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Collections.NonGeneric.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.WebSockets.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Globalization.Extensions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Transactions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\System.Diagnostics.DiagnosticSource.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.UnmanagedMemoryStream.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.Binder.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIAE9A.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Threading.ThreadPool.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\System.Runtime.CompilerServices.Unsafe.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.IsolatedStorage.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\createdump.exe	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\UserDetections.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\msquic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI957D.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.ServicePoint.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Diagnostics.Tracing.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.Handles.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Reflection.Primitives.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XPath.XDocument.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\mscorrc.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\redirects\choco.exe	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Debug.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Drawing.Primitives.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Microsoft.ApplicationInsights.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.FileSystem.Watcher.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Timer.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Dropped PE file which has not been started: C:\Windows\Temp\SplashtopStreamer.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\mscordaccore_amd64_amd64_6.0.3224.31407.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Threading.Tasks.Parallel.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.HttpListener.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\Atera.AgentPackage.Common.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI3A96.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI2F70.tmp	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\Atera.AgentPackage.Common.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.ComponentModel.DataAnnotations.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Text.Encoding.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\RestartReminderNotification.exe	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\StructureMap.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Reflection.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\mscorlib.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\redirects\chocolatey.exe	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\chocolatey.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.Numerics.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\EO.WebBrowser.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Buffers.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Microsoft.ApplicationInsights.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Tasks.Parallel.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ValueTuple.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ComponentModel.Primitives.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Xml.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSICA06.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIAB1B.tmp6f947d.rbf (copy)	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.DriveInfo.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Xml.XDocument.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIAF96.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Reflection.Emit.Lightweight.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\clretwrc.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\clrjit.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.Configuration.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI338B.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIA8D8.tmp-\System.Management.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Private.DataContractSerialization.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.WebSockets.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\mscordbi.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI2C61.tmp	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\redirects\cpush.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\NLog.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\System.Runtime.CompilerServices.Unsafe.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIAB1C.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSICAB3.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.Compression.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Runtime.InteropServices.RuntimeInformation.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Security.Principal.Windows.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Runtime.CompilerServices.Unsafe.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Resources.Writer.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\ThirdPartyPackageManager.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\BouncyCastle.Crypto.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.Sockets.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.FileProviders.Physical.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI9F37.tmp	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.DiagnosticSource.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Runtime.InteropServices.RuntimeInformation.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Resources.Reader.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Globalization.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.Compression.Native.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Buffers.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Resources.ResourceManager.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Diagnostics.TraceSource.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Net.Http.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\System.Memory.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ComponentModel.EventBasedAsync.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\zh-CN\Microsoft.Win32.TaskScheduler.resources.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.Encoding.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackage.Common.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.IO.UnmanagedMemoryStream.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Text.Encoding.CodePages.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Polly.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Numerics.Vectors.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.ValueTuple.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\Microsoft.ApplicationInsights.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.DependencyInjection.Abstractions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\System.Diagnostics.Tools.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.32\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Data.SQLite.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\SharpSnmpLib.dll	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Atera.AgentPackage.Common.dll	Jump to dropped file

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe

Registry key enumerated: More than 126 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Source: C:\Windows\SysWOW64\rundll32.exe TID: 1560	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 5952	Thread sleep time: -60000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 6520	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 1560	Thread sleep count: 3749 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 1080	Thread sleep count: 5839 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 4536	Thread sleep time: -23980767295822402s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 4536	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 6484	Thread sleep count: 50 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 6484	Thread sleep time: -500000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 6660	Thread sleep time: -6456360425798339s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 6568	Thread sleep time: -90000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 4536	Thread sleep time: -44937s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 4536	Thread sleep time: -44825s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 4536	Thread sleep time: -44702s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 4536	Thread sleep time: -44591s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 4536	Thread sleep time: -44476s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 4536	Thread sleep time: -44373s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 4536	Thread sleep time: -44265s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 4536	Thread sleep time: -44156s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 4536	Thread sleep time: -44047s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 4536	Thread sleep time: -43928s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 4536	Thread sleep time: -40000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 4536	Thread sleep time: -39855s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 4536	Thread sleep time: -39725s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 4536	Thread sleep time: -39604s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 4536	Thread sleep time: -39499s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 4536	Thread sleep time: -39389s >= -30000s
Source: C:\Windows\SysWOW64\rundll32.exe TID: 1500	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5560	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6768	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5360	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 5008	Thread sleep count: 6751 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 5008	Thread sleep count: 2804 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 4308	Thread sleep count: 38 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 4308	Thread sleep time: -35048813740048126s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 4308	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 4484	Thread sleep time: -300000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 5560	Thread sleep time: -3689348814741908s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 4612	Thread sleep time: -90000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1164	Thread sleep count: 3663 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1164	Thread sleep count: 4893 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6520	Thread sleep time: -19369081277395017s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6520	Thread sleep time: -600000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6520	Thread sleep time: -599891s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6520	Thread sleep time: -599781s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6520	Thread sleep time: -599672s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6520	Thread sleep time: -599552s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6520	Thread sleep time: -599422s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6520	Thread sleep time: -599313s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6520	Thread sleep time: -599203s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6520	Thread sleep time: -599094s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6520	Thread sleep time: -598969s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6520	Thread sleep time: -598860s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6520	Thread sleep time: -598735s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6520	Thread sleep time: -598610s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6520	Thread sleep time: -598485s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6520	Thread sleep time: -598360s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6520	Thread sleep time: -598235s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6520	Thread sleep time: -598110s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6520	Thread sleep time: -597985s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6520	Thread sleep time: -597860s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6520	Thread sleep time: -597735s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6520	Thread sleep time: -597610s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6520	Thread sleep time: -597485s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6520	Thread sleep time: -597360s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6520	Thread sleep time: -597235s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6520	Thread sleep time: -597110s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6520	Thread sleep time: -596985s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6520	Thread sleep time: -596860s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6520	Thread sleep time: -596735s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6520	Thread sleep time: -596610s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6520	Thread sleep time: -596485s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6520	Thread sleep time: -596360s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6520	Thread sleep time: -596235s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6520	Thread sleep time: -596110s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6520	Thread sleep time: -595985s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1576	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 2128	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep count: 40 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -36893488147419080s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -600000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 5012	Thread sleep count: 4959 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -599890s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 5012	Thread sleep count: 4820 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -599780s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -599670s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -599562s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -599453s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -599343s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -599234s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -599124s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -599015s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -598906s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -598796s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -598687s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -598576s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -598468s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -598337s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -598218s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -598107s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -597999s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -597887s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -597780s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -597659s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -597531s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -597415s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -597260s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -597144s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -596953s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -596838s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -596725s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -596604s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -596500s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -596389s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -596281s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -596168s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -596062s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -595943s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -595812s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -595703s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -595567s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -595437s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -595328s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -595206s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -595078s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -594968s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -594853s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -594734s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -594625s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -594511s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -594406s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -594292s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -594187s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -594078s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -593968s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1772	Thread sleep time: -593859s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 5760	Thread sleep count: 2394 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 5380	Thread sleep time: -10145709240540247s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 5380	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 7148	Thread sleep count: 760 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 3872	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 6764	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\wbem\WMIADAP.exe TID: 2136	Thread sleep count: 2698 > 30
Source: C:\Windows\System32\wbem\WMIADAP.exe TID: 2136	Thread sleep count: 865 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6728	Thread sleep count: 1388 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6728	Thread sleep count: 583 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5748	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3788	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe TID: 3664	Thread sleep time: -60000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe TID: 5024	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe TID: 5080	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe TID: 6768	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 3424	Thread sleep count: 7375 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep count: 38 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -35048813740048126s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -600000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -599846s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -599689s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -599562s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -599359s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -599125s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -598786s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -598561s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -598403s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -598279s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -598171s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -598062s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 3424	Thread sleep count: 2262 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -597890s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -597724s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -597593s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -597463s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -597324s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -597175s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -596984s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -596812s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -596609s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -596459s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -596312s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -596168s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -596031s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -595901s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -595784s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -595656s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -595266s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -595098s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -594953s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -594757s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -594547s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -594359s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -594125s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -593921s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -593744s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -593622s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -593515s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -593406s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -593297s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -593184s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -593068s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -592937s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -592828s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -592718s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -592609s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -592499s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -592372s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -592258s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -592140s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -592031s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -591922s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -591801s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -591672s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -591562s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -591450s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -591343s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -591230s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -591121s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -590987s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -590859s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -590750s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -590640s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -590531s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -590422s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -590312s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -590202s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -590089s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -589984s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -589857s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -589594s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -589471s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -589245s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -589139s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -589030s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -588922s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -588812s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -588703s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6300	Thread sleep time: -588593s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe TID: 1080	Thread sleep time: -3689348814741908s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe TID: 6628	Thread sleep count: 732 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe TID: 6628	Thread sleep count: 393 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe TID: 3712	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe TID: 2892	Thread sleep count: 244 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe TID: 5504	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 4208	Thread sleep count: 5444 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 5304	Thread sleep count: 809 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 5820	Thread sleep time: -14757395258967632s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 5820	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 7656	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 5356	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 4208	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe TID: 3716	Thread sleep time: -2767011611056431s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe TID: 1124	Thread sleep count: 732 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe TID: 5680	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe TID: 6048	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe

File opened: PhysicalDrive0

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BIOS
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : select Manufacturer,SoftwareElementID,ReleaseDate from Win32_BIOS
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
Source: C:\Windows\System32\wbem\WMIADAP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BIOS
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : select Manufacturer,SoftwareElementID,ReleaseDate from Win32_BIOS
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select PartOfDomain,Workgroup,Domain FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select PartOfDomain,Workgroup,Domain FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select MaxClockSpeed from Win32_Processor
Source: C:\Windows\System32\wbem\WMIADAP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select MaxClockSpeed from Win32_Processor

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 30000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 90000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 44937
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 44825
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 44702
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 44591
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 44476
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 44373
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 44265
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 44156
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 44047
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 43928
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 40000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 39855
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 39725
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 39604
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 39499
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 39389
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 30000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 90000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 599891
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 599781
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 599672
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 599552
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 599422
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 599313
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 599203
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 599094
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 598969
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 598860
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 598735
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 598610
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 598485
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 598360
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 598235
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 598110
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 597985
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 597860
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 597735
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 597610
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 597485
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 597360
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 597235
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 597110
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 596985
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 596860
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 596735
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 596610
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 596485
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 596360
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 596235
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 596110
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 595985
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 599890
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 599780
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 599670
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 599562
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 599453
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 599343
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 599234
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 599124
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 599015
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 598906
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 598796
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 598687
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 598576
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 598468
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 598337
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 598218
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 598107
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 597999
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 597887
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 597780
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 597659
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 597531
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 597415
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 597260
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 597144
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 596953
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 596838
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 596725
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 596604
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 596500
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 596389
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 596281
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 596168
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 596062
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 595943
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 595812
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 595703
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 595567
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 595437
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 595328
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 595206
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 595078
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 594968
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 594853
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 594734
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 594625
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 594511
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 594406
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 594292
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 594187
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 594078
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 593968
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 593859
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Thread delayed: delay time: 30000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 599846
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 599689
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 599562
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 599359
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 599125
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 598786
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 598561
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 598403
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 598279
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 598171
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 598062
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 597890
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 597724
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 597593
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 597463
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 597324
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 597175
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 596984
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 596812
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 596609
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 596459
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 596312
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 596168
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 596031
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 595901
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 595784
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 595656
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 595266
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 595098
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 594953
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 594757
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 594547
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 594359
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 594125
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 593921
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 593744
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 593622
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 593515
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 593406
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 593297
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 593184
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 593068
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 592937
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 592828
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 592718
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 592609
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 592499
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 592372
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 592258
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 592140
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 592031
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 591922
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 591801
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 591672
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 591562
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 591450
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 591343
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 591230
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 591121
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 590987
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 590859
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 590750
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 590640
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 590531
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 590422
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 590312
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 590202
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 590089
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 589984
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 589857
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 589594
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 589471
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 589245
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 589139
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 589030
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 588922
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 588812
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 588703
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 588593
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Thread delayed: delay time: 30000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe	Thread delayed: delay time: 922337203685477

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	File opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-CheckSumValid.ps1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	File opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Format-FileSize.ps1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	File opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-EnvironmentVariableNames.ps1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	File opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-EnvironmentVariable.ps1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	File opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-ChocolateyUnzip.ps1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	File opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-ChocolateyWebFile.ps1

Source: AgentPackageMonitoring.exe, 00000039.00000002.2965428168.000001ADFCA29000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware
Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2417534448.00000190F9097000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_ServiceProvides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system.HV Host ServiceHvHostStopped4
Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2417534448.00000190F9097000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000027.00000002.2694483826.000001CD4E462000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V Remote Desktop Virtualization Service
Source: svchost.exe, 00000024.00000002.3282921081.000001BA856BD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: @"VMware"
Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2417534448.00000190F9097000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_ServiceProvides a mechanism to exchange data between the virtual machine and the operating system running on the physical computer.Hyper-V Data Exchange ServicevmickvpexchangeStopped-
Source: AgentPackageAgentInformation.exe, 00000027.00000002.2757310614.000001CD674B7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllbbH
Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2421452555.00000190FA372000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_ServiceSynchronizes the system time of this virtual machine with the system time of the physical computer.Hyper-V Time Synchronization ServicevmictimesyncStopped
Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2419749130.00000190FA2FB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_ServicevmicheartbeatvmicheartbeatStoppedvice"i
Source: AgentPackageAgentInformation.exe, 00000027.00000002.2749532715.000001CD67380000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_Service.Name="vmicvss"
Source: AgentPackageMonitoring.exe, 00000039.00000002.2852389985.000001AD8057B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware Virtual RAM2
Source: AteraAgent.exe, 0000000D.00000002.2132168207.000001E21A2C0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2132168207.000001E21A264000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2567768051.000001A92043A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2569096756.000001A9204F5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2566330920.000001A920040000.00000004.00000020.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000032.00000002.2776222572.00000284EA574000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: AgentPackageMonitoring.exe, 00000039.00000002.2852389985.000001AD8057B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.2
Source: svchost.exe, 00000024.00000002.3281830285.000001BA85652000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.VMware20,1NoneVMware-42 27 d9 2e dc 89 72 dd-92 e8 86 9f a5 a6 64 93
Source: AgentPackageProgramManagement.exe, 00000032.00000000.2625090760.00000284E9352000.00000002.00000001.01000000.00000029.sdmp	Binary or memory string: VMware Tools)Cisco Webex Meetings
Source: svchost.exe, 00000024.00000002.3283151994.000001BA856D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: *@SetPropValue.Manufacturer("VMware");
Source: AgentPackageAgentInformation.exe, 00000027.00000002.2701402484.000001CD4EA43000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qProvides an interface for the Hyper-V host to interact with specific services running inside the virtual machine.0Z?N
Source: svchost.exe, 00000024.00000002.3281504029.000001BA85600000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.VMware20,1NoneVMware-42 27 d9 2e dc 89 72 dd-92 e8 86 9f a5 a6 64 93nSS @
Source: AgentPackageMonitoring.exe, 00000039.00000002.2852389985.000001AD8057B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware-42 27 d9
Source: AgentPackageMonitoring.exe, 00000039.00000002.2852389985.000001AD8057B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.VMW201.00V.20829224.B64.221121184211/21/2022
Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2417534448.00000190F9097000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000027.00000002.2694483826.000001CD4E462000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Provides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system.
Source: AgentPackageAgentInformation.exe, 00000027.00000002.2750830383.000001CD673A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware Virtual disk
Source: svchost.exe, 00000024.00000003.2379442886.000001BA856F7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: @manufacturer"vmware"
Source: AgentPackageAgentInformation.exe, 00000027.00000002.2701402484.000001CD4EA43000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \|Provides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system.
Source: AgentPackageAgentInformation.exe, 00000013.00000002.2240859908.000001F3B2AD6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll$
Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2420027978.00000190FA31B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_ServicevmicvssvmicvssStoppedoR
Source: AgentPackageAgentInformation.exe, 00000013.00000000.2222107135.000001F3998A2000.00000002.00000001.01000000.00000016.sdmp	Binary or memory string: VIRUSfighterAVMware Carbon Black Cloud Sensor7VMware Carbon Black Defense/VMware Carbon Black EDR9VMware Carbon Black Response
Source: svchost.exe, 00000024.00000003.2379442886.000001BA856F7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: *@"VMware Virtual disk"
Source: svchost.exe, 00000024.00000002.3282216415.000001BA856B0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVirtual disk2.06000c292b65879ff477a6af604113f58PCI Slot 32 : Bus 2 : Device 0 : Function 0 : Adapter 0 : Port 0 : Target 0 : LUN 006000C292B65879FF477A6AF604113F58
Source: AgentPackageAgentInformation.exe, 00000027.00000002.2701402484.000001CD4EA43000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmicshutdown
Source: AgentPackageMonitoring.exe, 00000039.00000002.2852389985.000001AD80298000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmware
Source: svchost.exe, 00000024.00000002.3281830285.000001BA85652000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: JSetPropValue.Manufacturer("VMware");
Source: AgentPackageMonitoring.exe, 00000022.00000002.2357595267.000001DCD953D000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000039.00000002.2852389985.000001AD800E6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: IsVirtualMachine
Source: svchost.exe, 00000024.00000002.3282216415.000001BA856B0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware Virtual disk6000C292
Source: AgentPackageAgentInformation.exe, 00000027.00000002.2694483826.000001CD4E462000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_ServiceProvides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system.HV Host ServiceHvHostStoppedM
Source: AgentPackageAgentInformation.exe, 00000027.00000002.2701402484.000001CD4EA43000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $Hyper-V Time Synchronization Service
Source: AgentPackageMonitoring.exe, 00000039.00000002.2852389985.000001AD8057B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware20,1
Source: AgentPackageAgentInformation.exe, 00000027.00000002.2701402484.000001CD4EA43000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmicvss
Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2417534448.00000190F9097000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_ServiceProvides a platform for communication between the virtual machine and the operating system running on the physical computer.Hyper-V Remote Desktop Virtualization ServicevmicrdvStoppedlM
Source: AgentPackageMonitoring.exe, 00000039.00000002.2852389985.000001AD8057B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware SVGA IIES1371
Source: AgentPackageMonitoring.exe, 00000039.00000002.2852389985.000001AD8057B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware Virtual RAM
Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2417534448.00000190F9097000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000027.00000002.2694483826.000001CD4E462000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000027.00000002.2701402484.000001CD4EA43000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Data Exchange Service
Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2421452555.00000190FA372000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Provides an interface for the Hyper-V host to interact with specific services running inside the virtual machine.
Source: svchost.exe, 00000024.00000002.3282921081.000001BA856BD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ,@"VMware"
Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2421452555.00000190FA372000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000027.00000002.2701402484.000001CD4EA43000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Guest Service Interface
Source: AgentPackageAgentInformation.exe, 00000027.00000002.2701402484.000001CD4EA43000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: -Hyper-V Remote Desktop Virtualization Service
Source: AgentPackageAgentInformation.exe, 00000027.00000002.2749532715.000001CD67380000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_Service.Name="vmicshutdown"
Source: AgentPackageAgentInformation.exe, 00000027.00000002.2701402484.000001CD4EA43000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmicheartbeat
Source: svchost.exe, 00000024.00000002.3281830285.000001BA85652000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dSetPropValue.FriendlyName("VMware Virtual disk");
Source: AgentPackageMonitoring.exe, 00000039.00000002.2852389985.000001AD8057B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware Virtual R
Source: AteraAgent.exe, 0000000D.00000002.2132168207.000001E21A1E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%\System32\wuaueng.dll,-400
Source: svchost.exe, 00000024.00000002.3283151994.000001BA856D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: *@friendlyname"vmware virtual disk"x.dll
Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2421452555.00000190FA372000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_ServiceProvides a mechanism to manage virtual machine with PowerShell via VM session without a virtual network.Hyper-V PowerShell Direct ServicevmicvmsessionStopped\:+b1
Source: AgentPackageMonitoring.exe, 00000039.00000002.2852389985.000001AD8057B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.
Source: AgentPackageHeartbeat.exe, 0000003B.00000002.2757395932.00000291A02D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll\
Source: AgentPackageAgentInformation.exe, 00000027.00000002.2701402484.000001CD4EA43000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qProvides an interface for the Hyper-V host to interact with specific services running inside the virtual machine.
Source: AgentPackageAgentInformation.exe, 00000027.00000002.2749532715.000001CD67380000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_Service.Name="vmicheartbeat"
Source: AgentPackageAgentInformation.exe, 00000027.00000002.2750830383.000001CD673A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vmicshutdown#
Source: AgentPackageAgentInformation.exe, 00000027.00000002.2746641380.000001CD67326000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_ServicevmicvssvmicvssStopped
Source: AgentPackageAgentInformation.exe, 00000027.00000002.2701402484.000001CD4EA43000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: "Win32_Service.Name="vmicheartbeat"p^
Source: AgentPackageMonitoring.exe, 00000022.00000002.2357000469.000001DCD93A9000.00000004.00000020.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000002C.00000002.2945196478.0000025234982000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllP
Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2421452555.00000190FA372000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V Time Synchronization Service
Source: svchost.exe, 00000024.00000002.3282216415.000001BA856B0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ?XSCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: AgentPackageSTRemote.exe, 0000001F.00000002.2886888877.000001F031A90000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllg
Source: svchost.exe, 00000024.00000002.3282216415.000001BA856B0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware Virtual disk6000C292B65879FF477A6AF604113F580VMwareVirtual diskirt6000c292b65879ff477a6af604113f586af2.0
Source: AgentPackageMonitoring.exe, 00000039.00000002.2965428168.000001ADFCA29000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: eVMware
Source: AgentPackageMonitoring.exe, 00000039.00000002.2852389985.000001AD8057B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware20,12
Source: svchost.exe, 00000024.00000002.3282216415.000001BA856B0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware Virtual disk6000C292B65879FF477A6AF604113F580VMwareVirtual disk6000c292b65879ff477a6af604113f582.0
Source: AgentPackageMonitoring.exe, 00000039.00000002.2852389985.000001AD8057B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware SVGA II
Source: rundll32.exe, 00000005.00000002.2075546427.00000000033DB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2176760876.0000000002E45000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.2181276094.0000000002E46000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2921074159.0000024FC5EBA000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2422755981.00000190FA404000.00000004.00000020.00020000.00000000.sdmp, AgentPackageInternalPoller.exe, 00000037.00000002.2748921844.0000027F6F5B0000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000039.00000002.2972589705.000001ADFDB34000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2419749130.00000190FA2FB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_ServicevmicshutdownvmicshutdownStopped/
Source: AgentPackageMonitoring.exe, 00000039.00000002.2852389985.000001AD8057B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.NoneVMware-42 27 d9 2e dc 89 72 dd-92 e8 86 9f a5 a6 64 93VMware20,1
Source: AgentPackageMonitoring.exe, 00000039.00000002.2852389985.000001AD8057B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware-42 27 d9 2e dc 89 72 dd-92 e8 86 9f a5 a6 64 93
Source: AteraAgent.exe, 0000000E.00000002.2572723144.000001A9208E2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000000.2316796496.000001DCD87E2000.00000002.00000001.01000000.0000001B.sdmp, AgentPackageMonitoring.exe, 00000022.00000002.2355757363.000001DCD8C72000.00000002.00000001.01000000.0000001D.sdmp	Binary or memory string: get_IsVirtualMachine
Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2421452555.00000190FA372000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_ServiceProvides an interface for the Hyper-V host to interact with specific services running inside the virtual machine.Hyper-V Guest Service InterfacevmicguestinterfaceStopped
Source: AgentPackageAgentInformation.exe, 00000027.00000002.2701402484.000001CD4EA43000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Win32_Service.Name="vmicvss"p^
Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2421452555.00000190FA372000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V PowerShell Direct Service
Source: AgentPackageAgentInformation.exe, 00000027.00000002.2701402484.000001CD4EA43000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: !Win32_Service.Name="vmicshutdown"p^
Source: AgentPackageAgentInformation.exe, 00000027.00000002.2694483826.000001CD4E462000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_ServiceProvides a platform for communication between the virtual machine and the operating system running on the physical computer.Hyper-V Remote Desktop Virtualization ServicevmicrdvStoppedC
Source: AgentPackageMonitoring.exe, 00000039.00000002.2852389985.000001AD8057B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware Virtual RAM00000001VMW-4096MBRAM slot #0RAM slot #0
Source: AgentPackageMonitoring.exe, 00000039.00000002.2852389985.000001AD8057B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: 6VMware-42 27 d9 2e dc 89 72 dd-92 e8 86 9f a5 a6 64 93
Source: AgentPackageAgentInformation.exe, 00000027.00000002.2750830383.000001CD673A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: MSFT_PhysicalDisk{1}\\user-PC\root/Microsoft/Windows/Storage/Providers_v2\SPACES_PhysicalDisk.ObjectId="{a33c734b-61ca-11ee-8c18-806e6f6e6963}:PD:{baefc400-1cb2-6d19-d2b5-4ac4ae014b83}"6000C292B65879FF477A6AF604113F58VMware Virtual diskVMwareVirtual disk6000c292b65879ff477a6af604113f58PCI Slot 32 : Bus 2 : Device 0 : Function 0 : Adapter 0 : Port 0 : Target 0 : LUN 0
Source: svchost.exe, 00000024.00000002.3283151994.000001BA856D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: @SetPropValue.Manufacturer("VMware");
Source: svchost.exe, 00000024.00000002.3282216415.000001BA8569A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: (@SetPropValue.FriendlyName("VMware Virtual disk");
Source: svchost.exe, 00000024.00000003.2379414656.000001BA856E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SPACES_PhysicalDisk{a33c734b-61ca-11ee-8c18-806e6f6e6963}:PD:{baefc400-1cb2-6d19-d2b5-4ac4ae014b83}6000C292B65879FF477A6AF604113F58VMware Virtual diskVMwareVirtual disk6000c292b65879ff477a6af604113f58PCI Slot 32 : Bus 2 : Device 0 : Function 0 : Adapter 0 : Port 0 : Target 0 : LUN 0
Source: svchost.exe, 00000024.00000002.3282216415.000001BA856B0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVirtual disk2.06000c292b65879ff477a6af604113f58PCI Slot 32 : Bus 2 : Device 0 : Function 0 : Adapter 0 : Port 0 : Target 0 : LUN 0
Source: AgentPackageAgentInformation.exe, 00000027.00000002.2694483826.000001CD4E462000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_ServiceProvides a mechanism to exchange data between the virtual machine and the operating system running on the physical computer.Hyper-V Data Exchange ServicevmickvpexchangeStopped
Source: AgentPackageAgentInformation.exe, 00000027.00000002.2701402484.000001CD4EA43000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: !Hyper-V PowerShell Direct Service
Source: svchost.exe, 00000024.00000002.3283453505.000001BA856F7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: (@manufacturer"vmware"
Source: AgentPackageMonitoring.exe, 00000039.00000002.2852389985.000001AD8057B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware SVGA II2

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\System32\sppsvc.exe	Process queried: DebugPort
Source: C:\Windows\System32\sppsvc.exe	Process queried: DebugPort
Source: C:\Windows\System32\sppsvc.exe	Process queried: DebugPort

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe

Code function: 34_2_00007FF89FF05E14 IsDebuggerPresent,__crtUnhandledException,GetCurrentProcess,TerminateProcess,

34_2_00007FF89FF05E14

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe

Code function: 34_2_00007FF89FF4AFB0 OutputDebugStringA,GetProcessHeap,OutputDebugStringA,GetLastError,lstrlenW,HeapAlloc,OutputDebugStringA,GetEnvironmentVariableW,OutputDebugStringA,GetLastError,OutputDebugStringA,GetModuleFileNameW,lstrlenW,OutputDebugStringA,lstrcatW,lstrcatW,lstrcatW,GetFileAttributesW,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,WinVerifyTrust,OutputDebugStringA,OutputDebugStringA,GetModuleHandleW,OutputDebugStringA,OutputDebugStringA,GetModuleHandleW,GetProcAddress,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,GetEnvironmentVariableW,OutputDebugStringA,GetCurrentThreadId,GetCurrentProcessId,wsprintfW,GetEnvironmentVariableW,SetEnvironmentVariableW,_errno,_errno,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,GetLastError,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,HeapFree,_snprintf,OutputDebugStringA,

34_2_00007FF89FF4AFB0

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe

34_2_00007FF89FF11910

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe

Code function: 34_2_00007FF89FF07A84 GetProcessHeap,

34_2_00007FF89FF07A84

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe	Process token adjusted: Debug

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe

Code function: 34_2_00007FF89FF0ACD4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,

34_2_00007FF89FF0ACD4

Source: C:\Windows\SysWOW64\rundll32.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\SysWOW64\rundll32.exe

Network Connect: 40.119.152.241 443

Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="pbell@solutionzsecurity.com" /CompanyId="20" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q3000001lTaiIAE" /AgentId="687399e7-85e9-4e3a-8465-e1cdfab81e34"	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgent
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "16038b3c-d35a-4c69-b34e-6367184ec3ca" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q3000001lTaiIAE
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "2a1a3dc9-6072-498e-b1b6-fcd7a9da4519" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q3000001lTaiIAE
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "79bc36b0-3b49-4e44-ab46-b92058304cdc" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q3000001lTaiIAE
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "78309870-edc4-47c0-bbf7-c19973e138fe" agent-api.atera.com/Production 443 or8ixLi90Mf "install eyJSbW1Db2RlIjoiaFpDREZQaEs3NW1KIn0=" 001Q3000001lTaiIAE
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "bd4bff8f-27a8-4dc1-872a-980375696b10" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q3000001lTaiIAE
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "9126087d-b76b-4264-814a-f2ee6afd34d4" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q3000001lTaiIAE
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "b8b132d1-7f13-4735-aac8-7ef47e479aab" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q3000001lTaiIAE
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "cbde5df1-15a4-4fef-92d1-c63c8c70d7ff" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q3000001lTaiIAE
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "ce61aaf7-c4bb-4ea2-b8bb-461de1d02139" agent-api.atera.com/Production 443 or8ixLi90Mf "syncinstalledapps" 001Q3000001lTaiIAE
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "afad775b-451e-4311-9587-744c8d434acb" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q3000001lTaiIAE
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "5ee99619-9843-4e71-8ec6-100034578c04" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q3000001lTaiIAE
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "6a2bb835-f7f4-4652-b67d-6f8ee428937d" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q3000001lTaiIAE
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cscript.exe cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cscript.exe cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Process created: C:\Windows\System32\msiexec.exe "msiexec.exe" /i C:\Windows\TEMP\ateraAgentSetup64_1_8_7_2.msi /lv* AteraSetupLog.txt /qn /norestart
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown

Source: C:\Windows\SysWOW64\msiexec.exe

Process created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe

Code function: 34_2_00007FF89FF0739C cpuid

34_2_00007FF89FF0739C

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion DigitalProductId
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion DigitalProductId

Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSI957D.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSI957D.tmp-\AlphaControlAgentInstallation.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSI97E0.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSI97E0.tmp-\AlphaControlAgentInstallation.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSI97E0.tmp-\Newtonsoft.Json.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSIA8D8.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSIA8D8.tmp-\AlphaControlAgentInstallation.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSIBF53.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSIBF53.tmp-\AlphaControlAgentInstallation.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSIBF53.tmp-\Newtonsoft.Json.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\StructureMap.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.CommonLib.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\OpenHardwareMonitorLib.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Polly.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading.Tasks\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Threading.Tasks.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\NLog.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Collections\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Collections.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Linq\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Linq.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ValueTuple\v4.0_4.0.0.0__cc7b13ffcd2ddd51\System.ValueTuple.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Data.SQLite.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Dapper.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Microsoft.Win32.TaskScheduler.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\ThirdPartyPackageManager.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\chocolatey.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\log4net.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSI88A0.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSI88A0.tmp-\AlphaControlAgentInstallation.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Polly.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading.Tasks\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Threading.Tasks.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Collections\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Collections.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Linq\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Linq.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Atera.AgentCommunication.Models.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\SharpSnmpLib.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\StructureMap.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.CommonLib.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\OpenHardwareMonitorLib.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Polly.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading.Tasks\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Threading.Tasks.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\NLog.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Collections\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Collections.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Linq\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Linq.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ValueTuple\v4.0_4.0.0.0__cc7b13ffcd2ddd51\System.ValueTuple.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Data.SQLite.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Dapper.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Threading.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe

Code function: 34_2_00007FF89FF0CC04 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

34_2_00007FF89FF0CC04

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe

Code function: 34_2_00007FF89FF085D4 _lock,_get_daylight,_get_daylight,_get_daylight,___lc_codepage_func,free,_malloc_crt,_invoke_watson,free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,

34_2_00007FF89FF085D4

Source: C:\Windows\SysWOW64\rundll32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 Blob

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select displayName,productState from AntiVirusProduct
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select displayName,productState from AntiSpywareProduct
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select displayName,productState from FirewallProduct
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select displayName,productState from AntiVirusProduct
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select displayName,productState from AntiSpywareProduct
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select displayName,productState from FirewallProduct

Stealing of Sensitive Information

Queries disk data (e.g. SMART data)

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Device IO: \Device\Harddisk0\DR0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Device IO: \Device\Harddisk0\DR0

Remote Access Functionality

Yara detected AteraAgent

Source: Yara match	File source: 23.2.AteraAgent.exe.24fadd93f58.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 50.0.AgentPackageProgramManagement.exe.284e9350000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.0.AgentPackageAgentInformation.exe.1f3998a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.2.AgentPackageAgentInformation.exe.1f39a1d0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 47.0.AgentPackageTicketing.exe.27477d60000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.0.AteraAgent.exe.1e27f4a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 44.0.AgentPackageUpgradeAgent.exe.2521b760000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.AteraAgent.exe.24fadb80da0.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 55.0.AgentPackageInternalPoller.exe.27f6e2f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 34.0.AgentPackageMonitoring.exe.1dcd87e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.0.AgentPackageSTRemote.exe.1f0188b0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 34.2.AgentPackageMonitoring.exe.1dcd8c70000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 59.2.AgentPackageHeartbeat.exe.291876b0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000039.00000002.2952874607.000001ADFB91F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.2354573385.000001DCD88D0000.00000004.00000020.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000034.00000002.2855793234.00000206A0E3F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.2879114266.000002521B997000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000032.00000002.2760893246.00000284E956E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.2412488511.0000019080237000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2821624873.000001F01948F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000034.00000002.2855793234.00000206A0E48000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000032.00000002.2760893246.00000284E957C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2886888877.000001F031A90000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.2970797378.000001ADFD9F9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002F.00000000.2620572865.0000027477D62000.00000002.00000001.01000000.00000028.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.2412488511.0000019080209000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2555885176.000001A907AA9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000029.00000003.2578829905.000001D1FDC40000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.2418789755.00000190F93A0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000037.00000002.2748921844.0000027F6F5B0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2555885176.000001A907EDB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.2745515250.000001CD672F0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.2952874607.000001ADFB8E8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2555885176.000001A907C1F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2076672562.0000000005041000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2131297055.000001E201A42000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000029.00000002.2638898710.000001D1FDB2C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2933069437.0000024FC63B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.2185549667.0000000004C41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.2239054946.000001F399A30000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.2762276165.000001CD675BF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.2417534448.00000190F9053000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2820363756.000001F018CA0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.2746641380.000001CD6731D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2555885176.000001A907DBD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000032.00000002.2698224529.0000028480485000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2772005780.0000024FAE0B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2569096756.000001A9204E5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.2895950348.000002521BA85000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.2694483826.000001CD4E425000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000037.00000002.2748921844.0000027F6F623000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2921074159.0000024FC5EBA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002F.00000002.3286337377.0000027400062000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000037.00000002.2732675066.0000027F6E500000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2805553580.000001F018AC0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2555885176.000001A90782E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2772005780.0000024FADE52000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2762901914.0000024FACE60000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000003B.00000002.2722169194.00000291872E0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.2879114266.000002521B9E0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2772005780.0000024FADEBB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.2852389985.000001AD806F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2772005780.0000024FAE03E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2133638170.000001E27F670000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2762901914.0000024FACE9E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.2037606500.0000000004E4C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.2355864450.000001DCD8CA0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002E.00000002.2632395203.00000204389A5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.2259374577.0000018323563000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.2332955481.000002A05A9F0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.2952874607.000001ADFB964000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.2357000469.000001DCD93A9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000029.00000002.2638898710.000001D1FDB43000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2772005780.0000024FAE088000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.2701402484.000001CD4EA33000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000032.00000002.2774262893.00000284EA500000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.2701402484.000001CD4E9C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.2852389985.000001AD806BE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2567768051.000001A92047E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000032.00000002.2698224529.0000028480632000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.2701402484.000001CD4EFAB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2131297055.000001E201A76000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2133638170.000001E27F5E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2771153244.0000024FAD100000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.2852389985.000001AD80439000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.2945196478.00000252349D7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.2694483826.000001CD4E3E0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2772005780.0000024FADD70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000003B.00000002.2757395932.00000291A02D0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.2896600166.000002521BC40000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.2240195040.000001F39A3E3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2555885176.000001A907BDC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.2259374577.0000018323573000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2762901914.0000024FACEE6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000037.00000002.2748921844.0000027F6F606000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000000.2277452564.000001F0188B2000.00000002.00000001.01000000.0000001A.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2772005780.0000024FADB13000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000034.00000003.2806116888.00000206A0D70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.2334594137.0000015681BDB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000032.00000002.2698224529.0000028480245000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.2944848489.0000025234976000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.2879114266.000002521B995000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.2901298634.000002521C31D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002E.00000002.2632395203.000002043893F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002E.00000002.2636285066.0000020438BC0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2566330920.000001A92008A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.2757310614.000001CD674B7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.2376302276.00007FF8A0099000.00000004.00000001.01000000.0000001C.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.2701402484.000001CD4EA07000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.2693599901.000001CD4E340000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.2694483826.000001CD4E462000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000032.00000002.2698224529.0000028480363000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.2942674637.0000025234940000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.2852389985.000001AD800E6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2567768051.000001A92043A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.2901298634.000002521C0B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.2240195040.000001F39A3D3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002E.00000002.2632395203.0000020438920000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.2239875932.000001F39A1D2000.00000002.00000001.01000000.00000018.sdmp, type: MEMORY
Source: Yara match	File source: 00000037.00000002.2744316303.0000027F6E710000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000036.00000003.2656762957.000000000404B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.2970445601.000001ADFD9E8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.2239054946.000001F399A78000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2133638170.000001E27F60C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.2354693153.000001DCD89FC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2554366052.000001A907016000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2772005780.0000024FAD70C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.2258664739.0000018322D1C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.2258664739.0000018322CCC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.2363956600.000001DCF29C5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.2259374577.00000183234F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000032.00000002.2698224529.0000028480629000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.2258664739.0000018322C99000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2567768051.000001A92046E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.2852389985.000001AD80291000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.2419452759.00000190FA2C7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2076672562.00000000050E4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000037.00000002.2696231813.0000027F0023B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.2258664739.0000018322C90000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.2901298634.000002521C32E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000003B.00000002.2742395744.0000029187550000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2555885176.000001A907BFA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.2423765558.00000190FA4BD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.2852389985.000001AD8051C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000003B.00000002.2722169194.00000291873C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2131297055.000001E201A8C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002E.00000002.2637452817.0000020439243000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2933069437.0000024FC6354000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.2334594137.0000015681BD0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.2185549667.0000000004CE4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2772005780.0000024FAD8C8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000034.00000002.2855135925.00000206A0390000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000029.00000002.2638898710.000001D1FDB20000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000003.2079152395.0000000004403000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000037.00000002.2696231813.0000027F0022F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.2239576380.000001F399B70000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.2852389985.000001AD803CD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000003B.00000002.2745116449.0000029187D5E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2886888877.000001F031B19000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.2701402484.000001CD4EF63000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.2852389985.000001AD806A7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.2694483826.000001CD4E3FF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000034.00000003.2853143706.00000206A037B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.2422198804.00000190FA3C8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.2952874607.000001ADFB8FB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002F.00000002.3286337377.0000027400001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.2970114929.000001ADFD7D7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000037.00000002.2696231813.0000027F00239000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.2879114266.000002521BA42000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002B.00000002.2635451187.0000024036000000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2554366052.000001A906FCC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000037.00000002.2732675066.0000027F6E58D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.2852389985.000001AD806EB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.2965428168.000001ADFC960000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.2970203862.000001ADFD9D5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000032.00000002.2780389507.00000284EA829000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2772005780.0000024FAE144000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2555885176.000001A907A59000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.2364494832.000001DCF2BF0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000032.00000002.2776222572.00000284EA574000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2555885176.000001A907BF7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.2239054946.000001F399B05000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2131297055.000001E201999000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000000.2316796496.000001DCD87E2000.00000002.00000001.01000000.0000001B.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.2960254708.000001ADFBBA0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.2852389985.000001AD8057B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.2354693153.000001DCD8A32000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.2879114266.000002521B970000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.2852389985.000001AD80298000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000034.00000002.2855135925.00000206A0395000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000034.00000003.2853404465.00000206A038E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2555885176.000001A907AF2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2921074159.0000024FC5E70000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.2357595267.000001DCD99F2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002E.00000002.2637452817.00000204391C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.2852389985.000001AD80667000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.2334594137.0000015681BF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2133163408.000001E21A4B0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000032.00000000.2625090760.00000284E9352000.00000002.00000001.01000000.00000029.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2921074159.0000024FC5E9D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.2239054946.000001F399A70000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.2945196478.0000025234982000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000037.00000002.2732675066.0000027F6E5CF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.2239054946.000001F399ABC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2553981970.000001A906EC0000.00000004.00000020.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2555574617.000001A9072D0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.2417534448.00000190F904D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000003B.00000002.2743014013.00000291876B2000.00000002.00000001.01000000.00000032.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2772005780.0000024FADB9E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2933069437.0000024FC636D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000003B.00000002.2745116449.0000029187C11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.2354693153.000001DCD8A3C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2131297055.000001E2019CA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2805553580.000001F018B0A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.2952874607.000001ADFB91B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2572723144.000001A9208E2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2131297055.000001E2019C2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2772005780.0000024FAD6A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2554366052.000001A906F90000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000032.00000002.2760893246.00000284E95B7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.2421857675.00000190FA397000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2772005780.0000024FADA07000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.2852389985.000001AD806B5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.2334684601.0000015681CD0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.2852389985.000001AD80001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000037.00000002.2696231813.0000027F0001E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000037.00000002.2696231813.0000027F00237000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.2694483826.000001CD4E41B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.2972589705.000001ADFDBA7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2555885176.000001A907E8F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000032.00000002.2698224529.000002848034A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2762619531.0000024FACE00000.00000004.00000020.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000034.00000003.2853143706.00000206A0395000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2772005780.0000024FAE082000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000032.00000002.2698224529.000002848063C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2752382923.000000C390DB5000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2567768051.000001A9204AF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000000.2222107135.000001F3998A2000.00000002.00000001.01000000.00000016.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2133638170.000001E27F5E0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000029.00000002.2639146065.000001D1FDC20000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2772005780.0000024FAE07B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000037.00000002.2696231813.0000027F00170000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.2701402484.000001CD4EFAE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000032.00000002.2698224529.000002848062E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2933069437.0000024FC63C5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.2876800438.000002521B950000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002F.00000002.3280691949.000000B0112F1000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.2412488511.0000019080001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2555885176.000001A907A9A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.2357000469.000001DCD9340000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2772005780.0000024FADF79000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002E.00000002.2632395203.0000020438928000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000032.00000002.2698224529.0000028480218000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.2412488511.000001908023B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.2412488511.0000019080173000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002F.00000002.3286337377.000002740007F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2886888877.000001F031B2A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.2970886953.000001ADFD9FD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000037.00000002.2696231813.0000027F00020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2805553580.000001F018B02000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000037.00000002.2696231813.0000027F00001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2772005780.0000024FAE0A9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2555885176.000001A9077C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2555885176.000001A907D7F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2772005780.0000024FADF51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002E.00000002.2632395203.000002043895E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.3030901880.00007FF8A13D9000.00000004.00000001.01000000.0000001C.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2552517246.00000097EB0F5000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000037.00000000.2663182188.0000027F6E2F2000.00000002.00000001.01000000.00000030.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.2355757363.000001DCD8C72000.00000002.00000001.01000000.0000001D.sdmp, type: MEMORY
Source: Yara match	File source: 00000037.00000002.2732675066.0000027F6E50C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2555885176.000001A907908000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000000.2592799756.000002521B762000.00000002.00000001.01000000.00000027.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2569096756.000001A9204F5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2772005780.0000024FADB70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000032.00000002.2760893246.00000284E954F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2131297055.000001E2019D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.2259208916.0000018322E60000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000032.00000002.2698224529.000002848050F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2772005780.0000024FAD9BF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.2354693153.000001DCD8A7E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.2363859046.000001DCF27C7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000034.00000003.2854093820.00000206A038A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2821624873.000001F019311000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2133194920.000001E21A500000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000032.00000002.2698224529.00000284803FA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2567768051.000001A920400000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000003.2270612319.0000015681CF0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.2852389985.000001AD80287000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.2357595267.000001DCD9451000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2921074159.0000024FC5F37000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.2952426101.000001ADFB850000.00000004.00000020.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.2354693153.000001DCD89F0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000003B.00000002.2722169194.00000291872EC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2762901914.0000024FACF34000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000034.00000002.2854984976.00000206A038B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.2417534448.00000190F9097000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000032.00000002.2698224529.000002848022C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.2412488511.0000019080299000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2555885176.000001A907CA9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.2965428168.000001ADFCA29000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000003B.00000002.2722169194.0000029187368000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.2870195156.000000C778D83000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2134536514.00007FF848B34000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2772005780.0000024FADD3D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000003.2030969120.0000000004D16000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.2258664739.0000018322CAC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2133638170.000001E27F604000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2133638170.000001E27F62D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000003.2136712582.0000000004859000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.2364282339.000001DCF29D6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2555885176.000001A907B01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2555885176.000001A907E5A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.2901298634.000002521C224000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2134145731.000001E27F980000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000032.00000002.2770327397.00000284E9810000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2566330920.000001A920040000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.2417534448.00000190F9010000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.2952874607.000001ADFB8E0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000003B.00000002.2722169194.0000029187321000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2133638170.000001E27F622000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000000.2096756526.000001E27F4A2000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY
Source: Yara match	File source: 00000034.00000003.2853404465.00000206A0395000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2772005780.0000024FAD9AE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2131297055.000001E20199C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2933069437.0000024FC6408000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2772005780.0000024FADDA7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000032.00000002.2760893246.00000284E9530000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000037.00000002.2732675066.0000027F6E540000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2131297055.000001E2019C4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000032.00000002.2760893246.00000284E9538000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2821624873.000001F019388000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2805553580.000001F018B4E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2772005780.0000024FAD82F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000032.00000002.2698224529.0000028480001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2772005780.0000024FAD787000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.2412488511.0000019080094000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2131297055.000001E201911000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.2701402484.000001CD4EB92000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.2240195040.000001F39A361000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2821624873.000001F019519000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.2701402484.000001CD4EA43000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.2357595267.000001DCD953D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: rundll32.exe PID: 6432, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: rundll32.exe PID: 5760, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: rundll32.exe PID: 4480, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AteraAgent.exe PID: 2608, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AteraAgent.exe PID: 5808, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: rundll32.exe PID: 7096, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageAgentInformation.exe PID: 7148, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageAgentInformation.exe PID: 5760, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AteraAgent.exe PID: 5312, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageAgentInformation.exe PID: 7084, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: cmd.exe PID: 3656, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: cscript.exe PID: 6408, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageSTRemote.exe PID: 5952, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageMonitoring.exe PID: 5784, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageAgentInformation.exe PID: 2604, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: cmd.exe PID: 1360, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: cscript.exe PID: 6436, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageUpgradeAgent.exe PID: 4368, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageUpgradeAgent.exe PID: 828, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageTicketing.exe PID: 1960, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageProgramManagement.exe PID: 5732, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: msiexec.exe PID: 1248, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: rundll32.exe PID: 5820, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageInternalPoller.exe PID: 6096, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageMonitoring.exe PID: 4536, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageHeartbeat.exe PID: 4456, type: MEMORYSTR
Source: Yara match	File source: C:\Windows\Temp\~DF30D1C3A3F3C52661.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF6D84DA21E88EAFF2.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF1DAD5CE241DBBC25.TMP, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DFF9B7B2C39BDCF2F8.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\Installer\MSI88A0.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF11AD082751D839CE.TMP, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackages.CommonLib.dll, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF9745840C1C01DA85.TMP, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackage.Common.dll, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF809B400B5BDB2188.TMP, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.dll, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\logs\chocolatey.log, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DFD3AFA7BC325B0CD8.TMP, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.ModelsV3.dll, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.ModelsV3.dll, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\AteraSetupLog.txt, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF8BA79504650458FA.TMP, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\logs\choco.summary.log, type: DROPPED
Source: Yara match	File source: C:\Config.Msi\6f9475.rbs, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF1949AFECA6666438.TMP, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\AteraAgent.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\UserDetections.dll, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF6D0646B451E9EB1D.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DFF5F5D090B199066A.TMP, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.CommonLib.dll, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DFBED9AFADF480C9A1.TMP, type: DROPPED
Source: Yara match	File source: C:\Config.Msi\6f947a.rbs, type: DROPPED
Source: Yara match	File source: \Device\ConDrv, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DFDB3EB0E6CE23FF85.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\Installer\MSI97E0.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DFA618C08E10C9A02E.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF2578F7C9837AD8AA.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DFE369163077145993.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\Microsoft_.NET_Runtime_-_6.0.32_(x64)_20241009125355_001_dotnet_hostfxr_6.0.32_win_x64.msi.log, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DFB03E3A2372E7CF43.TMP, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe, type: DROPPED
Source: Yara match	File source: C:\Windows\Installer\MSIAB1B.tmp, type: DROPPED
Source: Yara match	File source: C:\Windows\Installer\MSIAE8A.tmp, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DFCB5B588360CD50FC.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF93D35BD8DB6BB701.TMP, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF6413D90088728547.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\Installer\MSIA8D8.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DFB5AEC5BD5DED6FE8.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF51492CE7C717C66A.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF2CE5038A7892C755.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF13D2EE8723F9B19A.TMP, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe, type: DROPPED
Source: Yara match	File source: C:\Windows\Installer\MSIBF53.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF0C54FFDF209D7A2B.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF9A1AE7BD619E298A.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DFF316DEB06EBD2809.TMP, type: DROPPED
Source: Yara match	File source: C:\Config.Msi\6f9482.rbs, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.Common.dll, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DFFEEDD9334B4A8F90.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DFEF8364792F298A7B.TMP, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\choco-logs\10-09-2024 12_53_25-log.txt, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF702159476DFB4BB0.TMP, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\Microsoft_.NET_Runtime_-_6.0.32_(x64)_20241009125355_000_dotnet_runtime_6.0.32_win_x64.msi.log, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\log.txt, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\Microsoft_.NET_Runtime_-_6.0.32_(x64)_20241009125355_002_dotnet_host_6.0.32_win_x64.msi.log, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe, type: DROPPED
Source: Yara match	File source: C:\Windows\System32\InstallUtil.InstallLog, type: DROPPED
Source: Yara match	File source: C:\Windows\Installer\MSIC998.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\AteraAgent.InstallLog, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DFE1EF213AB4B15E7B.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\Installer\MSI957D.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF1E7ADEA6E62D9FA1.TMP, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\RestartReminder.exe, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF55EB2CC3425FD98C.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DFFD136A2343B2DC6B.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DFA4AB1E7FE9D71377.TMP, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe, type: DROPPED

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe

Code function: 34_2_00007FF89FF4B9F0 GetModuleHandleW,OutputDebugStringA,GetProcAddress,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,GetModuleHandleW,OutputDebugStringA,GetLastError,GetProcAddress,OutputDebugStringA,OutputDebugStringA,CorBindToRuntimeEx,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,_snprintf,OutputDebugStringA,

34_2_00007FF89FF4B9F0

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	1 Replication Through Removable Media	641 Windows Management Instrumentation	1 Scripting	1 DLL Side-Loading	21 Disable or Modify Tools	OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	1 DLL Side-Loading	22 Windows Service	1 Deobfuscate/Decode Files or Information	LSASS Memory	11 Peripheral Device Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Command and Scripting Interpreter	22 Windows Service	111 Process Injection	4 Obfuscated Files or Information	Security Account Manager	3 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	11 Scheduled Task/Job	11 Scheduled Task/Job	11 Scheduled Task/Job	1 Software Packing	NTDS	275 System Information Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	11 Service Execution	Network Logon Script	Network Logon Script	1 Timestomp	LSA Secrets	1 Query Registry	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	781 Security Software Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 File Deletion	DCSync	11 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	123 Masquerading	Proc Filesystem	371 Virtualization/Sandbox Evasion	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 Modify Registry	/etc/passwd and /etc/shadow	1 Application Window Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	371 Virtualization/Sandbox Evasion	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	111 Process Injection	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption
Gather Victim Org Information	DNS Server	Compromise Software Supply Chain	Windows Command Shell	Scheduled Task	Scheduled Task	1 Rundll32	Keylogging	Process Discovery	Taint Shared Content	Screen Capture	DNS	Exfiltration Over Physical Medium	Resource Hijacking

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
setup_north_west_arctic_borrough.msi	21%	ReversingLabs	Win32.Trojan.Atera

Dropped Files

Source	Detection	Scanner	Label
6f947e.rbf (copy)	0%	ReversingLabs
6f9480.rbf (copy)	0%	ReversingLabs
6f9481.rbf (copy)	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	26%	ReversingLabs	Win32.Trojan.Atera
C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Atera.Agent.Package.Infrastructure.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Atera.Agent.Package.Tools.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\CliWrap.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.Abstractions.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.Binder.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.CommandLine.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.EnvironmentVariables.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.FileExtensions.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.Json.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.UserSecrets.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.DependencyInjection.Abstractions.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.DependencyInjection.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.FileProviders.Abstractions.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.FileProviders.Physical.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.FileSystemGlobbing.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Hosting.Abstractions.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Hosting.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Http.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.Abstractions.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.Configuration.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.Console.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.Debug.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.EventLog.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.EventSource.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Options.ConfigurationExtensions.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Options.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Primitives.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Win32.TaskScheduler.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Newtonsoft.Json.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Polly.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Serilog.Extensions.Hosting.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Serilog.Extensions.Logging.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Serilog.Sinks.File.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Serilog.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.Diagnostics.DiagnosticSource.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.Diagnostics.EventLog.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.ServiceProcess.ServiceController.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.Text.Encodings.Web.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.Text.Json.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\de\Microsoft.Win32.TaskScheduler.resources.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\es\Microsoft.Win32.TaskScheduler.resources.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\fr\Microsoft.Win32.TaskScheduler.resources.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\it\Microsoft.Win32.TaskScheduler.resources.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\pl\Microsoft.Win32.TaskScheduler.resources.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\ru\Microsoft.Win32.TaskScheduler.resources.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\runtimes\browser\lib\net6.0\System.Text.Encodings.Web.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\runtimes\win\lib\net6.0\System.Diagnostics.EventLog.Messages.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\runtimes\win\lib\net6.0\System.Diagnostics.EventLog.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\runtimes\win\lib\net6.0\System.ServiceProcess.ServiceController.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\zh-CN\Microsoft.Win32.TaskScheduler.resources.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\zh-Hant\Microsoft.Win32.TaskScheduler.resources.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackage.Common.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackages.CommonLib.dll	0%	ReversingLabs

Source	Detection	Scanner	Label	Link
http://repository.swisssign.com/0	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe

Name	Source	Malicious	Antivirus Detection	Reputation
http://schemas.datacontract.org/2004/07/SystemV	System.Private.DataContractSerialization.dll.1.dr	false		unknown
http://www.gnu.org/	AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	false		unknown
https://ps.atera.com/agentpackagesmac/AgentPackageWindowsUpdate/24.6/AgentPackageWindowsUpdate.zip	AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://atera-agent-heartbeat.servicebus.windows.net/agentheartbeat/messages	AgentPackageHeartbeat.exe, 0000003B.00000002.2745116449.0000029187C11000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://pwnt.co	AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	false		unknown
https://ps.atera.com/agentpackageswin/AgentPackageSTRemote/16.0/AgentPackageSTRemote.zip	AteraAgent.exe, 0000000E.00000002.2555885176.000001A907C1F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A90788E000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://ch0.co/packages_config	AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	false		unknown
http://www.nlog-project.org/schemas/NLog.xsd	AteraAgent.exe, 00000017.00000002.2772005780.0000024FADB13000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://schemas.datacontract.org	AteraAgent.exe, 0000000D.00000002.2131297055.000001E2019D9000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://ps.atera.com/agentpackagesnet45/AgentPackageMarketplace/1.6/AgentPackageMarketplace.zip	AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD787000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/687399e7	AteraAgent.exe, 00000017.00000002.2772005780.0000024FADB9E000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://community.chocolatey.org/packages/checksum.	AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	false		unknown
https://ps.atera.com/agentpackagesnet45/AgentPackageHeartbeat/17.14/AgentPackageHeartbeat.zip?ZHfN0q	AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD8C8000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://ps.ateH:	AteraAgent.exe, 00000017.00000002.2772005780.0000024FADF51000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://ps.atera.com/installers/EO.WebBrowser/eo.webbrowser.24.1.46.nupkgX	AgentPackageTicketing.exe, 0000002F.00000002.3286337377.000002740007F000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://ps.atera.com/agentpackageswin/AgentPackageInternalPoller/15.9/AgentPackageInternalPoller.zip	AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://ps.atera.com/agentpackageswin/AgentPackageUpgradeAgent/22.1/AgentPackageUpgradeAgent.zip	AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://logging.apache.org/log4net/release/faq.html#trouble-EventLog	AgentPackageProgramManagement.exe, 00000032.00000002.2771666679.00000284EA3D2000.00000002.00000001.01000000.0000003B.sdmp	false		unknown
https://chocolatey.org/contact.	AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	false		unknown
https://nlog-project.org/	AgentPackageMonitoring.exe, 00000022.00000002.2363008611.000001DCF1CC8000.00000002.00000001.01000000.00000023.sdmp, AgentPackageMonitoring.exe, 00000022.00000002.2362483331.000001DCF1BF2000.00000002.00000001.01000000.00000023.sdmp	false		unknown
https://ps.atera.com/agentpackagesmac/AgentPackageProgramManagement/24.9/AgentPackageProgramManageme	AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://agent-api.atera.com/Production/Agent/track-event	rundll32.exe, 00000005.00000002.2076672562.0000000005041000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2076672562.00000000050E4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.2185549667.0000000004C41000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.2185549667.0000000004CE4000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://aka.ms/dotnet/app-launch-failed	AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://dl.google.com/googletalk/googletalk-setup.exe	AteraAgent.exe, 0000000E.00000002.2567768051.000001A9204AF000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000000.2222107135.000001F3998A2000.00000002.00000001.01000000.00000016.sdmp	false		unknown
http://repository.swisssign.com/0	AteraAgent.exe, 0000000E.00000002.2569096756.000001A9204F5000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.chocolatey.org/packages/checksum)	AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	false		unknown
http://stackoverflow.com/questions/265339/whats-the-best-way-to-automate-secure-ftp-in-powershell	AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	false		unknown
HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEMONITORING/36.9/AGENTPACKAGEMONITORING.ZIP	AteraAgent.exe, 0000000E.00000002.2555885176.000001A907DBD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907A59000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD8C8000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://stackoverflow.com/questions/518181/too-many-automatic-redirections-were-attempted-error-messa	AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	false		unknown
http://somewhere123zzaafasd.invalidUAttempting	AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	false		unknown
https://ps.atera.com/agentpackagesmac/AgentPackageMarketplace/1.6/AgentPackageMarketplace.zip	AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://somehwere/something.exe	AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	false		unknown
https://raw.githubusercontent.com/wiki/chocolatey/choco/images/gifs/choco_config.gif	AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	false		unknown
http://schemas.datacontract.org/2004/07/System.ServiceProcess	AteraAgent.exe, 0000000D.00000002.2131297055.000001E2019D9000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://community.chocolatey.org/api/v2/h	AgentPackageProgramManagement.exe, 00000032.00000002.2698224529.0000028480485000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000032.00000002.2698224529.0000028480363000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://ps.atera.com/agentpackagescrossplatform/AgentPackageMonitoring/0.40/AgentPackageMonitoring.z	AteraAgent.exe, 0000000E.00000002.2555885176.000001A907D7F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907908000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907CA9000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://docs.chocolatey.org/en-us/choco/commands/uninstall	AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	false		unknown
https://my.splashtop.com/csrs/win	AgentPackageSTRemote.exe, 0000001F.00000000.2277452564.000001F0188B2000.00000002.00000001.01000000.0000001A.sdmp, AgentPackageSTRemote.exe, 0000001F.00000002.2821624873.000001F019388000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://docs.chocolatey.org/en-us/create/automatic-packages#automatic-updater-au	AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	false		unknown
https://github.com/downloads/spraints/git-tfs/GitTfs-0.11.0.zip	AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	false		unknown
http://wixtoolset.org	rundll32.exe, 00000004.00000003.2030969120.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E7D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004434000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.000000000488A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000036.00000003.2656762957.000000000407C000.00000004.00000020.00020000.00000000.sdmp, setup_north_west_arctic_borrough.msi	false		unknown
https://ps.atera.com/agentpackagesnet45/Agent.Package.Watchdog/1.5/Agent.Package.Watchdog.zip	AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD787000.00000004.00000800.00020000.00000000.sdmp	false		unknown
HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEHEARTBEAT/17.14/AGENTPACKAGEHEARTBEAT.ZIP	AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD8C8000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://chocolatey.org/compare.	AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	false		unknown
https://agent-api.atera.com/Production/Agent/track-event;	rundll32.exe, 00000005.00000002.2076672562.0000000005126000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.2185549667.0000000004D26000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://ps.atera.com/agentpackageswin/AgentPackageRuntimeInstaller/13.0/AgentPackageRuntimeInstaller	AteraAgent.exe, 0000000E.00000002.2555885176.000001A907908000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD76F000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://acontrol.atera.com/	AteraAgent.exe, 0000000D.00000000.2096756526.000001E27F4A2000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A9077C1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD6A1000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://agent-api.atera.com/Production/Agent/dynamic-fields/	AgentPackageAgentInformation.exe, 0000001A.00000002.2412488511.000001908023B000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://agent-api.atera.com/Production/Agent/AgentStarting)	AteraAgent.exe, 0000000E.00000002.2555885176.000001A907CA9000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://docs.nuget.org/create/Nuspec-Reference.	AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	false		unknown
https://ps.atera.com/agentpackagesmac/AgentPackageAgentInformation/37.9/AgentPackageAgentInformation	AteraAgent.exe, 0000000E.00000002.2555885176.000001A907BDC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A90789A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A90788E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A9078AA000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://ps.atera.com/agentpackagesnet45/AgentPackageSTRemote/23.4/AgentPackageSTRemote.zip	AteraAgent.exe, 0000000E.00000002.2555885176.000001A907C1F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A90788E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD787000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://ps.atera.com/agentpackagesnet45/AgentPackageADRemote/6.0/AgentPackageADRemote.zip	AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD787000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://docs.chocolatey.org/en-us/guides/create/create-custom-package-templates	AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	false		unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	rundll32.exe, 00000005.00000002.2076672562.0000000005041000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2076672562.00000000050E4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A9077C1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.2185549667.0000000004C41000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.2185549667.0000000004CE4000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.2240195040.000001F39A3E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD6A1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2412488511.0000019080001000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2412488511.000001908023B000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000001F.00000002.2821624873.000001F019388000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000002.2357595267.000001DCD953D000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000027.00000002.2701402484.000001CD4EB92000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000002C.00000002.2901298634.000002521C0B1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageTicketing.exe, 0000002F.00000002.3286337377.0000027400001000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000032.00000002.2698224529.0000028480001000.00000004.00000800.00020000.00000000.sdmp, AgentPackageInternalPoller.exe, 00000037.00000002.2696231813.0000027F00020000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000039.00000002.2852389985.000001AD80298000.00000004.00000800.00020000.00000000.sdmp, AgentPackageHeartbeat.exe, 0000003B.00000002.2745116449.0000029187C11000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://pki.registradores.org/normativa/index.htm0	AteraAgent.exe, 0000000E.00000002.2571672429.000001A9208D7000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.chocolatey.org/api/v2/	AgentPackageProgramManagement.exe, 00000032.00000002.2698224529.000002848022C000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://ps.atera.com/agentpackagesnet45/AgentPackageTicketing/29.5/AgentPackageTicketing.zip?ZHfN0qm	AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD787000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://community.chocolatey.org/packages).	AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	false		unknown
https://docs.chocolatey.org/en-us/create/functions/get-toolslocation	AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	false		unknown
https://community.chocolatey.org/api/v2	AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	false		unknown
HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGERUNTIMEINSTALLER/1.6/AGENTPACKAGERUNTIMEINSTALLE	AteraAgent.exe, 00000017.00000002.2772005780.0000024FADA07000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?	AteraAgent.exe, 0000000E.00000002.2569096756.000001A9205CA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://my.splashtop.com	AgentPackageSTRemote.exe, 0000001F.00000002.2821624873.000001F019469000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://ps.atera.com/agentpackagesmac/AgentPackageOsUpdates/19.9/AgentPackageOsUpdates.zip	AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://github.com/dotnet/runtimew	System.Threading.Tasks.Dataflow.dll.1.dr	false		unknown
https://ps.atera.com/agentpackagesnet45/AgentPackageOsUpdates/19.9/AgentPackageOsUpdates.zip	AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD787000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://api.nuget.org/v3-flatcontainer/eo.webbrowser/24.1.46/eo.webbrowser.24.1.46.nupkg	AgentPackageTicketing.exe, 0000002F.00000002.3286337377.000002740007F000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://raw.githubusercontent.com/wiki/chocolatey/choco/images/gifs/choco_outdated.gif	AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	false		unknown
https://community.chocolatey.org/api/v2/P	AgentPackageProgramManagement.exe, 00000032.00000002.2698224529.000002848050F000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://docs.chocolatey.org/en-us/create/functions/uninstall-binfile	AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	false		unknown
https://ps.atera.com/agentpackageswin/AgentPackageNetworkDiscovery/15.0/AgentPackageNetworkDiscovery	AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907908000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8f1e91b8-fd97-42af-b4dc-8005990eaa32	AteraAgent.exe, 00000017.00000002.2772005780.0000024FADB9E000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://ps.ateH:%	AteraAgent.exe, 0000000E.00000002.2555885176.000001A907DBD000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://atera-agent-heartbeat.servicebus.windows.net/	AgentPackageHeartbeat.exe, 0000003B.00000002.2745116449.0000029187C11000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://www.ica.co.il/repository/cps/PersonalID_Practice_Statement.pdf0	AteraAgent.exe, 0000000E.00000002.2571672429.000001A9208B6000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://licensedpackages.chocolatey.org/api/v2/	AgentPackageProgramManagement.exe, 00000032.00000002.2698224529.0000028480001000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://westeurope-5.in.applicationinsights.azure.com/;LiveEndpoint=https://westeurope.livediagnosti	AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://schemas.datacontract.org/2004/07/System.Runtime.Serialization	System.Private.DataContractSerialization.dll.1.dr	false		unknown
https://ps.atera.com/agentpackagesnet45/AgentPackageSTRemote/23.4/AgentPackageSTRemote.ziph	AteraAgent.exe, 0000000E.00000002.2555885176.000001A907C1F000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://www.w3.or	AgentPackageProgramManagement.exe, 00000032.00000002.2698224529.0000028480485000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000032.00000002.2698224529.0000028480245000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000032.00000002.2698224529.0000028480218000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000032.00000002.2698224529.00000284803FA000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://community.chocolatey.org/packages/autohotkey.portable	AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	false		unknown
https://gist.github.com/jvshahid/6fb2f91fa7fb1db23599	AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAF31000.00000002.00000001.01000000.0000003D.sdmp	false		unknown
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=64ef405e-75c0-4362-afc6-b57a0ead3663	AteraAgent.exe, 0000000E.00000002.2555885176.000001A907908000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://ps.atera.com/agentpackagesmac/AgentPackageHeartbeat/17.11/AgentPackageHeartbeat.zip	AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://somewhere/bob.exe	AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	false		unknown
https://community.chocolatey.org/api/v2/8	AgentPackageProgramManagement.exe, 00000032.00000002.2698224529.000002848063C000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000032.00000002.2698224529.0000028480001000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://download.splashtop.com	AgentPackageSTRemote.exe, 0000001F.00000002.2821624873.000001F01948F000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://aka.ms/dotnet/app-launch-failed&gui=trueShowing	AteraAgent.exe, 00000017.00000002.2933069437.0000024FC6449000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://docs.chocolatey.org/en-us/create/functions/get-osarchitecturewidth	AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	false		unknown
https://docs.chocolatey.org/en-us/create/functions/uninstall-chocolateyzippackage	AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	false		unknown
https://ps.atera.com/agentpackagesnet45/AgentPackageTaskScheduler/17.2/AgentPackageTaskScheduler.zip	AteraAgent.exe, 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD76F000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://agent-api.atera.com	rundll32.exe, 00000004.00000003.2030969120.0000000004D16000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2076672562.0000000005041000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037606500.0000000004E4C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2076672562.00000000050E4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2079152395.0000000004403000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907C1F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907AFB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A9077C1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2555885176.000001A907CA9000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.2185549667.0000000004C41000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.2185549667.0000000004CE4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2136712582.0000000004859000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.2240195040.000001F39A3E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FAD6A1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2772005780.0000024FADB70000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2412488511.0000019080209000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2412488511.0000019080001000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2412488511.0000019080173000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2412488511.000001908023B000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000002.2357595267.000001DCD953D000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000027.00000002.2701402484.000001CD4EB92000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://www.nuget.org/packages/NLog.Web.AspNetCore	AgentPackageMonitoring.exe, 00000022.00000002.2363008611.000001DCF1CC8000.00000002.00000001.01000000.00000023.sdmp, AgentPackageMonitoring.exe, 00000022.00000002.2362483331.000001DCF1BF2000.00000002.00000001.01000000.00000023.sdmp	false		unknown
https://github.com/dahlbyk/posh-git/blob/1941da2472eb668cde2d6a5fc921d5043a024386/LICENSE.txt	AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	false		unknown
https://docs.chocolatey.org/en-us/create/functions/install-chocolateyshortcut	AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAFA4000.00000002.00000001.01000000.0000003D.sdmp	false		unknown
http://www.w3.oh	AteraAgent.exe, 0000000D.00000002.2131297055.000001E2019D9000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://www.jrsoftware.org/ishelp/index.php?topic=setupexitcodes	AgentPackageProgramManagement.exe, 00000032.00000002.2787371352.00000284EAD22000.00000002.00000001.01000000.0000003D.sdmp	false		unknown
https://ps.ateHX	AteraAgent.exe, 00000017.00000002.2772005780.0000024FADF77000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://agent-api.atera.com/Production/Agent/thresholds/687399e7-85e9-4e3a-8465-e1cdfab81e34	AgentPackageMonitoring.exe, 00000022.00000002.2357595267.000001DCD953D000.00000004.00000800.00020000.00000000.sdmp	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.35.58.57	unknown	United States	16509	AMAZON-02US	false
40.119.152.241	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	true
93.184.221.240	unknown	European Union	15133	EDGECASTUS	false
35.157.63.227	unknown	United States	16509	AMAZON-02US	false
13.107.246.51	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
20.86.89.202	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
35.71.184.3	unknown	United States	237	MERIT-AS-14US	false
192.229.221.95	unknown	United States	15133	EDGECASTUS	false
18.239.36.114	unknown	United States	16509	AMAZON-02US	false
20.60.197.1	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1530140
Start date and time:	2024-10-09 18:51:31 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 13m 55s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	65
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Sample name:	setup_north_west_arctic_borrough.msi
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winMSI@112/940@0/10
EGA Information:	Successful, ratio: 16.7%
HCA Information:	Successful, ratio: 59% Number of executed functions: 386 Number of non-executed functions: 1
Cookbook Comments:	Found application associated with file extension: .msi

Warnings

Exclude process from analysis (whitelisted): Conhost.exe, dllhost.exe, SIHClient.exe
Execution Graph export aborted for target AgentPackageAgentInformation.exe, PID 5760 because it is empty
Execution Graph export aborted for target AgentPackageAgentInformation.exe, PID 7148 because it is empty
Execution Graph export aborted for target AgentPackageSTRemote.exe, PID 5952 because it is empty
Execution Graph export aborted for target AteraAgent.exe, PID 2608 because it is empty
Execution Graph export aborted for target AteraAgent.exe, PID 5312 because it is empty
Execution Graph export aborted for target AteraAgent.exe, PID 5808 because it is empty
Execution Graph export aborted for target rundll32.exe, PID 4480 because it is empty
Execution Graph export aborted for target rundll32.exe, PID 5760 because it is empty
Execution Graph export aborted for target rundll32.exe, PID 6432 because it is empty
Execution Graph export aborted for target rundll32.exe, PID 7096 because it is empty
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Report size getting too big, too many NtSetValueKey calls found.
Report size getting too big, too many NtWriteFile calls found.
Skipping network analysis since amount of network traffic is too extensive
VT rate limit hit for: setup_north_west_arctic_borrough.msi

Simulations

Behavior and APIs

Time	Type	Description
12:52:26	API Interceptor	2x Sleep call for process: rundll32.exe modified
12:52:29	API Interceptor	1317x Sleep call for process: AteraAgent.exe modified
12:52:42	API Interceptor	37x Sleep call for process: AgentPackageAgentInformation.exe modified
12:52:47	API Interceptor	1942x Sleep call for process: AgentPackageSTRemote.exe modified
12:52:51	API Interceptor	41x Sleep call for process: AgentPackageMonitoring.exe modified
12:53:25	API Interceptor	11x Sleep call for process: AgentPackageProgramManagement.exe modified
12:53:26	API Interceptor	24008x Sleep call for process: AgentPackageTicketing.exe modified
12:53:27	API Interceptor	12x Sleep call for process: AgentPackageHeartbeat.exe modified
12:53:44	API Interceptor	7x Sleep call for process: AgentPackageUpgradeAgent.exe modified
18:53:20	Task Scheduler	Run new task: Monitoring Recovery path: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe s>schedulerrun
18:53:56	Autostart	Run: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce {ff783edd-4e4e-491d-9d9c-72f3aa70cedf} "C:\ProgramData\Package Cache\{ff783edd-4e4e-491d-9d9c-72f3aa70cedf}\dotnet-runtime-6.0.32-win-x64.exe" /burn.runonce
18:54:17	Task Scheduler	Run new task: AteraAgentServiceWatchdog path: C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe s>eyJBZ2VudElkIjoiNjg3Mzk5ZTctODVlOS00ZTNhLTg0NjUtZTFjZGZhYjgxZTM0IiwiQ29tbWFuZElkIjoiNGViOGIzYWUtM2ExZS00YzdiLWE3ZjMtODg0ZGIyNzIxODk4IiwiQWNjb3VudElkIjoiMDAxUTMwMDAwMDFsVGFpSUFFIiwiQWdlbnRBcGlIb3N0IjoiYWdlbnQtYXBpLmF0ZXJhLmNvbS9Qcm9kdWN0aW9uIiwiQXJndW1lbnRzIjoie1x1MDAyMkNvbW1hbmROYW1lXHUwMDIyOlx1MDAyMmhlYWx0aGNoZWNrXHUwMDIyfSIsIkFnZW50RGlyZWN0b3J5IjoiIn0=

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
13.35.58.57	SecuriteInfo.com.Program.RemoteAdminNET.1.7216.330.msi	Get hash	malicious	AteraAgent	Browse
40.119.152.241	TRABALHO----PROCESSO0014S55-S440000000S1.msi	Get hash	malicious	AteraAgent	Browse
	SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msi	Get hash	malicious	AteraAgent	Browse
	AdobeUpdate.msi	Get hash	malicious	AteraAgent	Browse
	SecuriteInfo.com.Program.RemoteAdminNET.1.3218.16257.msi	Get hash	malicious	AteraAgent	Browse
	SecuriteInfo.com.Program.RemoteAdminNET.1.22990.5900.msi	Get hash	malicious	AteraAgent	Browse
	Y3Wvl9aYAU.cmd	Get hash	malicious	AteraAgent	Browse
	SecuriteInfo.com.Program.RemoteAdminNET.1.15125.10364.msi	Get hash	malicious	AteraAgent	Browse
	SecuriteInfo.com.Program.RemoteAdminNET.1.7216.330.msi	Get hash	malicious	AteraAgent	Browse
	4PP--0001S4D8S_DANFE000S1AS4SD5555522A1111.msi	Get hash	malicious	AteraAgent	Browse
	setup_it_security (1).msi	Get hash	malicious	AteraAgent	Browse
93.184.221.240	Adfast Canada Request For Proposal (RFP) ID#9009.pdf	Get hash	malicious	Unknown	Browse
	original (3).eml	Get hash	malicious	Unknown	Browse
	fa5a527b.eml	Get hash	malicious	HTMLPhisher	Browse
	COVID-19.pdf	Get hash	malicious	PDFPhish	Browse
	Message_2484922.eml	Get hash	malicious	Unknown	Browse
	TRABALHO----PROCESSO0014S55-S440000000S1.msi	Get hash	malicious	AteraAgent	Browse
	Sales_Contract_Main_417053608_09.2024.pdf	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msi	Get hash	malicious	AteraAgent	Browse
	https://atpscan.global.hornetsecurity.com/?d=r7jv6mGLSFUWnAoVoWKJDiF7kKGt3Fw5kKbn5s5sfcpNyTRbK79Zci2IH8Nl2g5X&f=qvzVe-8YAX4Dy6XefosXpr9xe6cUPxuD05v5wTHFNiMjrMs6M0fDbIikzhduev0q&i=&k=3x5s&m=iAkhIt0HvpR1Oh2_h6Q0O4Hzfyk0g3SV3EvnL7Z4VUDMO-lWq1KA94UsI2rIZoVyTUZY62kGnDiHyWJGH-7ewwHTHsNEmZuBPXaeTQvRVKfNDkV8Z7LfIWxRCCZdooZC&n=ZEhYBDFv208HJKEkNw5PqFObkm08aq7YeFB_fsGRbHtm2gx4mSx3JSwYkGZ1WU18bxwJPkfxXGKYv_KHdz1U8g&r=jfqeskceaKp8lH_i6JGe3T3xyBa6G7cbOCXOc4EPK3XMqLBHJqWBZEP0B9-qih8i&s=7226c2d05f1feec1a62ae2af2728e02cdefac54ea37a3a7665785b4a5864d360&u=https%3A%2F%2Fpitstop.powellind.com%2Fxfer%2Fbhub.cgi%3Fact%3Ddirect_download_file%26package_id%3Dpowelldocmanager%2540powellind%252Ecom%255FO8FN5TMSR40O4R6VOBEQREUV86%26file_name%3Dpowelldocmanager%2540powellind%252Ecom%255FO8FN5TMSR40O4R6VOBEQREUV86%252Ezip%26username%3Ddlarue%2540schmidt%252Delectric%252Ecom%26direct_token%3DB175D31C2AE80D9A572ED101DA29F438%26file_type%3Dzip	Get hash	malicious	Unknown	Browse
	GvQcD0PvEH.exe	Get hash	malicious	Unknown	Browse
35.157.63.227	SecuriteInfo.com.Program.RemoteAdminNET.1.15125.10364.msi	Get hash	malicious	AteraAgent	Browse
	setup_it_security (1).msi	Get hash	malicious	AteraAgent	Browse
	SecuriteInfo.com.Program.RemoteAdminNET.1.1711.8851.msi	Get hash	malicious	AteraAgent	Browse
	Lisect_AVT_24003_G1B_84.msi	Get hash	malicious	AteraAgent	Browse
	VANTAGENS_BBCLIENTES00001S4D444400000S.msi	Get hash	malicious	AteraAgent	Browse
	2cFFfHDG7D.msi	Get hash	malicious	AteraAgent	Browse
	SecuriteInfo.com.Program.RemoteAdminNET.1.29844.msi	Get hash	malicious	GhostRat	Browse
	setup.msi	Get hash	malicious	Unknown	Browse
	1.msi	Get hash	malicious	Unknown	Browse
	XLS_Confirmer.msi	Get hash	malicious	Unknown	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
EDGECASTUS	https://clickme.thryv.com/ls/click?upn=u001.icvgtUtNc5cJaBmFttWZx0lJP7wz60N1IEgDE2rZRR0WhAdspQVvaZ2NC12OzAgUWBWNE0QN-2Fsdvyxcie-2FD0ZKC3o6urx-2FRDTTfkVPv834VhtsrJl2gqz591wNLQpKzEYXpK_QXnTW6f9jV7ots26-2Fd0iCIGrEmLKA7fIJlV2zKu44Xq692PuzSRgXI7ufe4Zp4v2yBHnXUYjmzxKUhhdq7NsDheV8-2FU-2B48BCY4GxHJSwqqixcyPJ0xKPnacjTbwewwuwLxdqsCE0cZa1g-2BVvdiDiusWYPMfv8nQ5qixKTMPvKW23iKpOk7F2i3sIWet01O-2Bf0gpUPkwIGMMBe-2FMckfiYlTwk5HdrNlqOSNHr0gHxqm-2F7HfeBd43rBQaYeKamlXsjYaoA8HS2RybaRjyPcl6-2BU428AbeuG4yPBr7uwpsQLBrctYlFuwP0ATA6DvGQ8-2BxzxG0aVD3BVPwiFEhPTGFc9ATAP3o5h2eZKkldAOTGYr9Nn-2BdeyffvqnrT2msnMhhyQ-2FKQ9-2B8d6Z458G4pXgw1wQ-3D-3D#abuse@umn.edu	Get hash	malicious	HTMLPhisher	Browse	192.229.133.221
	CreditRS.html	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	http://email.mx02.email-max.com/c/eJw8zrFy8iAAAOCnge33EEjAgcE_LVFrvcb0Wu3iQQDDBaLGxIt9-p4dOn_LZ0Q1m6HKQiumDHPKKCMM1kI7rozj1BnmEj5DjjuiqCOGpJozXkEvkjSdpoQiQFEc0XRio_LhX1TjpDpFGETd92dA5gBLgOWptcG3jTcPBFj2AEuaFV_LN7Tf7-7_E7QaLx3Khxw1K71E-e6pxgnA8naZl8-fi_O2zV77fN583DZDuZZZua1d-b3JYlduxvXw0haq6oti8d55GeyoOt_CeD9Ee72qoz148_eFnVDa2OCDqidKm9PQaEDR8dH_rd8E_gkAAP__7g5YOw	Get hash	malicious	Phisher	Browse	152.195.133.208
	PrintDriver_x64.msi	Get hash	malicious	Unknown	Browse	152.195.19.97
	Adfast Canada Request For Proposal (RFP) ID#9009.pdf	Get hash	malicious	Unknown	Browse	93.184.221.240
	https://www.baidu.com/link?url=7AgUGxkCgEsQdPm9T1PXcA0XghaPOWMLvdhGyyVngg844uS4x-KZy4IMqs1ov0OgdFqhAB-_X2oOV9exK4hWC_&wd=ZWxraW58WTI5eVpUUmpaUzVqYjIwPXxNYkdVSlpkdVROdWNyeW1UWU1laElVVW1QbGRGb0F5RmNLcWJadW1CT01YYw==	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	https://google.com/amp/s/login.sharesyncportal.tech/dmYzPMej	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	https://1drv.ms/w/c/3e7c84f1a590a3e6/IQStDJr3bMEwQZDK5oU6uNI1AXa25ZxVanY0bWjgRrRk-d4	Get hash	malicious	Unknown	Browse	152.199.21.175
	Scan08.10.24(Massimiliano.benso)CQDM.html	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	original (3).eml	Get hash	malicious	Unknown	Browse	93.184.221.240
AMAZON-02US	HSYJdFwNpj.elf	Get hash	malicious	Unknown	Browse	63.35.124.160
	https://www.fsist.com.br	Get hash	malicious	Unknown	Browse	18.245.60.26
	https://clickme.thryv.com/ls/click?upn=u001.icvgtUtNc5cJaBmFttWZx0lJP7wz60N1IEgDE2rZRR0WhAdspQVvaZ2NC12OzAgUWBWNE0QN-2Fsdvyxcie-2FD0ZKC3o6urx-2FRDTTfkVPv834VhtsrJl2gqz591wNLQpKzEYXpK_QXnTW6f9jV7ots26-2Fd0iCIGrEmLKA7fIJlV2zKu44Xq692PuzSRgXI7ufe4Zp4v2yBHnXUYjmzxKUhhdq7NsDheV8-2FU-2B48BCY4GxHJSwqqixcyPJ0xKPnacjTbwewwuwLxdqsCE0cZa1g-2BVvdiDiusWYPMfv8nQ5qixKTMPvKW23iKpOk7F2i3sIWet01O-2Bf0gpUPkwIGMMBe-2FMckfiYlTwk5HdrNlqOSNHr0gHxqm-2F7HfeBd43rBQaYeKamlXsjYaoA8HS2RybaRjyPcl6-2BU428AbeuG4yPBr7uwpsQLBrctYlFuwP0ATA6DvGQ8-2BxzxG0aVD3BVPwiFEhPTGFc9ATAP3o5h2eZKkldAOTGYr9Nn-2BdeyffvqnrT2msnMhhyQ-2FKQ9-2B8d6Z458G4pXgw1wQ-3D-3D#abuse@umn.edu	Get hash	malicious	HTMLPhisher	Browse	18.245.60.100
	file.exe	Get hash	malicious	Unknown	Browse	52.222.236.48
	file.exe	Get hash	malicious	Credential Flusher	Browse	52.222.236.120
	https://northwestelectricalcontractorsllc.cmail19.com/t/y-l-mkrhudt-hylyzvij-r/	Get hash	malicious	Unknown	Browse	18.196.132.139
	zoHnNvuTkk.dll	Get hash	malicious	BumbleBee	Browse	52.222.236.48
	https://w7950.app.blinkops.com/*	Get hash	malicious	Unknown	Browse	18.245.46.10
	https://l24.im/lB5Ty	Get hash	malicious	Unknown	Browse	18.192.128.239
	file.exe	Get hash	malicious	Credential Flusher	Browse	52.222.236.120
AMAZON-02US	HSYJdFwNpj.elf	Get hash	malicious	Unknown	Browse	63.35.124.160
	https://www.fsist.com.br	Get hash	malicious	Unknown	Browse	18.245.60.26
	https://clickme.thryv.com/ls/click?upn=u001.icvgtUtNc5cJaBmFttWZx0lJP7wz60N1IEgDE2rZRR0WhAdspQVvaZ2NC12OzAgUWBWNE0QN-2Fsdvyxcie-2FD0ZKC3o6urx-2FRDTTfkVPv834VhtsrJl2gqz591wNLQpKzEYXpK_QXnTW6f9jV7ots26-2Fd0iCIGrEmLKA7fIJlV2zKu44Xq692PuzSRgXI7ufe4Zp4v2yBHnXUYjmzxKUhhdq7NsDheV8-2FU-2B48BCY4GxHJSwqqixcyPJ0xKPnacjTbwewwuwLxdqsCE0cZa1g-2BVvdiDiusWYPMfv8nQ5qixKTMPvKW23iKpOk7F2i3sIWet01O-2Bf0gpUPkwIGMMBe-2FMckfiYlTwk5HdrNlqOSNHr0gHxqm-2F7HfeBd43rBQaYeKamlXsjYaoA8HS2RybaRjyPcl6-2BU428AbeuG4yPBr7uwpsQLBrctYlFuwP0ATA6DvGQ8-2BxzxG0aVD3BVPwiFEhPTGFc9ATAP3o5h2eZKkldAOTGYr9Nn-2BdeyffvqnrT2msnMhhyQ-2FKQ9-2B8d6Z458G4pXgw1wQ-3D-3D#abuse@umn.edu	Get hash	malicious	HTMLPhisher	Browse	18.245.60.100
	file.exe	Get hash	malicious	Unknown	Browse	52.222.236.48
	file.exe	Get hash	malicious	Credential Flusher	Browse	52.222.236.120
	https://northwestelectricalcontractorsllc.cmail19.com/t/y-l-mkrhudt-hylyzvij-r/	Get hash	malicious	Unknown	Browse	18.196.132.139
	zoHnNvuTkk.dll	Get hash	malicious	BumbleBee	Browse	52.222.236.48
	https://w7950.app.blinkops.com/*	Get hash	malicious	Unknown	Browse	18.245.46.10
	https://l24.im/lB5Ty	Get hash	malicious	Unknown	Browse	18.192.128.239
	file.exe	Get hash	malicious	Credential Flusher	Browse	52.222.236.120
MICROSOFT-CORP-MSN-AS-BLOCKUS	HSYJdFwNpj.elf	Get hash	malicious	Unknown	Browse	20.135.246.47
	pqb9xEwv5y.elf	Get hash	malicious	Unknown	Browse	20.18.185.3
	bSgEe4v0It.elf	Get hash	malicious	Unknown	Browse	20.194.88.71
	https://www.fsist.com.br	Get hash	malicious	Unknown	Browse	20.157.119.2
	https://northwestelectricalcontractorsllc.cmail19.com/t/y-l-mkrhudt-hylyzvij-r/	Get hash	malicious	Unknown	Browse	52.146.76.30
	dw0kvsxplxrsdwyoctrfqnil638640145980220227.exe	Get hash	malicious	Unknown	Browse	20.52.197.179
	https://www.mediafire.com/file/dl1ll51b96z8hcb/paginas_para_descargar_Vectores_gratis_2018.zip/file	Get hash	malicious	Unknown	Browse	13.107.253.72
	dw0kvsxplxrsdwyoctrfqnil638640145980220227.exe	Get hash	malicious	Unknown	Browse	20.189.173.21
	CreditRS.html	Get hash	malicious	HTMLPhisher	Browse	13.107.246.45
	#U00e7izim.xlam.xlsx	Get hash	malicious	Unknown	Browse	13.107.246.45

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
6f947e.rbf (copy)	9rSeCZbjZE.msi	Get hash	malicious	AteraAgent	Browse
	TRABALHO----PROCESSO0014S55-S440000000S1.msi	Get hash	malicious	AteraAgent	Browse
	SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msi	Get hash	malicious	AteraAgent	Browse
	AdobeUpdate.msi	Get hash	malicious	AteraAgent	Browse
	SecuriteInfo.com.Program.RemoteAdminNET.1.3218.16257.msi	Get hash	malicious	AteraAgent	Browse
	Y3Wvl9aYAU.cmd	Get hash	malicious	AteraAgent	Browse
	SecuriteInfo.com.Program.RemoteAdminNET.1.15125.10364.msi	Get hash	malicious	AteraAgent	Browse
	SecuriteInfo.com.Program.RemoteAdminNET.1.7216.330.msi	Get hash	malicious	AteraAgent	Browse
	4PP--0001S4D8S_DANFE000S1AS4SD5555522A1111.msi	Get hash	malicious	AteraAgent	Browse
	setup_it_security (1).msi	Get hash	malicious	AteraAgent	Browse

Process:	C:\Windows\System32\msiexec.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	1442
Entropy (8bit):	5.076953226383825
Encrypted:	false
SSDEEP:	24:JdfrdB2nk3Jc3J4YH33Jy34OqsJ+J4YHKJy34OOAPF7NhOXrRH2/d9r:3frf2nKS4YHJyILsJ+J4YHKJyIv47O7w
MD5:	B3BB71F9BB4DE4236C26578A8FAE2DCD
SHA1:	1AD6A034CCFDCE5E3A3CED93068AA216BD0C6E0E
SHA-256:	E505B08308622AD12D98E1C7A07E5DC619A2A00BCD4A5CBE04FE8B078BCF94A2
SHA-512:	FB6A46708D048A8F964839A514315B9C76659C8E1AB2CD8C5C5D8F312AA4FB628AB3CE5D23A793C41C13A2AA6A95106A47964DAD72A5ECB8D035106FC5B7BA71
Malicious:	false
Preview:	.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" /></startup>.... <appSettings>.. .. .. .. <add key="ClientSettingsProvider.ServiceUri" value="" />.. </appSettings>.. .. .. <system.web>.. <membership defaultProvider="ClientAuthenticationMembershipProvider">.. <providers>.. <add name="ClientAuthenticationMembershipProvider" type="System.Web.ClientServices.Providers.ClientFormsAuthenticationMembershipProvider, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" />.. </providers>.. </membership>.. <roleManager defaultProvider="ClientRoleProvider" enabled="true">.. <providers>.. <add name="ClientRoleProvider" type="System.Web.ClientServices.Providers.ClientRoleProvider, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" cacheTimeout="86

Process:	C:\Windows\SysWOW64\rundll32.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	651
Entropy (8bit):	5.343677015075984
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhaOK9eDLI4MNJK9P/JNTK9yiv:ML9E4KlKDE4KhKiKhPKIE4oKNzKoM
MD5:	7EEF860682F76EC7D541A8C1A3494E3D
SHA1:	58D759A845D2D961A5430E429EF777E60C48C87E
SHA-256:	65E958955AC5DBB7D7AD573EB4BB36BFF4A1DC52DD16CF79A5F7A0FA347727F1
SHA-512:	BF7767D55F624B8404240953A726AA616D0CE60EC1B3027710B919D6838EFF7281A79B49B22AB8B065D8CA921EF4D09017A0991CB4A21DAF09B3B43E6698CB04
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..

Process:	C:\Windows\System32\sppsvc.exe
File Type:	data
Category:	dropped
Size (bytes):	860032
Entropy (8bit):	3.867970351783301
Encrypted:	false
SSDEEP:	6144:e6gHp6ms26jMLDMOa38X1/kcrTrmHDCd8C/GHRy5M9Bv7rKJQKXDwYrMXyHtSh+1:e6gHrYMMOa381/JrfmHa8sGHUSBvfqlX
MD5:	616226E509FFC061E4A1341058CCCBF5
SHA1:	BF5A8A5BCA56285A2E02E4AB2D67128EF35CD95A
SHA-256:	C6611B7B2A4353D0626828C46F8CC4039835DF9C02D5264F4E3B2D1CDA139071
SHA-512:	47FF064AC02223B37C2A9CFDB662E298A77D640CD77B448ABB9E1D8D755163917D74C5737E3735EDBDB2339A30889BCC3FE40132B00C2BE2DF3A1F0AC5C56F00
Malicious:	false
Reputation:	unknown
Preview:	..E(....................;._....................................$.$.G.l.o.b.a.l.$.$.....4H.......................\.....Z...0...+.0.J.f.p.q.U.8.x.J.e.Y.n.Z.J.W.G.k.L.b.7.o./.C.D.+.A.J.9.U.P.y.A.e.m.R.4.2.m.F.n.1.s.=...........E(......................j.......................zz....Z...0...+.0.L.4.a.O.e.b.x.N.j.h.h.b.5./.j.Q.W.B.P.U.I.O.5.Q.G.B.B.9.J.u.j.a.g.w.S.n.E.d.W.Z.s.=...........E(......................j.....................ik......Z...0...+.1.l.x.y.b.W.0.n.C.1.7.B.p.R.q.E.2.z.U.j.G.p.P.v.E.Y.Q.R.z.e.9.5.u.c.2.b.5.G.K.l.3.I.=...........E(......................j............................Z...0...+.2.B.h.X.a.y.c.E.g.l.r.M.p.p.w.N.v.M.w.9.K.t.G.Z.2.V.g.f.0.p.I.a.3.a.F.3.g.8.S.F.f.Q.=...........E(......................j......................m=.....Z.......+.2.V.t.Q.r.6.7.8.r.5.F.P.8.8.T.K./.o.k.I.m.o.3.e.s.+.d.C.Q.b.3.K.p.r.p.A.Q.d.Q.x.V.c.=..........R2H....................Uz(.................................J...7.8.c.6.8.b.4.a.-.0.1.a.b.-.4.b.b.7.-.9.b.0.b.-.2.c.d.a.a.4.f.a.b.0.7.e.

Process:	C:\Windows\System32\wbem\WMIADAP.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3444
Entropy (8bit):	5.011954215267298
Encrypted:	false
SSDEEP:	48:ADPo+gDMIuK54DeHNg9dqbEzCJGGgGDU3XgLBgaGKFijiVJtVAAF/XRgW:ADw+gDMhK54qHC7aBvGKFijiV7XRgW
MD5:	B133A676D139032A27DE3D9619E70091
SHA1:	1248AA89938A13640252A79113930EDE2F26F1FA
SHA-256:	AE2B6236D3EEB4822835714AE9444E5DCD21BC60F7A909F2962C43BC743C7B15
SHA-512:	C6B99E13D854CE7A6874497473614EE4BD81C490802783DB1349AB851CD80D1DC06DF8C1F6E434ABA873A5BBF6125CC64104709064E19A9DC1C66DCDE3F898F5
Malicious:	false
Reputation:	unknown
Preview:	//////////////////////////////////////////////////////////////////////////////////////////////..//..// Copyright (C) 2000 Microsoft Corporation..//..// Module Name:..// WmiApRpl..//..// Abstract:..//..// Include file for object and counters definitions...//..//////////////////////////////////////////////////////////////////////////////////////////////......#define.WMI_Objects.0..#define.HiPerf_Classes.2..#define.HiPerf_Validity.4....#define.MSiSCSI_ConnectionStatistics_00000.6....#define.BytesReceived_00000.8..#define.BytesSent_00000.10..#define.PDUCommandsSent_00000.12..#define.PDUResponsesReceived_00000.14....#define.MSiSCSI_InitiatorInstanceStatistics_00001.16....#define.SessionConnectionTimeoutErrorCount_00001.18..#define.SessionDigestErrorCount_00001.20..#define.SessionFailureCount_00001.22..#define.SessionFormatErrorCount_00001.24....#define.MSiSCSI_InitiatorLoginStatistics_00002.26....#define.LoginAcceptRsps_00002.28..#define.LoginAuthenticateFails_00002.30..#define.LoginAuthFai

File type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AteraAgent, Author: Atera networks, Keywords: Installer, Comments: This installer database contains the logic and data required to install AteraAgent., Template: Intel;1033, Revision Number: {721AD955-79FD-4019-BBF5-9DCC4C1175BB}, Create Time/Date: Wed Feb 28 10:52:02 2024, Last Saved Time/Date: Wed Feb 28 10:52:02 2024, Number of Pages: 200, Number of Words: 6, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
Entropy (8bit):	7.878672441110278
TrID:	Microsoft Windows Installer (60509/1) 57.88% ClickyMouse macro set (36024/1) 34.46% Generic OLE2 / Multistream Compound File (8008/1) 7.66%
File name:	setup_north_west_arctic_borrough.msi
File size:	2'994'176 bytes
MD5:	4946692d1054133187414b16847fda29
SHA1:	0bfdd52352dd3bf457543b2ce542f3a609bc36d8
SHA256:	fce7b065d52befe698a40233ccf2c9f6a3e9a99105c5b89fe671ba713094a8bf
SHA512:	72afd37c41bc335fed27b1f73da6d029769906ab667cbde1ccaac26680f8ccded00fafa6aeb2e59673d50fc6e52d03ef654578494e9bef98c7e41d999b6339ba
SSDEEP:	49152:n+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:n+lUlz9FKbsodq0YaH7ZPxMb8tT
TLSH:	1BD523117584483AE3BB0A358D7ED6A05E7DFE605B70CA8E9308741E2E705C1AB76B73
File Content Preview:	........................>......................................................................................................................................................................................................................................

Target ID:	0
Start time:	12:52:20
Start date:	09/10/2024
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\setup_north_west_arctic_borrough.msi"
Imagebase:	0x7ff7f0c30000
File size:	69'632 bytes
MD5 hash:	E5DA170027542E25EDE42FC54C929077
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	3
Start time:	12:52:21
Start date:	09/10/2024
Path:	C:\Windows\SysWOW64\msiexec.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\syswow64\MsiExec.exe -Embedding 6A3621A3D7CD44D53C941897192273B5
Imagebase:	0x920000
File size:	59'904 bytes
MD5 hash:	9D09DC1EDA745A5F87553048E57620CF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	8
Start time:	12:52:27
Start date:	09/10/2024
Path:	C:\Windows\SysWOW64\net.exe
Wow64 process (32bit):	true
Commandline:	"NET" STOP AteraAgent
Imagebase:	0xc80000
File size:	47'104 bytes
MD5 hash:	31890A7DE89936F922D44D677F681A7F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	13
Start time:	12:52:28
Start date:	09/10/2024
Path:	C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="pbell@solutionzsecurity.com" /CompanyId="20" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q3000001lTaiIAE" /AgentId="687399e7-85e9-4e3a-8465-e1cdfab81e34"
Imagebase:	0x1e27f4a0000
File size:	145'968 bytes
MD5 hash:	477293F80461713D51A98A24023D45E8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2131297055.000001E201A42000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2133638170.000001E27F670000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2131297055.000001E201A76000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2133638170.000001E27F5E6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2133638170.000001E27F60C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2131297055.000001E201A8C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2131297055.000001E201999000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2133163408.000001E21A4B0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2131297055.000001E2019CA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2131297055.000001E2019C2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2133638170.000001E27F5E0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2131297055.000001E2019D9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2133194920.000001E21A500000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2134536514.00007FF848B34000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2133638170.000001E27F604000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2133638170.000001E27F62D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2134145731.000001E27F980000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2133638170.000001E27F622000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000000.2096756526.000001E27F4A2000.00000002.00000001.01000000.0000000F.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2131297055.000001E20199C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2131297055.000001E2019C4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2131297055.000001E201911000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, Author: Joe Security
Antivirus matches:	Detection: 26%, ReversingLabs
Has exited:	true

Target ID:	14
Start time:	12:52:31
Start date:	09/10/2024
Path:	C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
Imagebase:	0x1a906e10000
File size:	145'968 bytes
MD5 hash:	477293F80461713D51A98A24023D45E8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2555885176.000001A907AA9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2555885176.000001A907EDB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2555885176.000001A907C1F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2555885176.000001A907DBD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2569096756.000001A9204E5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2555885176.000001A90782E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2567768051.000001A92047E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2555885176.000001A907BDC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2566330920.000001A92008A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2567768051.000001A92043A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2554366052.000001A907016000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2567768051.000001A92046E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2555885176.000001A907BFA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2555885176.000001A907B27000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2554366052.000001A906FCC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2555885176.000001A907A59000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2555885176.000001A907BF7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2555885176.000001A907AF2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2553981970.000001A906EC0000.00000004.00000020.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2555574617.000001A9072D0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2572723144.000001A9208E2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2554366052.000001A906F90000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2555885176.000001A907E8F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2567768051.000001A9204AF000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2555885176.000001A907A9A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2555885176.000001A9077C1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2555885176.000001A907D7F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2552517246.00000097EB0F5000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2555885176.000001A907908000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2569096756.000001A9204F5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2567768051.000001A920400000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2555885176.000001A907CA9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2555885176.000001A907B01000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2555885176.000001A907E5A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2566330920.000001A920040000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Target ID:	17
Start time:	12:52:32
Start date:	09/10/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe "C:\Windows\Installer\MSIBF53.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_7323531 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
Imagebase:	0x4f0000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000011.00000002.2185549667.0000000004C41000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000011.00000002.2185549667.0000000004CE4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000011.00000003.2136712582.0000000004859000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Target ID:	19
Start time:	12:52:40
Start date:	09/10/2024
Path:	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "16038b3c-d35a-4c69-b34e-6367184ec3ca" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q3000001lTaiIAE
Imagebase:	0x1f3998a0000
File size:	177'712 bytes
MD5 hash:	31DEF444E6135301EA3C38A985341837
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000013.00000002.2239054946.000001F399A30000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000013.00000002.2240195040.000001F39A3E3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000013.00000002.2240195040.000001F39A3D3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000013.00000002.2239875932.000001F39A1D2000.00000002.00000001.01000000.00000018.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000013.00000002.2239054946.000001F399A78000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000013.00000002.2239576380.000001F399B70000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000013.00000002.2239054946.000001F399B05000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000013.00000002.2239054946.000001F399A70000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000013.00000002.2239054946.000001F399ABC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000013.00000000.2222107135.000001F3998A2000.00000002.00000001.01000000.00000016.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000013.00000002.2240195040.000001F39A361000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, Author: Joe Security Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, Author: Joe Security
Has exited:	true

Target ID:	21
Start time:	12:52:43
Start date:	09/10/2024
Path:	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "2a1a3dc9-6072-498e-b1b6-fcd7a9da4519" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q3000001lTaiIAE
Imagebase:	0x18322a60000
File size:	177'712 bytes
MD5 hash:	31DEF444E6135301EA3C38A985341837
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.2259374577.0000018323563000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.2259374577.0000018323573000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.2258664739.0000018322D1C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.2258664739.0000018322CCC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.2259374577.00000183234F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.2258664739.0000018322C99000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.2258664739.0000018322C90000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.2259208916.0000018322E60000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.2258664739.0000018322CAC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Target ID:	24
Start time:	12:52:44
Start date:	09/10/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
Imagebase:	0x7ff7dd540000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Target ID:	28
Start time:	12:52:45
Start date:	09/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
Imagebase:	0x7ff7f0de0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001C.00000002.2334594137.0000015681BDB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001C.00000002.2334594137.0000015681BD0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001C.00000002.2334594137.0000015681BF3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001C.00000002.2334684601.0000015681CD0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001C.00000003.2270612319.0000015681CF0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Target ID:	31
Start time:	12:52:46
Start date:	09/10/2024
Path:	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "78309870-edc4-47c0-bbf7-c19973e138fe" agent-api.atera.com/Production 443 or8ixLi90Mf "install eyJSbW1Db2RlIjoiaFpDREZQaEs3NW1KIn0=" 001Q3000001lTaiIAE
Imagebase:	0x1f0188b0000
File size:	74'288 bytes
MD5 hash:	749C51599FBF82422791E0DF1C1E841C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.2821624873.000001F01948F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.2886888877.000001F031A90000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.2820363756.000001F018CA0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.2805553580.000001F018AC0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000000.2277452564.000001F0188B2000.00000002.00000001.01000000.0000001A.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.2886888877.000001F031B19000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.2805553580.000001F018B0A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.2886888877.000001F031B2A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.2805553580.000001F018B02000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.2821624873.000001F019311000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.2821624873.000001F019388000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.2805553580.000001F018B4E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.2821624873.000001F019519000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe, Author: Joe Security
Has exited:	true

Target ID:	34
Start time:	12:52:50
Start date:	09/10/2024
Path:	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "bd4bff8f-27a8-4dc1-872a-980375696b10" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q3000001lTaiIAE
Imagebase:	0x1dcd87e0000
File size:	396'336 bytes
MD5 hash:	B50005A1A62AFA85240D1F65165856EB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000022.00000002.2354573385.000001DCD88D0000.00000004.00000020.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000022.00000002.2355864450.000001DCD8CA0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000022.00000002.2357000469.000001DCD93A9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000022.00000002.2376302276.00007FF8A0099000.00000004.00000001.01000000.0000001C.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000022.00000002.2354693153.000001DCD89FC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000022.00000002.2363956600.000001DCF29C5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000022.00000002.2364494832.000001DCF2BF0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000022.00000000.2316796496.000001DCD87E2000.00000002.00000001.01000000.0000001B.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000022.00000002.2354693153.000001DCD8A32000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000022.00000002.2357595267.000001DCD99F2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000022.00000002.2354693153.000001DCD8A3C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000022.00000002.2357000469.000001DCD9340000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000022.00000002.2355757363.000001DCD8C72000.00000002.00000001.01000000.0000001D.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000022.00000002.2354693153.000001DCD8A7E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000022.00000002.2363859046.000001DCF27C7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000022.00000002.2357595267.000001DCD9451000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000022.00000002.2354693153.000001DCD89F0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000022.00000002.2364282339.000001DCF29D6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000022.00000002.2357595267.000001DCD953D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe, Author: Joe Security
Has exited:	true

Target ID:	36
Start time:	12:52:52
Start date:	09/10/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k smphost
Imagebase:	0x7ff7e52b0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Target ID:	37
Start time:	12:53:06
Start date:	09/10/2024
Path:	C:\Windows\System32\wbem\WMIADAP.exe
Wow64 process (32bit):	false
Commandline:	wmiadap.exe /F /T /R
Imagebase:	0x7ff6b2660000
File size:	182'272 bytes
MD5 hash:	1BFFABBD200C850E6346820E92B915DC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Target ID:	39
Start time:	12:53:15
Start date:	09/10/2024
Path:	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "9126087d-b76b-4264-814a-f2ee6afd34d4" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q3000001lTaiIAE
Imagebase:	0x1cd4e160000
File size:	177'712 bytes
MD5 hash:	31DEF444E6135301EA3C38A985341837
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000027.00000002.2745515250.000001CD672F0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000027.00000002.2762276165.000001CD675BF000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000027.00000002.2746641380.000001CD6731D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000027.00000002.2694483826.000001CD4E425000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000027.00000002.2701402484.000001CD4EA33000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000027.00000002.2701402484.000001CD4E9C1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000027.00000002.2701402484.000001CD4EFAB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000027.00000002.2694483826.000001CD4E3E0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000027.00000002.2757310614.000001CD674B7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000027.00000002.2701402484.000001CD4EA07000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000027.00000002.2693599901.000001CD4E340000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000027.00000002.2694483826.000001CD4E462000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000027.00000002.2701402484.000001CD4EF63000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000027.00000002.2694483826.000001CD4E3FF000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000027.00000002.2694483826.000001CD4E41B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000027.00000002.2701402484.000001CD4EFAE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000027.00000002.2701402484.000001CD4EB92000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000027.00000002.2701402484.000001CD4EA43000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report setup_north_west_arctic_borrough.msi

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

E-Banking Fraud

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

6f947c.rbf (copy)

6f947e.rbf (copy)

6f9480.rbf (copy)

6f9481.rbf (copy)

C:\Config.Msi\6f9475.rbs

C:\Config.Msi\6f947a.rbs

C:\Config.Msi\6f9482.rbs

C:\Config.Msi\6f9486.rbs

C:\Config.Msi\6f9489.rbs

C:\Config.Msi\6f948c.rbs

C:\Config.Msi\6f948f.rbs

Windows Analysis Report
setup_north_west_arctic_borrough.msi

Target ID:	41
Start time:	12:53:16
Start date:	09/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
Imagebase:	0x7ff7f0de0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000029.00000003.2578829905.000001D1FDC40000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000029.00000002.2638898710.000001D1FDB2C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000029.00000002.2638898710.000001D1FDB43000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000029.00000002.2638898710.000001D1FDB20000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000029.00000002.2639146065.000001D1FDC20000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Target ID:	44
Start time:	12:53:17
Start date:	09/10/2024
Path:	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "b8b132d1-7f13-4735-aac8-7ef47e479aab" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q3000001lTaiIAE
Imagebase:	0x2521b760000
File size:	55'344 bytes
MD5 hash:	D11B2139D29E79D795054C3866898B7F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002C.00000002.2879114266.000002521B997000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002C.00000002.2895950348.000002521BA85000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002C.00000002.2879114266.000002521B9E0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002C.00000002.2945196478.00000252349D7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002C.00000002.2896600166.000002521BC40000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002C.00000002.2944848489.0000025234976000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002C.00000002.2879114266.000002521B995000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002C.00000002.2901298634.000002521C31D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002C.00000002.2942674637.0000025234940000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002C.00000002.2901298634.000002521C0B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002C.00000002.2901298634.000002521C32E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002C.00000002.2879114266.000002521BA42000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002C.00000002.2879114266.000002521B970000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002C.00000002.2945196478.0000025234982000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002C.00000002.2876800438.000002521B950000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002C.00000000.2592799756.000002521B762000.00000002.00000001.01000000.00000027.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002C.00000002.2870195156.000000C778D83000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002C.00000002.2901298634.000002521C224000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe, Author: Joe Security
Has exited:	true

Target ID:	46
Start time:	12:53:20
Start date:	09/10/2024
Path:	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" schedulerrun
Imagebase:	0x20438850000
File size:	55'344 bytes
MD5 hash:	D11B2139D29E79D795054C3866898B7F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002E.00000002.2632395203.00000204389A5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002E.00000002.2632395203.000002043893F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002E.00000002.2636285066.0000020438BC0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002E.00000002.2632395203.0000020438920000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002E.00000002.2637452817.0000020439243000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002E.00000002.2637452817.00000204391C1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002E.00000002.2632395203.0000020438928000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002E.00000002.2632395203.000002043895E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Target ID:	51
Start time:	12:53:21
Start date:	09/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Target ID:	52
Start time:	12:53:22
Start date:	09/10/2024
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	"msiexec.exe" /i C:\Windows\TEMP\ateraAgentSetup64_1_8_7_2.msi /lv* AteraSetupLog.txt /qn /norestart
Imagebase:	0x7ff7f0c30000
File size:	69'632 bytes
MD5 hash:	E5DA170027542E25EDE42FC54C929077
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000034.00000002.2855793234.00000206A0E3F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000034.00000002.2855793234.00000206A0E48000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000034.00000003.2806116888.00000206A0D70000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000034.00000002.2855135925.00000206A0390000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000034.00000003.2853143706.00000206A037B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000034.00000002.2855135925.00000206A0395000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000034.00000003.2853404465.00000206A038E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000034.00000003.2853143706.00000206A0395000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000034.00000003.2854093820.00000206A038A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000034.00000002.2854984976.00000206A038B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000034.00000003.2853404465.00000206A0395000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Target ID:	53
Start time:	12:53:23
Start date:	09/10/2024
Path:	C:\Windows\SysWOW64\msiexec.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\syswow64\MsiExec.exe -Embedding 07EC56ACC4FB4E8D88E3CE21E24A8ED3 E Global\MSI0000
Imagebase:	0x920000
File size:	59'904 bytes
MD5 hash:	9D09DC1EDA745A5F87553048E57620CF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Target ID:	55
Start time:	12:53:24
Start date:	09/10/2024
Path:	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" 687399e7-85e9-4e3a-8465-e1cdfab81e34 "afad775b-451e-4311-9587-744c8d434acb" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q3000001lTaiIAE
Imagebase:	0x27f6e2f0000
File size:	219'696 bytes
MD5 hash:	01807774F043028EC29982A62FA75941
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000037.00000002.2748921844.0000027F6F5B0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000037.00000002.2748921844.0000027F6F623000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000037.00000002.2732675066.0000027F6E500000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000037.00000002.2748921844.0000027F6F606000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000037.00000002.2744316303.0000027F6E710000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000037.00000002.2696231813.0000027F0023B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000037.00000002.2696231813.0000027F0022F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000037.00000002.2696231813.0000027F00239000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000037.00000002.2732675066.0000027F6E58D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000037.00000002.2732675066.0000027F6E5CF000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000037.00000002.2696231813.0000027F0001E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000037.00000002.2696231813.0000027F00237000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000037.00000002.2696231813.0000027F00170000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000037.00000002.2696231813.0000027F00020000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000037.00000002.2696231813.0000027F00001000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000037.00000000.2663182188.0000027F6E2F2000.00000002.00000001.01000000.00000030.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000037.00000002.2732675066.0000027F6E50C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000037.00000002.2732675066.0000027F6E540000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe, Author: Joe Security
Has exited:	true

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes. In the case of Lateral Movement, this may occur through modification of executable files stored on removable media or by copying malware and renaming it to look like a legitimate file to trick users into executing it on a separate system. In the case of Initial Access, this may occur through manual manipulation of the media, modification of systems used to initially format the media, or modification to the media's firmware itself.
Tactics:	Initial Access, Lateral Movement
Data Sources:	Drive: Drive Creation, File: File Access, File: File Creation, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre